Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pdhmXuEYmc.exe

Overview

General Information

Sample name:pdhmXuEYmc.exe
renamed because original name is a hash value
Original sample name:085f06b14ffef066d5a8acc5995e82f0.exe
Analysis ID:1430200
MD5:085f06b14ffef066d5a8acc5995e82f0
SHA1:42afb72c4f5d73b7af151d90e59de9cc235e87b5
SHA256:92afa7a9c3f0dceaaba64f46bee7623f43c94fa04dc56c8704f9f82f2054e453
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected RedLine Stealer
C2 URLs / IPs found in malware configuration
Installs new ROOT certificates
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • pdhmXuEYmc.exe (PID: 7432 cmdline: "C:\Users\user\Desktop\pdhmXuEYmc.exe" MD5: 085F06B14FFEF066D5A8ACC5995E82F0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["91.92.241.122:39361"], "Authorization Header": "bdcad13ad9ecf2711ee0a5378c208b99"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
pdhmXuEYmc.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000000.1690619448.0000000000842000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Process Memory Space: pdhmXuEYmc.exe PID: 7432JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Process Memory Space: pdhmXuEYmc.exe PID: 7432JoeSecurity_RedLineYara detected RedLine StealerJoe Security

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  0.0.pdhmXuEYmc.exe.840000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:04/23/24-09:58:16.446515
                    SID:2043231
                    Source Port:49730
                    Destination Port:39361
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:04/23/24-09:58:10.121851
                    SID:2046056
                    Source Port:39361
                    Destination Port:49730
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:04/23/24-09:58:04.686159
                    SID:2046045
                    Source Port:49730
                    Destination Port:39361
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:04/23/24-09:58:04.883476
                    SID:2043234
                    Source Port:39361
                    Destination Port:49730
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: pdhmXuEYmc.exeMalware Configuration Extractor: RedLine {"C2 url": ["91.92.241.122:39361"], "Authorization Header": "bdcad13ad9ecf2711ee0a5378c208b99"}
                    Multi AV Scanner detection for submitted file
                    Source: pdhmXuEYmc.exeVirustotal: Detection: 59%Perma Link
                    Source: pdhmXuEYmc.exeReversingLabs: Detection: 68%
                    Source: pdhmXuEYmc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: pdhmXuEYmc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 4x nop then jmp 0699C213h0_2_0699BF50
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 4x nop then inc dword ptr [ebp-20h]0_2_06992E88
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 4x nop then jmp 0699E515h0_2_0699E4F4
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 4x nop then jmp 0699A8BBh0_2_0699A8A3

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.4:49730 -> 91.92.241.122:39361
                    Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49730 -> 91.92.241.122:39361
                    Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 91.92.241.122:39361 -> 192.168.2.4:49730
                    Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 91.92.241.122:39361 -> 192.168.2.4:49730
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 91.92.241.122:39361
                    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 91.92.241.122:39361
                    Source: Joe Sandbox ViewASN Name: THEZONEBG THEZONEBG
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.241.122
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EFC000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002F20000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002F1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003253000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: pdhmXuEYmc.exeString found in binary or memory: https://api.ip.sb/ip
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003253000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003253000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003253000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003253000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003253000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003253000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003253000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003253000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile created: C:\Users\user\AppData\Local\Temp\TmpAA73.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile created: C:\Users\user\AppData\Local\Temp\TmpAA84.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_02B9DC740_2_02B9DC74
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_051369480_2_05136948
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_05137C200_2_05137C20
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_051300060_2_05130006
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_051300400_2_05130040
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_05137C100_2_05137C10
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_0634A6B80_2_0634A6B8
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_063467D80_2_063467D8
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_06343F500_2_06343F50
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_0634A6880_2_0634A688
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_06346FF80_2_06346FF8
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_06346FE80_2_06346FE8
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_0699AF800_2_0699AF80
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_06999FB80_2_06999FB8
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_0699BF500_2_0699BF50
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_06996C680_2_06996C68
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_06998DA80_2_06998DA8
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_0699E5A80_2_0699E5A8
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_0699CDE50_2_0699CDE5
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_069992100_2_06999210
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_069963980_2_06996398
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_069913C00_2_069913C0
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_0699D8380_2_0699D838
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_069998500_2_06999850
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_0699CE3D0_2_0699CE3D
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_06998D990_2_06998D99
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_0699E5980_2_0699E598
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_069992000_2_06999200
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_069913B00_2_069913B0
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_069960500_2_06996050
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_0699F0780_2_0699F078
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002DBA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs pdhmXuEYmc.exe
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1832359941.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs pdhmXuEYmc.exe
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs pdhmXuEYmc.exe
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $dq,\\StringFileInfo\\000004B0\\OriginalFilename vs pdhmXuEYmc.exe
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs pdhmXuEYmc.exe
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $dq,\\StringFileInfo\\040904B0\\OriginalFilename vs pdhmXuEYmc.exe
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs pdhmXuEYmc.exe
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs pdhmXuEYmc.exe
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $dq,\\StringFileInfo\\080904B0\\OriginalFilename vs pdhmXuEYmc.exe
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs pdhmXuEYmc.exe
                    Source: pdhmXuEYmc.exe, 00000000.00000000.1690645418.0000000000886000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameEigenvalue.exe8 vs pdhmXuEYmc.exe
                    Source: pdhmXuEYmc.exeBinary or memory string: OriginalFilenameEigenvalue.exe8 vs pdhmXuEYmc.exe
                    Source: pdhmXuEYmc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/5@0/1
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeMutant created: NULL
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile created: C:\Users\user\AppData\Local\Temp\TmpAA73.tmpJump to behavior
                    Source: pdhmXuEYmc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: pdhmXuEYmc.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: pdhmXuEYmc.exeVirustotal: Detection: 59%
                    Source: pdhmXuEYmc.exeReversingLabs: Detection: 68%
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: esdsip.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: scrrun.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32Jump to behavior
                    Source: Google Chrome.lnk.0.drLNK file: ..\..\..\Program Files\Google\Chrome\Application\chrome.exe
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: pdhmXuEYmc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: pdhmXuEYmc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: pdhmXuEYmc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: pdhmXuEYmc.exeStatic PE information: 0xA4A130BF [Tue Jul 10 21:46:39 2057 UTC]
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_06331DAF push FFFFFF8Bh; retf 0_2_06331DB1
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_0634EFB2 push eax; ret 0_2_0634EFC1
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_06343B4F push dword ptr [esp+ecx*2-75h]; ret 0_2_06343B53
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_063449AB push FFFFFF8Bh; retf 0_2_063449AD
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_0699FF30 push es; ret 0_2_0699FF40

                    Persistence and Installation Behavior

                    barindex
                    Installs new ROOT certificates
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 BlobJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeMemory allocated: 1100000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeMemory allocated: 2CD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeMemory allocated: 1100000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWindow / User API: threadDelayed 463Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWindow / User API: threadDelayed 3415Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exe TID: 7596Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exe TID: 7452Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1832491424.0000000000E65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll|
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeCode function: 0_2_06997DB0 LdrInitializeThunk,0_2_06997DB0
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Users\user\Desktop\pdhmXuEYmc.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: pdhmXuEYmc.exe, 00000000.00000002.1832491424.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1858687880.000000000643D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: pdhmXuEYmc.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.pdhmXuEYmc.exe.840000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1690619448.0000000000842000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: pdhmXuEYmc.exe PID: 7432, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Users\user\Desktop\pdhmXuEYmc.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: Yara matchFile source: 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: pdhmXuEYmc.exe PID: 7432, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: pdhmXuEYmc.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.pdhmXuEYmc.exe.840000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1690619448.0000000000842000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: pdhmXuEYmc.exe PID: 7432, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		231
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                    Virtualization/Sandbox Evasion                    		Security Account Manager241
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                    Obfuscated Files or Information                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Install Root Certificate                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Timestomp                    		Cached Domain Credentials113
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    pdhmXuEYmc.exe59%VirustotalBrowse
                    pdhmXuEYmc.exe68%ReversingLabsByteCode-MSIL.Trojan.RedLine

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://tempuri.org/0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id23ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id14ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id90%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id12Response2%VirustotalBrowse
                    http://tempuri.org/Entity/Id2Response2%VirustotalBrowse
                    http://tempuri.org/Entity/Id80%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id6ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id14ResponseD2%VirustotalBrowse
                    http://tempuri.org/Entity/Id21Response4%VirustotalBrowse
                    http://tempuri.org/Entity/Id50%Avira URL Cloudsafe
                    http://tempuri.org/2%VirustotalBrowse
                    http://tempuri.org/Entity/Id40%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id70%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id60%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id23ResponseD1%VirustotalBrowse
                    http://tempuri.org/Entity/Id91%VirustotalBrowse
                    http://tempuri.org/Entity/Id81%VirustotalBrowse
                    http://tempuri.org/Entity/Id41%VirustotalBrowse
                    http://tempuri.org/Entity/Id19Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id13ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id61%VirustotalBrowse
                    http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id5ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id6Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id19Response2%VirustotalBrowse
                    http://tempuri.org/Entity/Id1ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id71%VirustotalBrowse
                    http://tempuri.org/Entity/Id6Response2%VirustotalBrowse
                    http://tempuri.org/Entity/Id51%VirustotalBrowse
                    http://tempuri.org/Entity/Id9Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id15Response2%VirustotalBrowse
                    http://tempuri.org/Entity/Id5ResponseD2%VirustotalBrowse
                    http://tempuri.org/Entity/Id200%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id13ResponseD1%VirustotalBrowse
                    http://tempuri.org/Entity/Id9Response2%VirustotalBrowse
                    http://tempuri.org/Entity/Id210%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id220%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id1ResponseD1%VirustotalBrowse
                    http://tempuri.org/Entity/Id230%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id240%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id6ResponseD1%VirustotalBrowse
                    http://tempuri.org/Entity/Id201%VirustotalBrowse
                    http://tempuri.org/Entity/Id211%VirustotalBrowse
                    http://tempuri.org/Entity/Id231%VirustotalBrowse
                    http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id241%VirustotalBrowse
                    http://tempuri.org/Entity/Id1Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id24Response1%VirustotalBrowse
                    http://tempuri.org/Entity/Id21ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id100%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id110%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id10ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id1Response2%VirustotalBrowse
                    http://tempuri.org/Entity/Id120%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id21ResponseD1%VirustotalBrowse
                    http://tempuri.org/Entity/Id16Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id130%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id111%VirustotalBrowse
                    http://tempuri.org/Entity/Id140%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id101%VirustotalBrowse
                    http://tempuri.org/Entity/Id10ResponseD1%VirustotalBrowse
                    http://tempuri.org/Entity/Id150%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id221%VirustotalBrowse
                    http://tempuri.org/Entity/Id141%VirustotalBrowse
                    http://tempuri.org/Entity/Id16Response2%VirustotalBrowse
                    http://tempuri.org/Entity/Id160%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id170%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id180%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id121%VirustotalBrowse
                    http://tempuri.org/Entity/Id151%VirustotalBrowse
                    http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id131%VirustotalBrowse
                    http://tempuri.org/Entity/Id190%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id15ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id161%VirustotalBrowse
                    http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id11ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id8Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id5Response1%VirustotalBrowse
                    http://tempuri.org/Entity/Id191%VirustotalBrowse
                    http://tempuri.org/Entity/Id17ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id181%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/chrome_newtabpdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003253000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003127000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://tempuri.org/Entity/Id14ResponseDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                              • 2%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://tempuri.org/Entity/Id23ResponseDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002F20000.00000004.00000800.00020000.00000000.sdmpfalse
                              • 1%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarypdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id12ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                • 2%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://tempuri.org/pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                • 2%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://tempuri.org/Entity/Id2ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                • 2%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id21ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrappdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id9pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • 1%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id8pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • 1%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id6ResponseDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002F1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • 1%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id5pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • 1%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/PreparepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id4pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • 1%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://tempuri.org/Entity/Id7pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • 1%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://tempuri.org/Entity/Id6pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • 1%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id19ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • 2%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssuepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Entity/Id13ResponseDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • 1%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/faultpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsatpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeypdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Entity/Id15ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • 2%, Virustotal, Browse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://tempuri.org/Entity/Id5ResponseDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002DBA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • 2%, Virustotal, Browse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002DBA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id6ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • 2%, Virustotal, Browse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeypdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://api.ip.sb/ippdhmXuEYmc.exefalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/04/scpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://tempuri.org/Entity/Id1ResponseDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • 1%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id9ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • 2%, Virustotal, Browse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003253000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003127000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id20pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • 1%, Virustotal, Browse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://tempuri.org/Entity/Id21pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • 1%, Virustotal, Browse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://tempuri.org/Entity/Id22pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • 1%, Virustotal, Browse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id23pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • 1%, Virustotal, Browse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://tempuri.org/Entity/Id24pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • 1%, Virustotal, Browse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssuepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id24ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • 1%, Virustotal, Browse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.ecosia.org/newtab/pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000328D000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003253000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.000000000315F000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000031F5000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000003127000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id1ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • 2%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlypdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplaypdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegopdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinarypdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeypdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://tempuri.org/Entity/Id21ResponseDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • 1%, Virustotal, Browse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressingpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssuepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trustpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id10pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • 1%, Virustotal, Browse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id11pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • 1%, Virustotal, Browse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id10ResponseDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EFC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • 1%, Virustotal, Browse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id12pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • 1%, Virustotal, Browse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id16ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • 2%, Virustotal, Browse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Entity/Id13pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • 1%, Virustotal, Browse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id14pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • 1%, Virustotal, Browse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id15pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • 1%, Virustotal, Browse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id16pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • 1%, Virustotal, Browse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/NoncepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id17pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id18pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • 1%, Virustotal, Browse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id5ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • 1%, Virustotal, Browse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id19pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • 1%, Virustotal, Browse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnspdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id15ResponseDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id10ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EFC000.00000004.00000800.00020000.00000000.sdmp, pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RenewpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id11ResponseDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002EA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://tempuri.org/Entity/Id8ResponsepdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeypdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2006/02/addressingidentitypdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id17ResponseDpdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://schemas.xmlsoap.org/soap/envelope/pdhmXuEYmc.exe, 00000000.00000002.1835216796.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high

                                                                                                                              World Map of Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public IPs

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              91.92.241.122
                                                                                                                              		unknownBulgaria
                                                                                                                              		34368THEZONEBGtrue

                                                                                                                              General Information

                                                                                                                              Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                              Analysis ID:1430200
                                                                                                                              Start date and time:2024-04-23 09:57:08 +02:00
                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                              Overall analysis duration:0h 4m 20s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                              Number of analysed new started processes analysed:4
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:0
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Sample name:pdhmXuEYmc.exe
                                                                                                                              renamed because original name is a hash value
                                                                                                                              Original Sample Name:085f06b14ffef066d5a8acc5995e82f0.exe
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@1/5@0/1
                                                                                                                              EGA Information:
                                                                                                                              • Successful, ratio: 100%
                                                                                                                              HCA Information:
                                                                                                                              • Successful, ratio: 99%
                                                                                                                              • Number of executed functions: 118
                                                                                                                              • Number of non-executed functions: 23
                                                                                                                              Cookbook Comments:
                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                              • Stop behavior analysis, all processes terminated

                                                                                                                              Warnings

                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              09:58:13API Interceptor18x Sleep call for process: pdhmXuEYmc.exe modified

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              No context

                                                                                                                              Domains

                                                                                                                              No context

                                                                                                                              ASNs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              THEZONEBGRemittance slip.jsGet hashmaliciousVjW0rmBrowse
                                                                                                                              • 91.92.255.130
                                                                                                                              PROFOMA INVOICE.jsGet hashmaliciousVjW0rmBrowse
                                                                                                                              • 91.92.255.61
                                                                                                                              zirurEg4mX.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 91.92.252.191
                                                                                                                              qBSw7aeXEM.exeGet hashmaliciousRedLineBrowse
                                                                                                                              • 91.92.250.88
                                                                                                                              cXiIHv7tfd.exeGet hashmaliciousLokibotBrowse
                                                                                                                              • 91.92.253.228
                                                                                                                              wQkjhw6VZ6.elfGet hashmaliciousGafgytBrowse
                                                                                                                              • 91.92.245.31
                                                                                                                              MFj7OCV6NX.elfGet hashmaliciousGafgytBrowse
                                                                                                                              • 91.92.245.31
                                                                                                                              YQKtul13uu.exeGet hashmaliciousLokibotBrowse
                                                                                                                              • 91.92.253.228
                                                                                                                              hNqGyuEhv2.elfGet hashmaliciousGafgytBrowse
                                                                                                                              • 91.92.245.31
                                                                                                                              z4LHgT1E0T.elfGet hashmaliciousGafgytBrowse
                                                                                                                              • 91.92.245.31

                                                                                                                              JA3 Fingerprints

                                                                                                                              No context

                                                                                                                              Dropped Files

                                                                                                                              No context

                                                                                                                              Created / dropped Files

                                                                                                                              C:\Users\Public\Desktop\Google Chrome.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\pdhmXuEYmc.exe
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 11:02:34 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2104
                                                                                                                              Entropy (8bit):3.4578669622154754
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:8SzdGTi+7RYrnvPdAKRkdAGdAKRFdAKR/U:8Ss4
                                                                                                                              MD5:E4DAE0C93C6B19289C2C4D7ED156370F
                                                                                                                              SHA1:6F83C89ECF56AD3F21112E56DFEF5A3A0CE35B0E
                                                                                                                              SHA-256:34E1D0F53212A15AED0CF5078CE1A586A02A3DFC2BE82337E4DC4C2C66DE81FC
                                                                                                                              SHA-512:9BC9727EC3D50387068216C8195D8B91871EAA906054B44B13251183F22E181BBBC204F9FCC4580E40A632AD344F1D92715F17B51FB22AB97B2DD5BBC8081281
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:L..................F.@.. ......,...............q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.IDW5`....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDWR`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDWR`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDWR`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VDWJ`..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\pdhmXuEYmc.exe.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\pdhmXuEYmc.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3274
                                                                                                                              Entropy (8bit):5.3318368586986695
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY
                                                                                                                              MD5:0B2E58EF6402AD69025B36C36D16B67F
                                                                                                                              SHA1:5ECC642327EF5E6A54B7918A4BD7B46A512BF926
                                                                                                                              SHA-256:4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7
                                                                                                                              SHA-512:1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1
                                                                                                                              Malicious:false
                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                              C:\Users\user\AppData\Local\Temp\TmpAA73.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\pdhmXuEYmc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2662
                                                                                                                              Entropy (8bit):7.8230547059446645
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                                                                              MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                                                                              SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                                                                              SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                                                                              SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                                                                              Malicious:false
                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                              Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                                                                              C:\Users\user\AppData\Local\Temp\TmpAA84.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\pdhmXuEYmc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2662
                                                                                                                              Entropy (8bit):7.8230547059446645
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                                                                              MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                                                                              SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                                                                              SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                                                                              SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                                                                              Malicious:false
                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                              Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\pdhmXuEYmc.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2251
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3::
                                                                                                                              MD5:0158FE9CEAD91D1B027B795984737614
                                                                                                                              SHA1:B41A11F909A7BDF1115088790A5680AC4E23031B
                                                                                                                              SHA-256:513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
                                                                                                                              SHA-512:C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
                                                                                                                              Malicious:false
                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              Static File Info

                                                                                                                              General

                                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Entropy (8bit):5.083790498934454
                                                                                                                              TrID:
                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                              File name:pdhmXuEYmc.exe
                                                                                                                              File size:311'296 bytes
                                                                                                                              MD5:085f06b14ffef066d5a8acc5995e82f0
                                                                                                                              SHA1:42afb72c4f5d73b7af151d90e59de9cc235e87b5
                                                                                                                              SHA256:92afa7a9c3f0dceaaba64f46bee7623f43c94fa04dc56c8704f9f82f2054e453
                                                                                                                              SHA512:dafee8b090d3c6449ab0b41dabbb9d5c421f2e0e5f72ea6d7eba5ade2f69124c1f6c204dbb40e022db9b5071e2fd84cafaefef5d15261975d1a6dce53af49def
                                                                                                                              SSDEEP:3072:gq6EgY6i2rUjeLTeHwP+ChTQ4E1WPSmbTAwtASiSkcZqf7D34FeqiOLibBO9:jqY6i4MwPXT5EIS6TAsAskcZqf7DIPL
                                                                                                                              TLSH:95646C1823988511E27F4F7994B1E2749379EC5AA453E30F4EC06CEB3E32751FA15AB2
                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0................0.................. ... ....@.. ....................... ............@................................

                                                                                                                              File Icon

                                                                                                                              Icon Hash:4d8ea38d85a38e6d

                                                                                                                              Static PE Info

                                                                                                                              General

                                                                                                                              Entrypoint:0x42ba1a
                                                                                                                              Entrypoint Section:.text
                                                                                                                              Digitally signed:false
                                                                                                                              Imagebase:0x400000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0xA4A130BF [Tue Jul 10 21:46:39 2057 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:4
                                                                                                                              OS Version Minor:0
                                                                                                                              File Version Major:4
                                                                                                                              File Version Minor:0
                                                                                                                              Subsystem Version Major:4
                                                                                                                              Subsystem Version Minor:0
                                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                              Entrypoint Preview

                                                                                                                              Instruction
                                                                                                                              jmp dword ptr [00402000h]
                                                                                                                              popad
                                                                                                                              add byte ptr [ebp+00h], dh
                                                                                                                              je 00007FA9D0D24992h
                                                                                                                              outsd
                                                                                                                              add byte ptr [esi+00h], ah
                                                                                                                              imul eax, dword ptr [eax], 006C006Ch
                                                                                                                              xor eax, 59007400h
                                                                                                                              add byte ptr [edi+00h], dl
                                                                                                                              push edx
                                                                                                                              add byte ptr [ecx+00h], dh
                                                                                                                              popad
                                                                                                                              add byte ptr [edi+00h], dl
                                                                                                                              push esi
                                                                                                                              add byte ptr [edi+00h], ch
                                                                                                                              popad
                                                                                                                              add byte ptr [ebp+00h], ch
                                                                                                                              push 61006800h
                                                                                                                              add byte ptr [ebp+00h], ch
                                                                                                                              dec edx
                                                                                                                              add byte ptr [eax], bh
                                                                                                                              add byte ptr [edi+00h], dl
                                                                                                                              push edi
                                                                                                                              add byte ptr [ecx], bh
                                                                                                                              add byte ptr [ecx+00h], bh
                                                                                                                              bound eax, dword ptr [eax]
                                                                                                                              xor al, byte ptr [eax]
                                                                                                                              insb
                                                                                                                              add byte ptr [eax+00h], bl
                                                                                                                              pop ecx
                                                                                                                              add byte ptr [edi+00h], dl
                                                                                                                              js 00007FA9D0D24992h
                                                                                                                              jnc 00007FA9D0D24992h
                                                                                                                              pop edx
                                                                                                                              add byte ptr [eax+00h], bl
                                                                                                                              push ecx
                                                                                                                              add byte ptr [ebx+00h], cl
                                                                                                                              popad
                                                                                                                              add byte ptr [edi+00h], dl
                                                                                                                              dec edx
                                                                                                                              add byte ptr [ebp+00h], dh
                                                                                                                              pop edx
                                                                                                                              add byte ptr [edi+00h], dl
                                                                                                                              jo 00007FA9D0D24992h
                                                                                                                              imul eax, dword ptr [eax], 5Ah
                                                                                                                              add byte ptr [ebp+00h], ch
                                                                                                                              jo 00007FA9D0D24992h
                                                                                                                              je 00007FA9D0D24992h
                                                                                                                              bound eax, dword ptr [eax]
                                                                                                                              push edi
                                                                                                                              add byte ptr [eax+eax+77h], dh
                                                                                                                              add byte ptr [ecx+00h], bl
                                                                                                                              xor al, byte ptr [eax]
                                                                                                                              xor eax, 63007300h
                                                                                                                              add byte ptr [edi+00h], al
                                                                                                                              push esi
                                                                                                                              add byte ptr [ecx+00h], ch
                                                                                                                              popad
                                                                                                                              add byte ptr [edx], dh
                                                                                                                              add byte ptr [eax+00h], bh
                                                                                                                              je 00007FA9D0D24992h
                                                                                                                              bound eax, dword ptr [eax]
                                                                                                                              insd
                                                                                                                              add byte ptr [eax+eax+76h], dh
                                                                                                                              add byte ptr [edx+00h], bl
                                                                                                                              push edi
                                                                                                                              add byte ptr [ecx], bh
                                                                                                                              add byte ptr [eax+00h], dh
                                                                                                                              popad
                                                                                                                              add byte ptr [edi+00h], al
                                                                                                                              cmp dword ptr [eax], eax
                                                                                                                              insd
                                                                                                                              add byte ptr [edx+00h], bl
                                                                                                                              push edi
                                                                                                                              add byte ptr [esi+00h], cl
                                                                                                                              cmp byte ptr [eax], al
                                                                                                                              push esi
                                                                                                                              add byte ptr [eax+00h], cl
                                                                                                                              dec edx
                                                                                                                              add byte ptr [esi+00h], dh
                                                                                                                              bound eax, dword ptr [eax]
                                                                                                                              insd
                                                                                                                              add byte ptr [eax+00h], bh
                                                                                                                              jo 00007FA9D0D24992h
                                                                                                                              bound eax, dword ptr [eax]
                                                                                                                              insd
                                                                                                                              add byte ptr [ebx+00h], dh

                                                                                                                              Data Directories

                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2b9c80x4f.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x320000x1c9d4.rsrc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x500000xc.reloc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x2b9ac0x1c.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                              Sections

                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              .text0x20000x2ea000x2ec0090926859c184d78274759c9e04689776False0.46997723094919786data6.2082932015233405IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                              .rsrc0x320000x1c9d40x1cc00157480f3cce6afdf7fe2c21d4ef7ee88False0.23727921195652174data2.606370261495621IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .reloc0x500000xc0x400918dfa7ddca38ac1d86ff1880cd96e08False0.025390625data0.05585530805374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                              Resources

                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                              RT_ICON0x321a00x3d04PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9934058898847631
                                                                                                                              RT_ICON0x35eb40x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.09013072282030049
                                                                                                                              RT_ICON0x466ec0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.13905290505432216
                                                                                                                              RT_ICON0x4a9240x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.17033195020746889
                                                                                                                              RT_ICON0x4cedc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.2045028142589118
                                                                                                                              RT_ICON0x4df940x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.24645390070921985
                                                                                                                              RT_GROUP_ICON0x4e40c0x5adata0.7666666666666667
                                                                                                                              RT_VERSION0x4e4780x35adata0.44405594405594406
                                                                                                                              RT_MANIFEST0x4e7e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                              Imports

                                                                                                                              DLLImport
                                                                                                                              mscoree.dll_CorExeMain

                                                                                                                              Network Behavior

                                                                                                                              Snort IDS Alerts

                                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                              04/23/24-09:58:16.446515TCP2043231ET TROJAN Redline Stealer TCP CnC Activity4973039361192.168.2.491.92.241.122
                                                                                                                              04/23/24-09:58:10.121851TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)393614973091.92.241.122192.168.2.4
                                                                                                                              04/23/24-09:58:04.686159TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)4973039361192.168.2.491.92.241.122
                                                                                                                              04/23/24-09:58:04.883476TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response393614973091.92.241.122192.168.2.4

                                                                                                                              Network Port Distribution

                                                                                                                              TCP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Apr 23, 2024 09:58:04.240636110 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:04.438736916 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:04.438998938 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:04.447880983 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:04.644844055 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:04.686158895 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:04.883476019 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:04.932457924 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:09.920500994 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:10.121850967 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:10.121911049 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:10.121947050 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:10.121973038 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:10.121987104 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:10.122037888 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:10.318172932 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:10.369932890 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:10.486229897 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:10.684355974 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:10.729306936 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:10.845674992 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:11.042951107 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:11.048603058 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:11.246642113 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:11.250334978 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:11.447627068 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:11.457156897 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:11.654607058 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:11.661683083 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:11.858113050 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:11.858212948 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:11.858910084 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:11.860753059 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:12.058099985 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:12.064344883 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:12.261615038 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:12.262852907 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:12.459815979 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:12.510596037 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:12.529385090 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:12.743592024 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:12.791798115 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:12.907479048 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.103861094 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.103903055 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.103936911 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.104033947 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.104154110 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.104204893 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.104290962 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.105292082 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.151176929 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.202888012 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.399538994 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.399594069 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.399629116 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.399653912 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.399658918 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.399691105 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.399766922 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.399775028 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.399775982 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.399800062 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.399831057 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.399857044 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.399887085 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.400094032 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.400145054 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.400190115 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.400224924 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.400284052 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.400336981 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.400367975 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.400423050 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.400438070 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.400494099 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.400587082 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.400645971 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.596504927 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.596558094 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.596590042 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.596821070 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.596869946 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.596900940 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.596930981 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.597121000 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.597186089 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.597242117 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.597332954 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.597371101 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.597604990 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.597693920 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.597803116 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.597832918 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.597903013 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.598010063 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.598092079 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.598121881 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.598191977 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.598237991 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.598306894 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.598433971 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.598464012 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.598572969 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.598642111 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.598710060 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.598779917 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.793180943 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.793598890 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.793687105 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.793787956 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.793865919 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.793956041 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.793977022 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.794078112 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.794466019 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.794617891 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.794768095 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.794876099 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.794949055 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.795022964 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.795099020 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.795212030 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.795243025 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.795392990 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.795775890 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.795804977 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.796030998 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.796264887 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.796372890 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.990509987 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.990576029 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.990609884 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.990669012 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.990727901 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.990854025 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.991082907 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.991132021 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.991235971 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.991331100 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.991494894 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.991535902 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.991585016 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.991679907 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.991724968 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.991880894 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.991978884 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.992074013 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.992120981 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.992259026 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.992352009 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.992449999 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.992481947 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.992665052 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.992734909 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.992867947 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.992898941 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.993006945 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.993052959 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.993128061 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.993146896 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.993158102 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.993352890 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.993458033 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.993529081 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.993573904 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.993748903 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.993856907 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.994062901 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.994091988 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.994163036 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.994338989 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.994369030 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.994463921 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.994518995 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.994587898 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.994827032 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:13.994854927 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:13.994930029 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:14.189512968 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.189567089 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.189811945 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.189966917 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.190129995 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.190438986 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.190470934 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.190880060 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.191070080 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.191099882 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.191210032 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.191245079 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.191276073 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.191400051 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.191442013 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.191570044 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.191654921 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.191822052 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.191853046 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.192075968 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:14.192184925 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.192204952 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:14.192312956 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.192343950 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.192440987 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.192471981 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.192543983 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.192653894 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.192687988 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193372011 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193403006 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193433046 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193463087 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193492889 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193522930 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193552017 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193581104 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193610907 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193640947 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193670988 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193700075 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193733931 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193764925 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.193835974 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.194000006 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:14.194112062 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:14.388892889 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.388943911 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.389206886 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.389312029 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.389342070 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.389528036 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.389723063 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.389761925 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.389792919 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.390204906 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.390435934 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.390716076 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.390746117 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.390965939 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.390996933 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.391241074 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.391411066 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.391442060 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.391552925 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.391815901 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.391845942 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.391874075 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:14.392016888 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:14.392247915 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.392512083 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.392596006 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.392626047 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.392941952 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.393013000 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.393433094 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.393462896 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.393493891 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.393954992 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.394112110 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:14.588537931 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.588591099 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.589010000 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.589044094 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.589073896 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.589189053 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.589225054 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.589315891 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.589346886 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.589780092 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.589884043 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.589962006 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.590087891 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.590292931 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.590419054 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.590534925 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.590646982 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.590677023 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.590707064 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.590773106 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.590919971 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.591048956 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.591237068 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.591355085 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.591510057 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.591609001 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.591681957 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.594156027 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:14.651173115 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:14.993078947 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:15.189771891 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:15.190819979 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:15.194303036 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:15.391547918 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:15.413219929 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:15.610611916 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:15.614181042 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:15.812352896 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:15.814353943 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:16.011462927 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:16.051064014 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:16.248413086 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:16.248790026 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:16.445765972 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:16.446515083 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:16.647413015 CEST393614973091.92.241.122192.168.2.4
                                                                                                                              Apr 23, 2024 09:58:16.692440987 CEST4973039361192.168.2.491.92.241.122
                                                                                                                              Apr 23, 2024 09:58:16.698944092 CEST4973039361192.168.2.491.92.241.122

                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              High Level Behavior Distribution

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              System Behavior

                                                                                                                              General

                                                                                                                              Target ID:0
                                                                                                                              Start time:09:58:01
                                                                                                                              Start date:23/04/2024
                                                                                                                              Path:C:\Users\user\Desktop\pdhmXuEYmc.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\Desktop\pdhmXuEYmc.exe"
                                                                                                                              Imagebase:0x840000
                                                                                                                              File size:311'296 bytes
                                                                                                                              MD5 hash:085F06B14FFEF066D5A8ACC5995E82F0
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.1690619448.0000000000842000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1835216796.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              Disassembly

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:13.1%
                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                Signature Coverage:0%
                                                                                                                                Total number of Nodes:148
                                                                                                                                Total number of Limit Nodes:7
                                                                                                                                execution_graph 51105 2b9d0b8 51106 2b9d0fe 51105->51106 51110 2b9d289 51106->51110 51113 2b9d298 51106->51113 51107 2b9d1eb 51111 2b9d2c6 51110->51111 51116 2b9c9a0 51110->51116 51111->51107 51114 2b9c9a0 DuplicateHandle 51113->51114 51115 2b9d2c6 51114->51115 51115->51107 51117 2b9d300 DuplicateHandle 51116->51117 51118 2b9d396 51117->51118 51118->51111 51119 2b9ad38 51122 2b9ae30 51119->51122 51120 2b9ad47 51123 2b9ae41 51122->51123 51124 2b9ae64 51122->51124 51123->51124 51130 2b9b0b8 51123->51130 51134 2b9b0c8 51123->51134 51124->51120 51125 2b9b068 GetModuleHandleW 51127 2b9b095 51125->51127 51126 2b9ae5c 51126->51124 51126->51125 51127->51120 51131 2b9b0dc 51130->51131 51132 2b9b101 51131->51132 51138 2b9a870 51131->51138 51132->51126 51135 2b9b0dc 51134->51135 51136 2b9a870 LoadLibraryExW 51135->51136 51137 2b9b101 51135->51137 51136->51137 51137->51126 51139 2b9b2a8 LoadLibraryExW 51138->51139 51141 2b9b321 51139->51141 51141->51132 51142 2b94668 51143 2b94684 51142->51143 51144 2b94696 51143->51144 51148 2b947a0 51143->51148 51153 2b93e10 51144->51153 51146 2b946b5 51149 2b947c5 51148->51149 51158 2b948b0 51149->51158 51162 2b948a1 51149->51162 51154 2b93e1b 51153->51154 51155 2b96ff8 51154->51155 51170 5136938 51154->51170 51175 5136948 51154->51175 51155->51146 51160 2b948d7 51158->51160 51159 2b949b4 51159->51159 51160->51159 51166 2b94248 51160->51166 51164 2b948b0 51162->51164 51163 2b949b4 51163->51163 51164->51163 51165 2b94248 CreateActCtxA 51164->51165 51165->51163 51167 2b95940 CreateActCtxA 51166->51167 51169 2b95a03 51167->51169 51171 5136948 51170->51171 51172 5136e5d 51171->51172 51180 6991b38 51171->51180 51185 6991b28 51171->51185 51176 513696b 51175->51176 51177 5136e5d 51176->51177 51178 6991b38 4 API calls 51176->51178 51179 6991b28 4 API calls 51176->51179 51178->51176 51179->51176 51181 6991b52 51180->51181 51190 6991f9a 51181->51190 51195 6991b89 51181->51195 51182 6991b6e 51182->51171 51186 6991b38 51185->51186 51188 6991b89 4 API calls 51186->51188 51189 6991f9a 4 API calls 51186->51189 51187 6991b6e 51187->51171 51188->51187 51189->51187 51191 6991f68 51190->51191 51192 6991fd0 51191->51192 51200 6997958 51191->51200 51205 6997968 51191->51205 51192->51182 51196 6991bc5 51195->51196 51197 6991fd0 51196->51197 51198 6997958 4 API calls 51196->51198 51199 6997968 4 API calls 51196->51199 51197->51182 51198->51196 51199->51196 51201 6997968 51200->51201 51210 6997bdd 51201->51210 51217 6997c52 51201->51217 51202 69979d8 51202->51191 51206 699798f 51205->51206 51208 6997bdd 3 API calls 51206->51208 51209 6997c52 3 API calls 51206->51209 51207 69979d8 51207->51191 51208->51207 51209->51207 51211 6997bfc 51210->51211 51224 6997db0 51211->51224 51228 6997d9f 51211->51228 51212 6997cc6 KiUserExceptionDispatcher 51214 6997d3f 51212->51214 51214->51202 51218 6997c65 51217->51218 51222 6997d9f LdrInitializeThunk 51218->51222 51223 6997db0 LdrInitializeThunk 51218->51223 51219 6997cc6 KiUserExceptionDispatcher 51221 6997d3f 51219->51221 51221->51202 51222->51219 51223->51219 51225 6997dd7 51224->51225 51226 6997e0f LdrInitializeThunk 51225->51226 51227 6997e07 51225->51227 51226->51227 51227->51212 51229 6997db0 51228->51229 51230 6997e0f LdrInitializeThunk 51229->51230 51231 6997e07 51229->51231 51230->51231 51231->51212 51232 6997ab8 51233 6997ac3 51232->51233 51234 6997ad3 51233->51234 51236 6993a8c 51233->51236 51237 6997b08 OleInitialize 51236->51237 51238 6997b6c 51237->51238 51238->51234 51239 f6d01c 51240 f6d034 51239->51240 51241 f6d08e 51240->51241 51244 5130ad4 51240->51244 51253 5132c08 51240->51253 51245 5130adf 51244->51245 51246 5132c79 51245->51246 51248 5132c69 51245->51248 51278 5130bfc 51246->51278 51262 5132d90 51248->51262 51267 5132da0 51248->51267 51272 5132e6c 51248->51272 51249 5132c77 51254 5132c18 51253->51254 51255 5132c79 51254->51255 51257 5132c69 51254->51257 51256 5130bfc CallWindowProcW 51255->51256 51258 5132c77 51256->51258 51259 5132d90 CallWindowProcW 51257->51259 51260 5132da0 CallWindowProcW 51257->51260 51261 5132e6c CallWindowProcW 51257->51261 51259->51258 51260->51258 51261->51258 51263 5132da0 51262->51263 51282 5132e58 51263->51282 51285 5132e48 51263->51285 51264 5132e40 51264->51249 51269 5132db4 51267->51269 51268 5132e40 51268->51249 51270 5132e58 CallWindowProcW 51269->51270 51271 5132e48 CallWindowProcW 51269->51271 51270->51268 51271->51268 51273 5132e2a 51272->51273 51274 5132e7a 51272->51274 51276 5132e58 CallWindowProcW 51273->51276 51277 5132e48 CallWindowProcW 51273->51277 51275 5132e40 51275->51249 51276->51275 51277->51275 51279 5130c07 51278->51279 51280 513435a CallWindowProcW 51279->51280 51281 5134309 51279->51281 51280->51281 51281->51249 51284 5132e69 51282->51284 51289 5134292 51282->51289 51284->51264 51286 5132e58 51285->51286 51287 5132e69 51286->51287 51288 5134292 CallWindowProcW 51286->51288 51287->51264 51288->51287 51290 5130bfc CallWindowProcW 51289->51290 51291 51342aa 51290->51291 51291->51284

                                                                                                                                Executed Functions

                                                                                                                                Function 0699D838 Relevance: 3.3, Strings: 2, Instructions: 766COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 616 699d838-699d874 617 699d87b-699d930 616->617 618 699d876 616->618 622 699e516-699e529 617->622 618->617 624 699e52f-699e54c 622->624 625 699d935-699d963 622->625 627 699e55b 624->627 628 699e54e-699e55a 624->628 630 699d96b-699d96d 625->630 631 699d965 625->631 633 699e55c 627->633 628->627 636 699d974-699d983 630->636 634 699d96f 631->634 635 699d967-699d969 631->635 633->633 634->636 635->630 635->634 637 699d98b-699d9d2 636->637 638 699d985-699d986 636->638 641 699d9d9-699da37 637->641 642 699d9d4 637->642 638->624 646 699da39-699da42 641->646 647 699da44-699da54 641->647 642->641 648 699da5a-699da68 646->648 647->648 649 699da6e-699da79 648->649 650 699e4f0-699e515 648->650 652 699da7b 649->652 653 699da80-699daa1 649->653 650->622 652->653 655 699daa8-699daed 653->655 656 699daa3 653->656 659 699daef 655->659 660 699daf4-699db52 655->660 656->655 659->660 664 699db59-699db82 660->664 665 699db54 660->665 666 699dbbd-699dc36 664->666 667 699db84-699db8f 664->667 665->664 676 699e0c8-699e0ea 666->676 677 699dc3c-699dc58 666->677 668 699db91 667->668 669 699db96-699dbbc 667->669 668->669 669->666 803 699e0f0 call 699e598 676->803 804 699e0f0 call 699e5a8 676->804 805 699e0f0 call 699ea3b 676->805 806 699e0f0 call 699e98a 676->806 807 699e0f0 call 699ea3d 676->807 808 699e0f0 call 699e9a2 676->808 809 699e0f0 call 699ead6 676->809 810 699e0f0 call 699ea46 676->810 680 699e0b2-699e0bb 677->680 681 699dc5d-699dc66 680->681 682 699e0c1-699e0c3 680->682 685 699dc68 681->685 686 699dc6d-699dcc8 681->686 684 699e4ef 682->684 683 699e0f6-699e11b 689 699e4a0-699e4b9 683->689 684->650 685->686 696 699e044-699e05d 686->696 692 699e4bf-699e4dc 689->692 693 699e120-699e195 call 699ca6c 689->693 697 699e4eb 692->697 698 699e4de-699e4ea 692->698 713 699e19d-699e1c5 call 699ca6c 693->713 714 699e197 693->714 703 699dccd-699dd42 call 699ca6c 696->703 704 699e063-699e080 696->704 697->684 698->697 736 699dd4a-699dd72 call 699ca6c 703->736 737 699dd44 703->737 709 699e08f 704->709 710 699e082-699e08e 704->710 709->680 710->709 724 699e1ce-699e1e1 713->724 725 699e1c7 713->725 716 699e199-699e19b 714->716 717 699e1fa-699e1fc 714->717 716->713 716->717 719 699e202-699e210 717->719 722 699e483-699e49f 719->722 723 699e216-699e27a 719->723 722->689 759 699e27c 723->759 760 699e281-699e291 723->760 728 699e1e9-699e1eb 724->728 729 699e1e3 724->729 725->717 727 699e1c9-699e1cc 725->727 727->717 727->724 732 699e1f2-699e1f8 728->732 734 699e1ed 729->734 735 699e1e5-699e1e7 729->735 732->719 734->732 735->728 735->734 744 699dd7b-699dd8e 736->744 745 699dd74 736->745 739 699dda7-699dda9 737->739 740 699dd46-699dd48 737->740 743 699ddaf-699ddbd 739->743 740->736 740->739 746 699e030-699e043 743->746 747 699ddc3-699de27 743->747 749 699dd90 744->749 750 699dd96-699dd98 744->750 745->739 748 699dd76-699dd79 745->748 746->696 767 699de29 747->767 768 699de2e-699de3e 747->768 748->739 748->744 753 699dd9a 749->753 754 699dd92-699dd94 749->754 755 699dd9f-699dda5 750->755 753->755 754->750 754->753 755->743 759->760 761 699e298-699e325 760->761 762 699e293 760->762 811 699e32b call 699eb38 761->811 812 699e32b call 699eb28 761->812 813 699e32b call 699ebd0 761->813 762->761 767->768 769 699de40 768->769 770 699de45-699df09 768->770 769->770 788 699df3b-699df6b 770->788 789 699df0b-699df39 770->789 777 699e331-699e35c 779 699e38e-699e3be 777->779 780 699e35e-699e38c 777->780 782 699e3fe-699e482 call 699ca6c 779->782 780->779 781 699e3c0-699e3ee 780->781 783 699e3f0 781->783 784 699e3f5-699e3f8 781->784 782->722 783->784 784->782 792 699dfab-699e02f call 699ca6c 788->792 789->788 791 699df6d-699df9b 789->791 793 699df9d 791->793 794 699dfa2-699dfa5 791->794 792->746 793->794 794->792 803->683 804->683 805->683 806->683 807->683 808->683 809->683 810->683 811->777 812->777 813->777
                                                                                                                                Strings
                                                                                                                                • +7vgCt5YN94CoaZ39L1ZtHnTa0z+N149Eamj1mVWephHZ6kRHjalH28uP86Qv1HBEWaP1Xp0Xh/wBkgj1KFF8WxIdTx8WeKnNwzgiugp/bDxQaZQbuvZZUw4Fb5qMd, xrefs: 0699D957, 0699DD82, 0699E1D5
                                                                                                                                • @B/, xrefs: 0699DB5F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: +7vgCt5YN94CoaZ39L1ZtHnTa0z+N149Eamj1mVWephHZ6kRHjalH28uP86Qv1HBEWaP1Xp0Xh/wBkgj1KFF8WxIdTx8WeKnNwzgiugp/bDxQaZQbuvZZUw4Fb5qMd$@B/
                                                                                                                                • API String ID: 0-2191481496
                                                                                                                                • Opcode ID: c49245505f4e08fedcc587042520b9b8871ba1daa834fedc4619b8a392dafab0
                                                                                                                                • Instruction ID: c812efe8bb62a0f88bf7aba918d2a75345dcda6da33a40472dde48aff0a0de0c
                                                                                                                                • Opcode Fuzzy Hash: c49245505f4e08fedcc587042520b9b8871ba1daa834fedc4619b8a392dafab0
                                                                                                                                • Instruction Fuzzy Hash: 5B829A74E012288FDBA4DF69C994BDDBBB2BF89301F1085EAD409A7650DB319E85CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0699BF50 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 814 699bf50-699bf81 815 699bf88-699bff5 call 6998da8 814->815 816 699bf83 814->816 822 699bffa-699c047 815->822 816->815 826 699c280-699c294 822->826 828 699c29a-699c2be 826->828 829 699c04c-699c137 826->829 834 699c2bf 828->834 844 699c214-699c224 829->844 834->834 846 699c22a-699c254 844->846 847 699c13c-699c152 844->847 855 699c260-699c261 846->855 856 699c256-699c25f 846->856 850 699c17c 847->850 851 699c154-699c160 847->851 857 699c182-699c1e7 850->857 853 699c16a-699c170 851->853 854 699c162-699c168 851->854 858 699c17a 853->858 854->858 855->826 856->855 865 699c1e9-699c1ff 857->865 866 699c200-699c213 857->866 858->857 865->866 866->844
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LRdq$PHdq
                                                                                                                                • API String ID: 0-3514635139
                                                                                                                                • Opcode ID: d4fcdbe4ed231ace3a7601682b79a2e2ba7ad48dd9e7069c4b5bbbddb2bcd9a9
                                                                                                                                • Instruction ID: 3bc765cb222a2ed0e6317bcbc9bfe23b85f7722378442e167a1f9fa94681f0b7
                                                                                                                                • Opcode Fuzzy Hash: d4fcdbe4ed231ace3a7601682b79a2e2ba7ad48dd9e7069c4b5bbbddb2bcd9a9
                                                                                                                                • Instruction Fuzzy Hash: FAA1D274E00218CFDB64DFA9C954B9EBBB2FF89300F2094A9D409AB765DB305A85CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06343F50 Relevance: 1.8, Strings: 1, Instructions: 523COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1040 6343f50-6343f84 1043 6343f86-6343f8f 1040->1043 1044 6343f92-6343fa5 1040->1044 1043->1044 1045 6344215-6344219 1044->1045 1046 6343fab-6343fae 1044->1046 1049 634422e-6344238 1045->1049 1050 634421b-634422b 1045->1050 1047 6343fb0-6343fb5 1046->1047 1048 6343fbd-6343fc9 1046->1048 1047->1048 1052 6344253-6344299 1048->1052 1053 6343fcf-6343fe1 1048->1053 1050->1049 1060 63442a8-63442d0 1052->1060 1061 634429b-63442a5 1052->1061 1058 6343fe7-634403a 1053->1058 1059 634414d-634415b 1053->1059 1089 634403c-6344048 call 6343c88 1058->1089 1090 634404a 1058->1090 1066 63441e0-63441e2 1059->1066 1067 6344161-634416f 1059->1067 1082 6344425-6344443 1060->1082 1083 63442d6-63442ef 1060->1083 1061->1060 1068 63441e4-63441ea 1066->1068 1069 63441f0-63441fc 1066->1069 1071 6344171-6344176 1067->1071 1072 634417e-634418a 1067->1072 1073 63441ec 1068->1073 1074 63441ee 1068->1074 1080 63441fe-634420f 1069->1080 1071->1072 1072->1052 1075 6344190-63441bf 1072->1075 1073->1069 1074->1069 1094 63441d0-63441de 1075->1094 1095 63441c1-63441ce 1075->1095 1080->1045 1080->1046 1101 6344445-6344467 1082->1101 1102 63444ae-63444b8 1082->1102 1098 63442f5-634430b 1083->1098 1099 6344406-634441f 1083->1099 1097 634404c-634405c 1089->1097 1090->1097 1094->1045 1095->1094 1108 6344077-6344079 1097->1108 1109 634405e-6344075 1097->1109 1098->1099 1122 6344311-634435f 1098->1122 1099->1082 1099->1083 1120 63444b9-634450a 1101->1120 1121 6344469-6344485 1101->1121 1111 63440c2-63440c4 1108->1111 1112 634407b-6344089 1108->1112 1109->1108 1116 63440c6-63440d0 1111->1116 1117 63440d2-63440e2 1111->1117 1112->1111 1123 634408b-634409d 1112->1123 1116->1117 1129 634411b-6344127 1116->1129 1131 63440e4-63440f2 1117->1131 1132 634410d-6344113 call 6344aff 1117->1132 1155 634450c-6344528 1120->1155 1156 634452a-6344568 1120->1156 1134 63444a9-63444ac 1121->1134 1168 6344361-6344387 1122->1168 1169 6344389-63443ad 1122->1169 1138 63440a3-63440a7 1123->1138 1139 634409f-63440a1 1123->1139 1129->1080 1148 634412d-6344148 1129->1148 1143 63440f4-6344103 1131->1143 1144 6344105-6344108 1131->1144 1137 6344119 1132->1137 1134->1102 1140 6344493-6344496 1134->1140 1137->1129 1146 63440ad-63440bc 1138->1146 1139->1146 1140->1120 1147 6344498-63444a8 1140->1147 1143->1129 1144->1045 1146->1111 1157 6344239-634424c 1146->1157 1147->1134 1148->1045 1155->1156 1157->1052 1168->1169 1178 63443df-63443f8 1169->1178 1179 63443af-63443c6 1169->1179 1182 6344403-6344404 1178->1182 1183 63443fa 1178->1183 1186 63443d2-63443dd 1179->1186 1187 63443c8-63443cb 1179->1187 1182->1099 1183->1182 1186->1178 1186->1179 1187->1186
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $dq
                                                                                                                                • API String ID: 0-847773763
                                                                                                                                • Opcode ID: 0d0a1a2040c24047fd791009ea810159d3e73848105412ff15e16fbbfdc6cb52
                                                                                                                                • Instruction ID: 128377635fd93bd77bfc45354176d50a61185f5a649cd335f1f3b3c8bd8545bc
                                                                                                                                • Opcode Fuzzy Hash: 0d0a1a2040c24047fd791009ea810159d3e73848105412ff15e16fbbfdc6cb52
                                                                                                                                • Instruction Fuzzy Hash: 6E124C74B002158FCB54DF69C594AAEBBF6FF88710B158569E806EB366DB30EC41CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06997DB0 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 54e7554fb005df89ac02ebb4d9b42d441b7d65785ca52cfa4271e4be358d9aab
                                                                                                                                • Instruction ID: 11570ea7ceee153ed33a343ad280067c444ce0d2a7c38aacf8f35e02e535593f
                                                                                                                                • Opcode Fuzzy Hash: 54e7554fb005df89ac02ebb4d9b42d441b7d65785ca52cfa4271e4be358d9aab
                                                                                                                                • Instruction Fuzzy Hash: 76219274E112189FCF44DFA9E884AEDBBB6AB89310F10946AE415B7360DB305841CF64
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06996398 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: \VWj
                                                                                                                                • API String ID: 0-2419293905
                                                                                                                                • Opcode ID: becc7723d13a3c268e0260b9e458bbefc17d899fe6f9e49106c2e2dd90c74710
                                                                                                                                • Instruction ID: bf495a014055b91a6a44e3e4f1704a17f3aff8d628776b4bba65af06d4e0d912
                                                                                                                                • Opcode Fuzzy Hash: becc7723d13a3c268e0260b9e458bbefc17d899fe6f9e49106c2e2dd90c74710
                                                                                                                                • Instruction Fuzzy Hash: 97B17C70E002098FEF54CFADC99579DBBF6AF88304F248529D815EB694EB349841CFA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0699CDE5 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ,f
                                                                                                                                • API String ID: 0-2825746204
                                                                                                                                • Opcode ID: 328c660ce059bbb65e48796645fb6af5b9dae9a44c5a921a93555a1f684391f2
                                                                                                                                • Instruction ID: 7e3002b985b13c93f63d4b3047283ceb87091a288cea297c66f2867c410a92d8
                                                                                                                                • Opcode Fuzzy Hash: 328c660ce059bbb65e48796645fb6af5b9dae9a44c5a921a93555a1f684391f2
                                                                                                                                • Instruction Fuzzy Hash: C6B1B374E01228CFDB64DF69C990B9DBBB2BF89300F5085AAD809AB355DB315E85CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063467D8 Relevance: .5, Instructions: 532COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1521d070f71d7e64aa64d70c8af24bbf90713bdce5af12d1593e1d124b731034
                                                                                                                                • Instruction ID: d110811104b0e982629eba3b76ac9e7ee76a3e5731d1c36b9cb361d861e3bc11
                                                                                                                                • Opcode Fuzzy Hash: 1521d070f71d7e64aa64d70c8af24bbf90713bdce5af12d1593e1d124b731034
                                                                                                                                • Instruction Fuzzy Hash: 9612C171A002199FCB51EF68D881B9EBBF2FF86310F158569E509DB261DB30ED85CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06999FB8 Relevance: .5, Instructions: 525COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: afd82f9f3f8714a2f1c89428680d4c8d61a3aded61c952715ef0160c538951bd
                                                                                                                                • Instruction ID: 8dcf0ea2c5dc7ae9899f48677b17d07c1e8a13e60cf491441d749fe484dfa341
                                                                                                                                • Opcode Fuzzy Hash: afd82f9f3f8714a2f1c89428680d4c8d61a3aded61c952715ef0160c538951bd
                                                                                                                                • Instruction Fuzzy Hash: 6D429D74E012288FDBA4DF69C954BEEBBB2BF89300F1095E9D50AA7250DB315E85CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 05136948 Relevance: .5, Instructions: 499COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858067786.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5130000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8d18adf504b3a8f4ed65c54b7dfd2cb23ef7ac5058aeff95ada62f76a4577427
                                                                                                                                • Instruction ID: cedb45b8a92cfeb9ac1d0964e5c26c3967001428f3282c0521522fe6752c08b2
                                                                                                                                • Opcode Fuzzy Hash: 8d18adf504b3a8f4ed65c54b7dfd2cb23ef7ac5058aeff95ada62f76a4577427
                                                                                                                                • Instruction Fuzzy Hash: 4022F174A01228DFCB65DF64C954BE9BBB2FF4A310F0090E9E509A72A1DB359E85CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 069913B0 Relevance: .4, Instructions: 381COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 145506951062ca90416977ac6d147418c3cf20af15b3f71ce8156e7d097cc527
                                                                                                                                • Instruction ID: 2d05edc4f3840ac4503f86b8612779f9860f01d51aed13e9cc21f2d730184bbc
                                                                                                                                • Opcode Fuzzy Hash: 145506951062ca90416977ac6d147418c3cf20af15b3f71ce8156e7d097cc527
                                                                                                                                • Instruction Fuzzy Hash: 51E13C74E003099FDB88DBB4C895AAEBBF6EF88311F404018E51ABB795CE345D81DB65
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 069913C0 Relevance: .4, Instructions: 374COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8f10fc39ce48f1c3ed2ab782a6d0364132cb4dbb70b1dc5f3a1e949dd85f7aac
                                                                                                                                • Instruction ID: 88247ee6e403eefdb120051c41aeb44f17f6e2ff3095afec0aa99a1c3d5f91fa
                                                                                                                                • Opcode Fuzzy Hash: 8f10fc39ce48f1c3ed2ab782a6d0364132cb4dbb70b1dc5f3a1e949dd85f7aac
                                                                                                                                • Instruction Fuzzy Hash: 4AE12B70E003099FDB88DBB4C895AAEBBF6EF88311F404018E51ABB795CE345D81DB65
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06999210 Relevance: .3, Instructions: 332COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6263b756c2865c67311d1f1303b565ba931f9ee367682f48b2e2165ba1c92e21
                                                                                                                                • Instruction ID: d2cad987c06b14e8ef5640591a8265aea11f15eee5ecd02847574fa5b0b0bcee
                                                                                                                                • Opcode Fuzzy Hash: 6263b756c2865c67311d1f1303b565ba931f9ee367682f48b2e2165ba1c92e21
                                                                                                                                • Instruction Fuzzy Hash: E7F19274A01228CFDB68DF64C950B9EBBB2BF89300F2085E9D509AB364DB315E85CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0699E5A8 Relevance: .3, Instructions: 323COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ddbc3b78822bf5a60ca220caaaad41fe5f8541ffb4e3b1ca67d24fbc3a52c79a
                                                                                                                                • Instruction ID: 17356020d25e982c87e159bc1a1c0f86727da609201dcf6d967fa746fa14e363
                                                                                                                                • Opcode Fuzzy Hash: ddbc3b78822bf5a60ca220caaaad41fe5f8541ffb4e3b1ca67d24fbc3a52c79a
                                                                                                                                • Instruction Fuzzy Hash: 9BE1C074E01229CFDB64DFA9C950B9EBBB2BF89300F1091AAD409B7255DB345E85CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0699AF80 Relevance: .3, Instructions: 302COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f918ec405e5b5922f693dbe45632b29d0c2b7ee3a37a186457b3e9d1e114ad96
                                                                                                                                • Instruction ID: 379bb37c8f76b6e7289ea3f074415d626d7fe6443ae93a0a52fab046a1589f7f
                                                                                                                                • Opcode Fuzzy Hash: f918ec405e5b5922f693dbe45632b29d0c2b7ee3a37a186457b3e9d1e114ad96
                                                                                                                                • Instruction Fuzzy Hash: 05D1A074E01218CFDBA4DFA9D984B9EBBB2BF89300F2081AAD409A7355DB345D85CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634A688 Relevance: .3, Instructions: 302COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 457fcbe3551bb4a8ab996e563b24275ef11c3ecba2e1182b2a8165b399e813e5
                                                                                                                                • Instruction ID: b5d15ebae2ae4e4c24120060bf5f45cf8db132a4de3a4e4c72038604cd02a1bf
                                                                                                                                • Opcode Fuzzy Hash: 457fcbe3551bb4a8ab996e563b24275ef11c3ecba2e1182b2a8165b399e813e5
                                                                                                                                • Instruction Fuzzy Hash: 7DD10574A00218CFCB54EFB4D8546ADBBB2FF8A301F1082A9D44AAB354DB396985CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634A6B8 Relevance: .3, Instructions: 289COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 14f91bab05d69be27f1b0f5110668dc10bbee1ee03b9a223443a16acd4a355bb
                                                                                                                                • Instruction ID: 45dfbfc88ff51fbf560b5ae22445d9104d60c51d73f2012804a7773adc77036e
                                                                                                                                • Opcode Fuzzy Hash: 14f91bab05d69be27f1b0f5110668dc10bbee1ee03b9a223443a16acd4a355bb
                                                                                                                                • Instruction Fuzzy Hash: 28D1F670A00218CFCB54EFB4D8546ADBBB2FF8A301F1082A9D44AAB354DF396985CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06998DA8 Relevance: .3, Instructions: 287COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 94659ea4b09a8968dff46ed61657d01eb0bf8ab5ae136ce1dc3a6d4ea3dedcc4
                                                                                                                                • Instruction ID: c87740bb21979e85d1664c08e42054648dc5614961152508b3202c6832803bd2
                                                                                                                                • Opcode Fuzzy Hash: 94659ea4b09a8968dff46ed61657d01eb0bf8ab5ae136ce1dc3a6d4ea3dedcc4
                                                                                                                                • Instruction Fuzzy Hash: 34D1AD74E01218CFDB64DFA9C984B9DBBF2BF89300F2495A9D509AB355DB309A81CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 05137C20 Relevance: .3, Instructions: 279COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858067786.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5130000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cef3625e6c25d937d84ea56c48e99ecc573d4af263eb7e898b7377da6faa7590
                                                                                                                                • Instruction ID: eea0b30242aacc30a0677c5970d882c1c3b7f340760216a1664d89b3e4c0e46d
                                                                                                                                • Opcode Fuzzy Hash: cef3625e6c25d937d84ea56c48e99ecc573d4af263eb7e898b7377da6faa7590
                                                                                                                                • Instruction Fuzzy Hash: 59C1C2B4E01218CFDB14DFA9C990A9DBBB2FF89300F14C1A9D419AB355DB309A81CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06999850 Relevance: .3, Instructions: 271COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 12a6149a184f650d2ce3a38c237d9bf0e61347bef28ac0d43612bf24ec139c3a
                                                                                                                                • Instruction ID: 0c59afa4079285e9175e704ffcd66d3539c4c3ca0c5969a866ae7fce26a20e2e
                                                                                                                                • Opcode Fuzzy Hash: 12a6149a184f650d2ce3a38c237d9bf0e61347bef28ac0d43612bf24ec139c3a
                                                                                                                                • Instruction Fuzzy Hash: C1C1C370D012298FDB68DF69C950BDEBBB2BF89300F1485EAD409AB294DB355E85CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06996C68 Relevance: .3, Instructions: 266COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4c49bcbba09ef7e70a7805f719dca9569e88b295b3e56985af4144498e78dc12
                                                                                                                                • Instruction ID: c6272fbd500fe1e4b591de22af4c40d8508a0275e275c9364804d6f98a6a5dd0
                                                                                                                                • Opcode Fuzzy Hash: 4c49bcbba09ef7e70a7805f719dca9569e88b295b3e56985af4144498e78dc12
                                                                                                                                • Instruction Fuzzy Hash: 2CB18E70E002098FEF54CFACD8857ADBBF6AF88314F248529D419E7794EB749845CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06999200 Relevance: .2, Instructions: 224COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ddca55601c68a1f09e97399c744514623ddfb8fbfb99c788eb9cdbea21dbf7dc
                                                                                                                                • Instruction ID: b9af380a5671f440dc474dbd3e0615c33890033bdf8e16ec6aecbcc32ee5086e
                                                                                                                                • Opcode Fuzzy Hash: ddca55601c68a1f09e97399c744514623ddfb8fbfb99c788eb9cdbea21dbf7dc
                                                                                                                                • Instruction Fuzzy Hash: E2A1D774E01228DFEB64DFA5C850B9EBBB2FF89300F2081A9D509AB255DB315E85CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 05137C10 Relevance: .1, Instructions: 128COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858067786.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5130000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 78e5fcb0c42634e2a0a81b46cbf1c986603039e2eacd437c6a0ca26eab932937
                                                                                                                                • Instruction ID: 34e40512aca152266e85d477536a26e4430d78e1c8f56814065e229a556bb6f9
                                                                                                                                • Opcode Fuzzy Hash: 78e5fcb0c42634e2a0a81b46cbf1c986603039e2eacd437c6a0ca26eab932937
                                                                                                                                • Instruction Fuzzy Hash: 0251C574E002188BEB18DFAAD85179EFBB3BF88300F14C0A9951DAB259DB3459859F50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0699CE3D Relevance: .1, Instructions: 99COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ff32b922d89d1c9be397ab2565b0b33f48258d6ea056674d7cef14cc628ff4d2
                                                                                                                                • Instruction ID: 36b5131ea83c26015b71dcf33c5c115507bd5eff1a0095e6c21f1d87c6ab46e7
                                                                                                                                • Opcode Fuzzy Hash: ff32b922d89d1c9be397ab2565b0b33f48258d6ea056674d7cef14cc628ff4d2
                                                                                                                                • Instruction Fuzzy Hash: B2411971D016189BEB69CFBAC8507DEBBB7AFC9300F14C06AD819AB655DB700946CF60
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06330D80 Relevance: 20.6, Strings: 16, Instructions: 621COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 294 6330d80-6330dcb 299 6330dd1-6330dd3 294->299 300 6330efd-6330f10 294->300 301 6330dd6-6330de5 299->301 304 6331006-6331011 300->304 305 6330f16-6330f25 300->305 306 6330deb-6330e1d 301->306 307 6330e9d-6330ea1 301->307 308 6331019-6331022 304->308 314 6330fd1-6330fd5 305->314 315 6330f2b-6330f51 305->315 344 6330e26-6330e2d 306->344 345 6330e1f-6330e24 306->345 309 6330ea3-6330eae 307->309 310 6330eb0 307->310 313 6330eb5-6330eb8 309->313 310->313 313->308 319 6330ebe-6330ec2 313->319 316 6330fd7-6330fe2 314->316 317 6330fe4 314->317 341 6330f53-6330f58 315->341 342 6330f5a-6330f61 315->342 324 6330fe6-6330fe8 316->324 317->324 320 6330ed1 319->320 321 6330ec4-6330ecf 319->321 327 6330ed3-6330ed5 320->327 321->327 325 6330fea-6330ff4 324->325 326 6331039-6331050 324->326 336 6330ff7-6331000 325->336 347 6331052-63310ab 326->347 348 63310ae-63310b5 326->348 331 6331025-6331032 327->331 332 6330edb-6330ee5 327->332 331->326 343 6330ee8-6330ef2 332->343 336->304 336->305 350 6330fc5-6330fcf 341->350 351 6330f63-6330f84 342->351 352 6330f86-6330faa 342->352 343->301 349 6330ef8 343->349 353 6330e52-6330e76 344->353 354 6330e2f-6330e50 344->354 355 6330e91-6330e9b 345->355 347->348 356 63310bb-63310bd 348->356 357 6331189-633119c 348->357 349->308 350->336 351->350 375 6330fc2 352->375 376 6330fac-6330fb2 352->376 377 6330e78-6330e7e 353->377 378 6330e8e 353->378 354->355 355->343 363 63310c0-63310cf 356->363 367 63311a2-63311b1 357->367 368 6331234-633123f 357->368 379 63310d1-63310fe 363->379 380 6331129-633112d 363->380 392 63311b3-63311dc 367->392 393 63311ff-6331203 367->393 387 6331247-6331250 368->387 375->350 382 6330fb6-6330fb8 376->382 383 6330fb4 376->383 384 6330e82-6330e84 377->384 385 6330e80 377->385 378->355 408 6331104-6331106 379->408 388 633112f-633113a 380->388 389 633113c 380->389 382->375 383->375 384->378 385->378 391 6331141-6331144 388->391 389->391 391->387 396 633114a-633114e 391->396 417 63311f4-63311fd 392->417 418 63311de-63311e4 392->418 394 6331212 393->394 395 6331205-6331210 393->395 402 6331214-6331216 394->402 395->402 400 6331150-633115b 396->400 401 633115d 396->401 407 633115f-6331161 400->407 401->407 405 6331267-633127c 402->405 406 6331218-6331222 402->406 430 63312da-63312e9 405->430 431 633127e-63312af 405->431 421 6331225-633122e 406->421 411 6331253-6331260 407->411 412 6331167-6331171 407->412 414 6331108-633110e 408->414 415 633111e-6331127 408->415 411->405 428 6331174-633117e 412->428 419 6331112-6331114 414->419 420 6331110 414->420 415->428 417->421 422 63311e6 418->422 423 63311e8-63311ea 418->423 419->415 420->415 421->367 421->368 422->417 423->417 428->363 432 6331184 428->432 435 63312ec-63312f0 430->435 436 63312b1-63312b7 431->436 437 63312c7-63312d3 431->437 432->387 438 63312f2-63312f7 435->438 439 63312f9-63312fe 435->439 440 63312bb-63312bd 436->440 441 63312b9 436->441 437->430 442 6331304-6331307 438->442 439->442 440->437 441->437 443 63314f8-6331500 442->443 444 633130d-6331322 442->444 444->435 446 6331324 444->446 447 63313e0-6331405 446->447 448 633132b-6331350 446->448 449 6331498-63314b9 446->449 461 6331407-6331409 447->461 462 633140b-633140f 447->462 459 6331352-6331354 448->459 460 6331356-633135a 448->460 453 63314bf-63314f3 449->453 453->435 465 63313b8-63313db 459->465 466 633137b-633139e 460->466 467 633135c-6331379 460->467 469 633146d-6331493 461->469 463 6331411-633142e 462->463 464 6331430-6331453 462->464 463->469 483 6331455-633145b 464->483 484 633146b 464->484 465->435 485 63313a0-63313a6 466->485 486 63313b6 466->486 467->465 469->435 487 633145f-6331461 483->487 488 633145d 483->488 484->469 489 63313aa-63313ac 485->489 490 63313a8 485->490 486->465 487->484 488->484 489->486 490->486
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                                                • API String ID: 0-256639137
                                                                                                                                • Opcode ID: 591bfaf15242b3953ea54b7bb5a3a782d3fcc683f448effe25f620563df7d8b6
                                                                                                                                • Instruction ID: b4370a61e2632b6bd0c16d81de6faab72c96b05986afa470352b8194290e509c
                                                                                                                                • Opcode Fuzzy Hash: 591bfaf15242b3953ea54b7bb5a3a782d3fcc683f448effe25f620563df7d8b6
                                                                                                                                • Instruction Fuzzy Hash: 05329F30B042159FDB59DBA9C844A6ABBFAFF89300B158469E506CB7A2CF74DC05CBD1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06331582 Relevance: 7.8, Strings: 6, Instructions: 339COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 491 6331582-6331584 492 633158e 491->492 493 6331598-63315af 492->493 494 63315b5-63315b7 493->494 495 63315b9-63315bf 494->495 496 63315cf-63315f1 494->496 497 63315c3-63315c5 495->497 498 63315c1 495->498 501 6331638-633163f 496->501 497->496 498->496 502 6331571-6331580 501->502 503 6331645-6331747 501->503 502->491 506 63315f3-63315f7 502->506 508 6331606 506->508 509 63315f9-6331604 506->509 511 633160b-633160e 508->511 509->511 511->503 513 6331610-6331614 511->513 514 6331623 513->514 515 6331616-6331621 513->515 516 6331625-6331627 514->516 515->516 518 633174a-63317a7 516->518 519 633162d-6331637 516->519 526 63317a9-63317af 518->526 527 63317bf-63317e1 518->527 519->501 528 63317b3-63317b5 526->528 529 63317b1 526->529 532 63317e4-63317e8 527->532 528->527 529->527 533 63317f1-63317f6 532->533 534 63317ea-63317ef 532->534 535 63317fc-63317ff 533->535 534->535 536 6331805-633181a 535->536 537 6331abf-6331ac7 535->537 536->532 539 633181c 536->539 540 6331823-63318d3 539->540 541 6331990-63319bd 539->541 542 6331a07-6331a2c 539->542 543 63318d8-633198b 539->543 540->532 561 63319c3-63319cd 541->561 562 6331b36-6331b73 541->562 557 6331a32-6331a36 542->557 558 6331a2e-6331a30 542->558 543->532 564 6331a57-6331a7a 557->564 565 6331a38-6331a55 557->565 563 6331a94-6331aba 558->563 568 63319d3-6331a02 561->568 569 6331b00-6331b2f 561->569 563->532 586 6331a92 564->586 587 6331a7c-6331a82 564->587 565->563 568->532 569->562 586->563 589 6331a86-6331a88 587->589 590 6331a84 587->590 589->586 590->586
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                                                                                                • API String ID: 0-2331353128
                                                                                                                                • Opcode ID: e27bc809c37c6d29f354166b1793a7c43adc4e4851d990872b66fbbd5238f857
                                                                                                                                • Instruction ID: 7e91339bde31e391e236eb05cd322ce317c6c4c21c3cabb2983beac9a30d8caf
                                                                                                                                • Opcode Fuzzy Hash: e27bc809c37c6d29f354166b1793a7c43adc4e4851d990872b66fbbd5238f857
                                                                                                                                • Instruction Fuzzy Hash: A3C1BF34B042249FDB54ABA8C854A2E7BEAEF89701F148869E503CB7A2DF74DC05C7D1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06348C88 Relevance: 2.6, Strings: 2, Instructions: 143COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 961 6348c88-6348c94 963 6348c96-6348c9a 961->963 964 6348d00-6348d25 961->964 965 6348ca0-6348ca7 963->965 966 6348d2c-6348d51 963->966 964->966 967 6348cad-6348cef 965->967 968 6348d58-6348dd4 965->968 966->968 984 6348cf7-6348cfd 967->984 987 6348dd6-6348dd9 968->987 988 6348ddc-6348e46 968->988 995 6348e4d-6348e5b 988->995 996 6348e48 988->996 996->995
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: (hq$(hq
                                                                                                                                • API String ID: 0-2483692461
                                                                                                                                • Opcode ID: f6ff5d7bcb6474c781bf60216a3072ff9998d5462c24612b0c9fbefe89b000ef
                                                                                                                                • Instruction ID: 9e2623d92803fa0eea56b9c1607b80fac097a74aec5c6c0011f47561209099d0
                                                                                                                                • Opcode Fuzzy Hash: f6ff5d7bcb6474c781bf60216a3072ff9998d5462c24612b0c9fbefe89b000ef
                                                                                                                                • Instruction Fuzzy Hash: 81412375B041585FCB45AF78981076F7BA2AFD5351F608469E909AB380CE38DD12C3E2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 02B9AE30 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1190 2b9ae30-2b9ae3f 1191 2b9ae6b-2b9ae6f 1190->1191 1192 2b9ae41-2b9ae4e call 2b99838 1190->1192 1194 2b9ae71-2b9ae7b 1191->1194 1195 2b9ae83-2b9aec4 1191->1195 1199 2b9ae50 1192->1199 1200 2b9ae64 1192->1200 1194->1195 1201 2b9aed1-2b9aedf 1195->1201 1202 2b9aec6-2b9aece 1195->1202 1248 2b9ae56 call 2b9b0b8 1199->1248 1249 2b9ae56 call 2b9b0c8 1199->1249 1200->1191 1203 2b9aee1-2b9aee6 1201->1203 1204 2b9af03-2b9af05 1201->1204 1202->1201 1206 2b9aee8-2b9aeef call 2b9a814 1203->1206 1207 2b9aef1 1203->1207 1209 2b9af08-2b9af0f 1204->1209 1205 2b9ae5c-2b9ae5e 1205->1200 1208 2b9afa0-2b9afb7 1205->1208 1213 2b9aef3-2b9af01 1206->1213 1207->1213 1223 2b9afb9-2b9b018 1208->1223 1210 2b9af1c-2b9af23 1209->1210 1211 2b9af11-2b9af19 1209->1211 1214 2b9af30-2b9af39 call 2b9a824 1210->1214 1215 2b9af25-2b9af2d 1210->1215 1211->1210 1213->1209 1221 2b9af3b-2b9af43 1214->1221 1222 2b9af46-2b9af4b 1214->1222 1215->1214 1221->1222 1224 2b9af69-2b9af76 1222->1224 1225 2b9af4d-2b9af54 1222->1225 1241 2b9b01a-2b9b060 1223->1241 1230 2b9af99-2b9af9f 1224->1230 1231 2b9af78-2b9af96 1224->1231 1225->1224 1226 2b9af56-2b9af66 call 2b9a834 call 2b9a844 1225->1226 1226->1224 1231->1230 1243 2b9b068-2b9b093 GetModuleHandleW 1241->1243 1244 2b9b062-2b9b065 1241->1244 1245 2b9b09c-2b9b0b0 1243->1245 1246 2b9b095-2b9b09b 1243->1246 1244->1243 1246->1245 1248->1205 1249->1205
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 02B9B086
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1834835766.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2b90000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModule
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                • Opcode ID: 33f57737f0af65895e00ffb616a86cadfa9e85c90159e02ccb38a7a3375a9f4c
                                                                                                                                • Instruction ID: bc51dc9a89e7d4ea545a5dcb0418b01879099b29f2b566a3e5f1914a14f9b2dc
                                                                                                                                • Opcode Fuzzy Hash: 33f57737f0af65895e00ffb616a86cadfa9e85c90159e02ccb38a7a3375a9f4c
                                                                                                                                • Instruction Fuzzy Hash: B27147B0A00B058FDB24DF29D48579ABBF5FF88304F10896DE48AD7A40DB75E946CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06997BDD Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1250 6997bdd-6997bfa 1251 6997bfc 1250->1251 1252 6997c01-6997c31 1250->1252 1251->1252 1254 6997c3f-6997c45 1252->1254 1255 6997c33-6997c3d 1252->1255 1256 6997c48-6997cbd 1254->1256 1255->1256 1275 6997cc0 call 6997d9f 1256->1275 1276 6997cc0 call 6997db0 1256->1276 1263 6997cc6-6997d37 KiUserExceptionDispatcher 1269 6997d3f-6997d53 1263->1269 1270 6997d73-6997d93 1269->1270 1271 6997d55-6997d71 1269->1271 1273 6997d95-6997d9d 1270->1273 1271->1273 1275->1263 1276->1263
                                                                                                                                APIs
                                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 06997D28
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 6842923-0
                                                                                                                                • Opcode ID: f216675585476a672d957b0be254ea10db690ab88e3f42751e5941948653d63d
                                                                                                                                • Instruction ID: ec94def2dc35a57be41b4d43aade54ff14923e0029bf06068c5f02cd64534110
                                                                                                                                • Opcode Fuzzy Hash: f216675585476a672d957b0be254ea10db690ab88e3f42751e5941948653d63d
                                                                                                                                • Instruction Fuzzy Hash: 1E51C574E112089FDF48EFA9D5506ADBBB6FF89300F109429E405AB758DB345942CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 05130BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1277 5130bfc-51342fc 1280 5134302-5134307 1277->1280 1281 51343ac-51343cc call 5130ad4 1277->1281 1282 513435a-5134392 CallWindowProcW 1280->1282 1283 5134309-5134340 1280->1283 1288 51343cf-51343dc 1281->1288 1285 5134394-513439a 1282->1285 1286 513439b-51343aa 1282->1286 1291 5134342-5134348 1283->1291 1292 5134349-5134358 1283->1292 1285->1286 1286->1288 1291->1292 1292->1288
                                                                                                                                APIs
                                                                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 05134381
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858067786.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5130000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CallProcWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2714655100-0
                                                                                                                                • Opcode ID: 5abbe0fb58bf3bbe26c2ba2df690b77df20fb702b5dc57572f8e94ff77c21c72
                                                                                                                                • Instruction ID: 42b8be2f85dc079af04d1984d01fbe6f09187ff4ee8b26c2fce580571a4896a5
                                                                                                                                • Opcode Fuzzy Hash: 5abbe0fb58bf3bbe26c2ba2df690b77df20fb702b5dc57572f8e94ff77c21c72
                                                                                                                                • Instruction Fuzzy Hash: 594128B49003158FDB14DF99C889EAEBBF5FF88314F258499D519A7321D774A841CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 02B94248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 02B959F1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1834835766.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2b90000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Create
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                • Opcode ID: d17a8d31c2bae0eb08e37258887e459aacffa16ca9198e2f685c3c8388c0c7fd
                                                                                                                                • Instruction ID: 6568830b7dba024b0747c15eaf0c5250eb3c98ba127f1d6483c2258c72cc623b
                                                                                                                                • Opcode Fuzzy Hash: d17a8d31c2bae0eb08e37258887e459aacffa16ca9198e2f685c3c8388c0c7fd
                                                                                                                                • Instruction Fuzzy Hash: 2F41E0B0C0071DCBDB24DFA9C884B9DBBB5FF49314F6080AAD409AB251DBB56949CF90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 02B95935 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 02B959F1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1834835766.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2b90000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Create
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                • Opcode ID: 51c166b65d751cdc7cd3eb1b3beae018661eea6a19c688166db6e36aa70b65fe
                                                                                                                                • Instruction ID: 35110a062a2a9a8f6bdfadd6c05869ed9fd1343b73587e8a283f266ed5a0db98
                                                                                                                                • Opcode Fuzzy Hash: 51c166b65d751cdc7cd3eb1b3beae018661eea6a19c688166db6e36aa70b65fe
                                                                                                                                • Instruction Fuzzy Hash: 1D41E0B0C00719CADB24DFA9C884ADEBBB5FF49304F2080AAD419AB251DB756949CF90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06997C52 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 06997D28
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 6842923-0
                                                                                                                                • Opcode ID: 8a72b4d6d5d5eb11b590fe3782b7abe9b5199f1ce7b4d31abd651e76792fa962
                                                                                                                                • Instruction ID: cb7ed69e69f629d33cb7bb658f496f9441f34bfce1d4e380e238556ee07da1d5
                                                                                                                                • Opcode Fuzzy Hash: 8a72b4d6d5d5eb11b590fe3782b7abe9b5199f1ce7b4d31abd651e76792fa962
                                                                                                                                • Instruction Fuzzy Hash: C93193B4E112089FCB44EFE4D590AADBBB2FF88300F205529D416AB758DB345D45CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 02B9A858 Relevance: 1.6, APIs: 1, Instructions: 81libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02B9B101,00000800,00000000,00000000), ref: 02B9B312
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1834835766.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2b90000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                • Opcode ID: 08aa94b24ae5187c051c9c942c512e9ce2c831d49aad94193c851169b4d05849
                                                                                                                                • Instruction ID: 22426fca539df644fc1ad4121dc1e72b427fd2a3f831e8605c40a3d8cbc83292
                                                                                                                                • Opcode Fuzzy Hash: 08aa94b24ae5187c051c9c942c512e9ce2c831d49aad94193c851169b4d05849
                                                                                                                                • Instruction Fuzzy Hash: 8331BDB68083488FDB01DFAAD894ADEBFF0EF5A314F0180AAD459A7242C3749505CFA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 02B9C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02B9D2C6,?,?,?,?,?), ref: 02B9D387
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1834835766.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2b90000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                • Opcode ID: d6307b58c09c741f0c0aece05c746af5a045900b6efbb7b991925af9ece32c3b
                                                                                                                                • Instruction ID: 88f08feb7798046523d2e4b3edbcc3bbf48d411083eb7519b593b26ab8200a96
                                                                                                                                • Opcode Fuzzy Hash: d6307b58c09c741f0c0aece05c746af5a045900b6efbb7b991925af9ece32c3b
                                                                                                                                • Instruction Fuzzy Hash: CC21E4B5900309EFDB10DFAAD984ADEBBF4EB49310F14846AE918A3351D374A954CFA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 02B9D2F9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02B9D2C6,?,?,?,?,?), ref: 02B9D387
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1834835766.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2b90000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                • Opcode ID: 539f384b2069443b404acdad2fe88f93bbcea8d93093f91472de8c05bae0de8c
                                                                                                                                • Instruction ID: 1034992fcd4284eb33d7241bf5fb8462bac71708e69ac9a1eff25012d142e27a
                                                                                                                                • Opcode Fuzzy Hash: 539f384b2069443b404acdad2fe88f93bbcea8d93093f91472de8c05bae0de8c
                                                                                                                                • Instruction Fuzzy Hash: 3921E2B5D00249DFDB10CFAAD984ADEBBF5EB48314F14845AE918B3350D374AA54CF60
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 02B9A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02B9B101,00000800,00000000,00000000), ref: 02B9B312
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1834835766.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2b90000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                • Opcode ID: 7c92ef91e4bf24cce9b54c9b308fcce62522ac90a177b0345c487dff8fbb0ace
                                                                                                                                • Instruction ID: 05d98f37877cac4d51ccd1f6ac491c8e4c01a5dd90d8536487d9bfa7c0509f81
                                                                                                                                • Opcode Fuzzy Hash: 7c92ef91e4bf24cce9b54c9b308fcce62522ac90a177b0345c487dff8fbb0ace
                                                                                                                                • Instruction Fuzzy Hash: EF1126B6D003498FDB10DF9AD444ADEFBF4EB48314F10846ED559A7201C375A545CFA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 02B9B2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02B9B101,00000800,00000000,00000000), ref: 02B9B312
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1834835766.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2b90000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                • Opcode ID: ef27c0aa0b13328802e0efb96f4870d7b14d353e29ddb7e3a4e0b400d8eca5ec
                                                                                                                                • Instruction ID: acc260fe526e95bb16c296a5d47a18cf8587d129d26367c7fab48f24ff8c5c88
                                                                                                                                • Opcode Fuzzy Hash: ef27c0aa0b13328802e0efb96f4870d7b14d353e29ddb7e3a4e0b400d8eca5ec
                                                                                                                                • Instruction Fuzzy Hash: 341126B69003498FCB10CF9AD444ADEFFF4EB49324F14846EE569A7200C375A545CFA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 02B9B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 02B9B086
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1834835766.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2b90000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModule
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                • Opcode ID: e4fdabfebc94c6df648e7aa7dba348fee16e8fbdd5ae28e4096337a9b31d763b
                                                                                                                                • Instruction ID: 0d5ea08737036ed963b0d2205e54b09bf9ca73beb8cd6964c65b65c6b7cf9eef
                                                                                                                                • Opcode Fuzzy Hash: e4fdabfebc94c6df648e7aa7dba348fee16e8fbdd5ae28e4096337a9b31d763b
                                                                                                                                • Instruction Fuzzy Hash: F91110B6C007498FCB20DF9AD444ADEFBF4EB89328F10846AD429B7210C375A545CFA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06993A8C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OleInitialize.OLE32(00000000), ref: 06997B5D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2538663250-0
                                                                                                                                • Opcode ID: cd54d6250b79386184344247ed48749bcf8e1acdb058ad57ca21d64ae3eeb02b
                                                                                                                                • Instruction ID: 6343c7ac6579397653ce8d73e7d6f17c7c9e6571408cc7d181622f0a26fb1b20
                                                                                                                                • Opcode Fuzzy Hash: cd54d6250b79386184344247ed48749bcf8e1acdb058ad57ca21d64ae3eeb02b
                                                                                                                                • Instruction Fuzzy Hash: 131145B18007489FCB20DF9AD488BDEFBF8EB48320F208459D519A7600C774A944CFA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06343DE0 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 4'dq
                                                                                                                                • API String ID: 0-1167855494
                                                                                                                                • Opcode ID: cc1f58a58132ee8b2d76c44dfb1cab5980e09e94b2d7e51f101d9f680262bd99
                                                                                                                                • Instruction ID: cd53dc41c3c2bfb0a08552199e09e8b5713a0e9932dcbe975b12c9be299dc3f8
                                                                                                                                • Opcode Fuzzy Hash: cc1f58a58132ee8b2d76c44dfb1cab5980e09e94b2d7e51f101d9f680262bd99
                                                                                                                                • Instruction Fuzzy Hash: EB31F3727007504FC719A778E8A069EBBE6EFCA31175548AEE4098B741DE30EC438BA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063484D8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 4'dq
                                                                                                                                • API String ID: 0-1167855494
                                                                                                                                • Opcode ID: 62b6db8ba77044f14a076460b84c28ba3e43d8d93b6b7eeb96034bccf4c4516b
                                                                                                                                • Instruction ID: 785aaf6419d9676ea77c14051e9826bd49abe0fb3b91a9a3f93c9ffb5587775b
                                                                                                                                • Opcode Fuzzy Hash: 62b6db8ba77044f14a076460b84c28ba3e43d8d93b6b7eeb96034bccf4c4516b
                                                                                                                                • Instruction Fuzzy Hash: 94319F30B002048BDB09BB78A49056F77E7AFC8211B50843DD60BCB385EE31DE0687D2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063484C8 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 4'dq
                                                                                                                                • API String ID: 0-1167855494
                                                                                                                                • Opcode ID: efe61d7756cb3a321ec9c41f1e568cda0b9ccb8650cc33379289c267a728c999
                                                                                                                                • Instruction ID: aba6503cba9c45531997e1b7334ed757275996216ae2e1454b6c842c48f9b619
                                                                                                                                • Opcode Fuzzy Hash: efe61d7756cb3a321ec9c41f1e568cda0b9ccb8650cc33379289c267a728c999
                                                                                                                                • Instruction Fuzzy Hash: EB217C70B102058BDB09BB78A4A467F7AE7AFC8211B54447DD50BDB385EE34DE0687D2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634B628 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 4'dq
                                                                                                                                • API String ID: 0-1167855494
                                                                                                                                • Opcode ID: bdcd0e7e9491734b2cc4f8c6fc7d12859e4ac20fc3d84fa5dd7b43c3649a7947
                                                                                                                                • Instruction ID: 7346a5997b71a265ccbc425ea75fd6377e5efc7699723c17d16349a7e0eaff38
                                                                                                                                • Opcode Fuzzy Hash: bdcd0e7e9491734b2cc4f8c6fc7d12859e4ac20fc3d84fa5dd7b43c3649a7947
                                                                                                                                • Instruction Fuzzy Hash: 79019A34A02244DFCB01EBB8E55459C7FF1FB89201B2810AEE40AEB266DB301E44CB00
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06343EC8 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 4'dq
                                                                                                                                • API String ID: 0-1167855494
                                                                                                                                • Opcode ID: f4edc73e361bf72ee30c26aa6fc5539ce8460ba8d94e66b02b7340efdbe15fd4
                                                                                                                                • Instruction ID: c46d1a795fa1a3d9e42b00095599aaae210d3378d2d66a779970859a90da8f93
                                                                                                                                • Opcode Fuzzy Hash: f4edc73e361bf72ee30c26aa6fc5539ce8460ba8d94e66b02b7340efdbe15fd4
                                                                                                                                • Instruction Fuzzy Hash: 7BF0F6313002014BC208EB68E85156E37DBEBC8351350482DE00D8B304EF30AD4687E1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634B638 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 4'dq
                                                                                                                                • API String ID: 0-1167855494
                                                                                                                                • Opcode ID: c8e85fbe6b79e3b368dcbc3b25d2d1723e3e8cc24ee9f1e21c0d2947401516a5
                                                                                                                                • Instruction ID: fd90e4a13211ad6d9ac9e343a7f9c2c1a843a5e78812737b606cef2a7c04f145
                                                                                                                                • Opcode Fuzzy Hash: c8e85fbe6b79e3b368dcbc3b25d2d1723e3e8cc24ee9f1e21c0d2947401516a5
                                                                                                                                • Instruction Fuzzy Hash: ABF06470A02209AFCB04EFB8E54569CBBF1FB88201B2465ADE80AA7655EB301F458B44
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06332078 Relevance: 1.0, Instructions: 1039COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7e725ee1973094e0c1869a520e6e5c0eab8d0b21df9141194e9209f9ff01f6c7
                                                                                                                                • Instruction ID: 479a1782e4359effea258072dc646feb04f3d9d63f10ca2ec18fd1e314d0039e
                                                                                                                                • Opcode Fuzzy Hash: 7e725ee1973094e0c1869a520e6e5c0eab8d0b21df9141194e9209f9ff01f6c7
                                                                                                                                • Instruction Fuzzy Hash: 97924170B002189FCB559F64CC51BAEBBB6EF88700F118499E50AAB3A1DF719E41DF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06333933 Relevance: .7, Instructions: 705COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ebe92c6fe181423435ceccd1b7a2a7b100e0644b01c70eee43e4972b5b42457b
                                                                                                                                • Instruction ID: 66bc2438a4823ce8a99b8d28fbdc9ee45b29288e2e6a58f4e07307234736b297
                                                                                                                                • Opcode Fuzzy Hash: ebe92c6fe181423435ceccd1b7a2a7b100e0644b01c70eee43e4972b5b42457b
                                                                                                                                • Instruction Fuzzy Hash: 41521974B002149FCB44DF68C895EAEBBF6FF89704F158099E506DB3A2DA71ED448B90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063300D8 Relevance: .7, Instructions: 676COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ed74df76edc33766f29cec3a15aae89dc04f4350181d062f097dd3566f8cadbd
                                                                                                                                • Instruction ID: 23da7558a8a19fc5666781d2d09a1b0775811f736f899a112df6b1e83b4f7610
                                                                                                                                • Opcode Fuzzy Hash: ed74df76edc33766f29cec3a15aae89dc04f4350181d062f097dd3566f8cadbd
                                                                                                                                • Instruction Fuzzy Hash: 714267347006288FCB64AF78D45462EBBE2FFC5711B50499CE5039B395CF7AAE058B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06331F2A Relevance: .7, Instructions: 671COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 12e0b87b44cafb3d958d5cdb856697c256d976d1b89399f61ddb177dc29c9016
                                                                                                                                • Instruction ID: 2bc2663d9bc98f7e9d3a97ad599d12661c62ef2204e468fba112c552f1f3e060
                                                                                                                                • Opcode Fuzzy Hash: 12e0b87b44cafb3d958d5cdb856697c256d976d1b89399f61ddb177dc29c9016
                                                                                                                                • Instruction Fuzzy Hash: FD428474B002148FCB549F24C855EAEB7B6EF88704F118499E90A5F792CF71EE858BD1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063300B9 Relevance: .3, Instructions: 339COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 76e11bcb71f050f23625f805e1c5e6fa1707290687ace57bdb1f766c230bc38e
                                                                                                                                • Instruction ID: d783f5bc755852aff60961430fc77cf428ff3e71f9df2e752a5a38abc23df132
                                                                                                                                • Opcode Fuzzy Hash: 76e11bcb71f050f23625f805e1c5e6fa1707290687ace57bdb1f766c230bc38e
                                                                                                                                • Instruction Fuzzy Hash: 72C16E34B103149FDB489B64C859B7E7BEAEF89704F108069E9028B7A1CB76DD45CBE1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06330666 Relevance: .3, Instructions: 306COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 05f5e1f89df9edde10d6d0d9ff2c92d63a1174d2cdc123e7ba0cf2d2a295c1c0
                                                                                                                                • Instruction ID: cadd2c9f7c81a15b687c1bd8e39530e377b49b5f7a7a39dd7c9128b9243afa5c
                                                                                                                                • Opcode Fuzzy Hash: 05f5e1f89df9edde10d6d0d9ff2c92d63a1174d2cdc123e7ba0cf2d2a295c1c0
                                                                                                                                • Instruction Fuzzy Hash: B8B18C34B103149FDB489B64C859B3E7AEAEF89704F508055EA028B3A1CFB6DD45CBE1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063306DE Relevance: .3, Instructions: 306COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e57ea7db5bc64c785fb2092fb5cb7f8f4ececf8e6027c14c61a910481078ca48
                                                                                                                                • Instruction ID: 07f1d2167cd1d3b1df2c88becf3626dfdd169610c13b5e5ce6e2f70766b3ef90
                                                                                                                                • Opcode Fuzzy Hash: e57ea7db5bc64c785fb2092fb5cb7f8f4ececf8e6027c14c61a910481078ca48
                                                                                                                                • Instruction Fuzzy Hash: 28B18D34B103149FDB489B64C859B3E7AEAEF89704F508055EA028B3A1CFB6DD45CBE1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063305EE Relevance: .3, Instructions: 305COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fa06b13c5e699235fa1d366817ef7f0f68ae16d326fa163a8ed2cddedff88c8c
                                                                                                                                • Instruction ID: 9610a94df738c4aa1c7db5064d800a520e00efd3ad98f1c549c9a4f0753fcfe8
                                                                                                                                • Opcode Fuzzy Hash: fa06b13c5e699235fa1d366817ef7f0f68ae16d326fa163a8ed2cddedff88c8c
                                                                                                                                • Instruction Fuzzy Hash: 01B18D34B103149FDB489B64C859B3E7AEAEF89705F508055EA028B3A1CFB6DD45CBE1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06344AFF Relevance: .3, Instructions: 292COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d3913f7374e526564000928c4ea3a21df6450cf8f494e027a198d10f6becbe7d
                                                                                                                                • Instruction ID: f09f91684b5417f804abe2ee59f426d1daf90d2130111cca5033e4f78f930027
                                                                                                                                • Opcode Fuzzy Hash: d3913f7374e526564000928c4ea3a21df6450cf8f494e027a198d10f6becbe7d
                                                                                                                                • Instruction Fuzzy Hash: 64C13978B006058FC744DF69C484AAAFBF6FF89301B1585A9E546DB366DB30EC45CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06347D58 Relevance: .1, Instructions: 147COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fb0dc51482d846dd88a1183086b12b6e8f40ca83ed259d1a491c124cb03d3803
                                                                                                                                • Instruction ID: e0844f18336c43d20f782a276b1bad7719787c5579b9432a3725627e995b8050
                                                                                                                                • Opcode Fuzzy Hash: fb0dc51482d846dd88a1183086b12b6e8f40ca83ed259d1a491c124cb03d3803
                                                                                                                                • Instruction Fuzzy Hash: A4514771E10258DFDB54DFA9D980BDEFBF6AF48300F148529D415AB294DB74A846CF80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06347D4C Relevance: .1, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 63d4576c9df9d20ba8dd4b1a6834ca4e78b20d51d28a59e449578e40c01566e3
                                                                                                                                • Instruction ID: 5161b630450faf5e34331a3e3748362fe6ebb6c0bfa0794331e369a634553905
                                                                                                                                • Opcode Fuzzy Hash: 63d4576c9df9d20ba8dd4b1a6834ca4e78b20d51d28a59e449578e40c01566e3
                                                                                                                                • Instruction Fuzzy Hash: C05158B1D10258DFDB64DFA9C984BDEFBF5AF48300F148529E415AB294DB74A886CF80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063459C8 Relevance: .1, Instructions: 116COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: caeec487cda7e4dcb71988eee3277235dd002a5b0b2f40866a0391777f998a74
                                                                                                                                • Instruction ID: 5c97c5d2a8c05b349f734976dabfd9c2f7e6ee803c4aa0671cb074d48e58f2f3
                                                                                                                                • Opcode Fuzzy Hash: caeec487cda7e4dcb71988eee3277235dd002a5b0b2f40866a0391777f998a74
                                                                                                                                • Instruction Fuzzy Hash: B2415879A00606CFCB51DF58C88096AFBF2FF88360B15C959E55ADB261D730F805CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06345579 Relevance: .1, Instructions: 99COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 19527e75f4589b2ba35200eb13000ccef9bb983556844fd2a8e4a67c03f04d83
                                                                                                                                • Instruction ID: e31cfabe230b4af8b0a30d772561037fccb150e39eed4fb97ae953fdb000f8f0
                                                                                                                                • Opcode Fuzzy Hash: 19527e75f4589b2ba35200eb13000ccef9bb983556844fd2a8e4a67c03f04d83
                                                                                                                                • Instruction Fuzzy Hash: 093168B9B012109FCB05DF34D884A6EBBB6BF89341B508469E906CB355DB30ED15CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06345588 Relevance: .1, Instructions: 96COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6dd0da4f9d80826da37a9c9e2af97f6dfba8250aa44fd8e70080a5e42e74d894
                                                                                                                                • Instruction ID: 8cbf1c9be54f230af3d8f63f272763001f91f1708a62049827bc52e1e18e8a37
                                                                                                                                • Opcode Fuzzy Hash: 6dd0da4f9d80826da37a9c9e2af97f6dfba8250aa44fd8e70080a5e42e74d894
                                                                                                                                • Instruction Fuzzy Hash: 98314479B012109FCB45EF38D88496EBBB6FF89341B508469E90ACB355DB30ED15CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063487A0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 08404ffc4623ce249ffb33c74a8e77ff3ab250b44ebe62cd02f228d313f246b3
                                                                                                                                • Instruction ID: b24989423f01f7777664eb76616abf040a4430f2bff0d86123e40f72f782bef0
                                                                                                                                • Opcode Fuzzy Hash: 08404ffc4623ce249ffb33c74a8e77ff3ab250b44ebe62cd02f228d313f246b3
                                                                                                                                • Instruction Fuzzy Hash: C34112B1D01248DFDB14EFAAD940ADEFBF6AF88310F10802AE415B7254DB35A945CF90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0633309C Relevance: .1, Instructions: 82COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bfa85b13903b65aef837a574c236c7462d43098f64b2959265136a0321288ed2
                                                                                                                                • Instruction ID: 730dbce632844239d965d1c8d723a38a082f5928f04f4426fc866c1f73499739
                                                                                                                                • Opcode Fuzzy Hash: bfa85b13903b65aef837a574c236c7462d43098f64b2959265136a0321288ed2
                                                                                                                                • Instruction Fuzzy Hash: 29316F35B401149FDB54DF68D984EA9BBB1EF88314F12C0A4E9099F3A2CA31EC05CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06348796 Relevance: .1, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 75511099421018c07233b88e9d0ddfed0c88d3373892fc2dbd336b58697258fe
                                                                                                                                • Instruction ID: f49f1818e56fe2eb50c8270be2fae83df424039adbb369688b6c1dbc2a18ae84
                                                                                                                                • Opcode Fuzzy Hash: 75511099421018c07233b88e9d0ddfed0c88d3373892fc2dbd336b58697258fe
                                                                                                                                • Instruction Fuzzy Hash: A33104B1D012489FDB14EFAAD944ADEFFF6AF48300F14802AE415B7290EB35A945CF90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0633360B Relevance: .1, Instructions: 78COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 21c214f99e25e2b0fda45615c319f61fbd792ce5cd2f44f6dd4dac2ccbfce154
                                                                                                                                • Instruction ID: 42c808b051e672f8ce19423a012e570643d73a95bb9112981ceaabe6c5d5a885
                                                                                                                                • Opcode Fuzzy Hash: 21c214f99e25e2b0fda45615c319f61fbd792ce5cd2f44f6dd4dac2ccbfce154
                                                                                                                                • Instruction Fuzzy Hash: DE216D36B404149FDB54DF69C884EAABBB2FF88714F1180A5F9099F3A6DA31EC05CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06348A98 Relevance: .1, Instructions: 77COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: df7637cbd28fdce7a61d1e320a0dcf2038758b0c6e7b3b0fe234f685336d7b8f
                                                                                                                                • Instruction ID: 7c9b29f69ec9d69dd38c7b054ca7570c9be5b3cfed503098fad7b38c276cab65
                                                                                                                                • Opcode Fuzzy Hash: df7637cbd28fdce7a61d1e320a0dcf2038758b0c6e7b3b0fe234f685336d7b8f
                                                                                                                                • Instruction Fuzzy Hash: 823100B1D012589FDB14EFA9D894A9EFBF9EF48310F24842AE409B7240CB74A945CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00E1D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1832334086.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_e1d000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 31e2f41cfc7d53eaedbb7d1d4857afc6e20b034e9e09b922d923caf27f9b2e1a
                                                                                                                                • Instruction ID: 5dd89b83d7ed2487a96bae841cbd203184fcc17162924c1c64b3fb0690ab2d9b
                                                                                                                                • Opcode Fuzzy Hash: 31e2f41cfc7d53eaedbb7d1d4857afc6e20b034e9e09b922d923caf27f9b2e1a
                                                                                                                                • Instruction Fuzzy Hash: B82148B1508204DFDB05DF04DDC0B96BF65FB98324F20C568E80A5B246C336E896C7A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06331F9F Relevance: .1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858520840.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6330000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fe184e70f8bfe4925e288b10d89e0f5100bb505e864490dd3baf49e511772d07
                                                                                                                                • Instruction ID: c3b2b81e4f2719777a24a56571966fdb90ea4f4f0e0af5aca177da8f0eb79ec0
                                                                                                                                • Opcode Fuzzy Hash: fe184e70f8bfe4925e288b10d89e0f5100bb505e864490dd3baf49e511772d07
                                                                                                                                • Instruction Fuzzy Hash: 8E211935B40114AFCB44DFA8D984D9DBBB6FF49704B508095F6059F6A2CB72ED09DB20
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00F6D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1832839119.0000000000F6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_f6d000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cac56307d8a0b4a8b646cebd2ba0b5676b7eb040e7ce4db86bd966baa040a1b6
                                                                                                                                • Instruction ID: 60ccd03ff4aca34c013196d7cab01748b51e687cac1f294022825b971335dfc4
                                                                                                                                • Opcode Fuzzy Hash: cac56307d8a0b4a8b646cebd2ba0b5676b7eb040e7ce4db86bd966baa040a1b6
                                                                                                                                • Instruction Fuzzy Hash: DC21D375A04240EFCB14DF14D984B26BBA5EB94324F24C569D80A4B28AC336D807EA61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06348A8C Relevance: .1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c39a0121c427d55d88a47a3ca943811dffb81704cd4ac208871280ed702c39d3
                                                                                                                                • Instruction ID: c97c660740313cd9274e467a5dbd742d99a6c2b131f2130a7ee7e6d2ef8cabaa
                                                                                                                                • Opcode Fuzzy Hash: c39a0121c427d55d88a47a3ca943811dffb81704cd4ac208871280ed702c39d3
                                                                                                                                • Instruction Fuzzy Hash: FF2125B1D012489FDB14DFA9C894B9EFBF9EF48300F14842AE405B7390DB74A845CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00F6D005 Relevance: .1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1832839119.0000000000F6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_f6d000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e301a02224a2cf6637265566b9ef5e8fa293c26f2de37385ba0c90e855704fc8
                                                                                                                                • Instruction ID: 1c240da758842870b761be0ae175539fa988050ab5f420186becfe1202ba372c
                                                                                                                                • Opcode Fuzzy Hash: e301a02224a2cf6637265566b9ef5e8fa293c26f2de37385ba0c90e855704fc8
                                                                                                                                • Instruction Fuzzy Hash: 372195759093C09FC702CF24D594715BF71EB46324F28C5EAD8498F2A7C33A980ACB62
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06348E70 Relevance: .1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bebde8dd36c68a5977e663dd1d71628f9fc32d6699694e1218111332864a8d4b
                                                                                                                                • Instruction ID: 7ec91285819feb3c517ef4704ea73120aafca726aa355a058018696fa6df22e9
                                                                                                                                • Opcode Fuzzy Hash: bebde8dd36c68a5977e663dd1d71628f9fc32d6699694e1218111332864a8d4b
                                                                                                                                • Instruction Fuzzy Hash: E321C274E122189FCB44DFA9E9886EDBBF6BF88310F10902AE805B3250DB746945CB64
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00E1D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1832334086.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_e1d000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                                                • Instruction ID: 6e94b87b345ba7f892944291650415a1573a30944ae97606ef6f4f297ed7d2be
                                                                                                                                • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                                                • Instruction Fuzzy Hash: 15112676504240CFCB16CF00D9C4B56BF72FB94324F24C6A9D80A0B256C33AE89ACBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634BF2D Relevance: .1, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4d5087ba4a45c28e0243c97379605d55aaa59b34161ea51ac52865d9fb4378a6
                                                                                                                                • Instruction ID: 3da62baf95f4401484d9472767bf8ebb7c80a8e4d5affa6a273741e7886b7670
                                                                                                                                • Opcode Fuzzy Hash: 4d5087ba4a45c28e0243c97379605d55aaa59b34161ea51ac52865d9fb4378a6
                                                                                                                                • Instruction Fuzzy Hash: 6111E5312016004FCB45B738A8545AE3FE3EFC6362354485CF00ADBA12DD746AC78791
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06348350 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4704a934acdeb0d3c7dbcd157c762b07f1b78c0fded5a3960dc0666f67dc5962
                                                                                                                                • Instruction ID: bfeb74351a62cc62f995aa7daf51909fe0bddabd44d9dc753375a604d79ab41b
                                                                                                                                • Opcode Fuzzy Hash: 4704a934acdeb0d3c7dbcd157c762b07f1b78c0fded5a3960dc0666f67dc5962
                                                                                                                                • Instruction Fuzzy Hash: 41017171B101199BDF10DAA9AC85AAFFBFAEB84351F14803AE614D3240DB71A91587A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06348F28 Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ae854c848ab0711db49971335b5bf831d8f4f264da48bfd81fe8b43afac671bb
                                                                                                                                • Instruction ID: 7a0634c145649fee7e6429e795572159be96bc5479b738e91911cd3144b142c5
                                                                                                                                • Opcode Fuzzy Hash: ae854c848ab0711db49971335b5bf831d8f4f264da48bfd81fe8b43afac671bb
                                                                                                                                • Instruction Fuzzy Hash: EE1127B5E00209CFCB04DFA8D5546EEBBB2EF88305F10806AD514B7260EB359A46CFA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634C769 Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3613e6e549086c156ec12bc602d432607a61f88ad5bfab8b77863cef01a96d4e
                                                                                                                                • Instruction ID: 3e67b9fcfb38a8af04cdb0ec3d059d17e08af92a4c84e2bb10687ac965c52e63
                                                                                                                                • Opcode Fuzzy Hash: 3613e6e549086c156ec12bc602d432607a61f88ad5bfab8b77863cef01a96d4e
                                                                                                                                • Instruction Fuzzy Hash: 5C11C2742043008FC311EB74D04865A7FF2EFC931AB248A6ED05A8BA56CF74984ACB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06348F38 Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8091d3524887224d59d0d290f2ef0ed710fcfa9a75679959ddc24f39a165aa44
                                                                                                                                • Instruction ID: abbdd82ace4dcac006148b6f3b1f5cbd5b1f917d7e4a6b80f9dc0e61274c2986
                                                                                                                                • Opcode Fuzzy Hash: 8091d3524887224d59d0d290f2ef0ed710fcfa9a75679959ddc24f39a165aa44
                                                                                                                                • Instruction Fuzzy Hash: 55110270E012098FCB08DFA9D8449EEBBF6FF88311F10806AD515B7260EB756A41CFA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634BF40 Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fd76bd025908a84022dd0502e0fe7aa9d9b00aacea679f997297d4455e6385ec
                                                                                                                                • Instruction ID: f53e73fa033f6d020b15465ca5948d76f1f07c1bcb4488d071ef62d9d9fce295
                                                                                                                                • Opcode Fuzzy Hash: fd76bd025908a84022dd0502e0fe7aa9d9b00aacea679f997297d4455e6385ec
                                                                                                                                • Instruction Fuzzy Hash: 2C01B131200A058F8A44B738E45466E7AE3EFC53623A4582CF00A9BA01DE747EC78B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00E1D885 Relevance: .0, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1832334086.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_e1d000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b48e2cf551ec1f84ab53736f12d96e17c0c07eee8c3caf36a6307817795cb83a
                                                                                                                                • Instruction ID: 3b52ace8f0c0eab0c65ff09b6bb3c7f4afc420870f386328c47bb04aab082284
                                                                                                                                • Opcode Fuzzy Hash: b48e2cf551ec1f84ab53736f12d96e17c0c07eee8c3caf36a6307817795cb83a
                                                                                                                                • Instruction Fuzzy Hash: A101F23100C740DAE7149A29CD84BE6FFE8EF51329F18C45AED092A282C638A880DB71
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06348C78 Relevance: .0, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 096f8f37bfcc592ccca847214e18f9fcfe14937523cca4966d9034e70975780c
                                                                                                                                • Instruction ID: e4de7b910eb7288afb903f60bcf78af208a16c01f3e7f799854519e8e44959e5
                                                                                                                                • Opcode Fuzzy Hash: 096f8f37bfcc592ccca847214e18f9fcfe14937523cca4966d9034e70975780c
                                                                                                                                • Instruction Fuzzy Hash: 0801A2757012095BE715AE68D84477FB79AEBC9351F00842AFD05D7394DA34DC158BA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634EB70 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 46e08483a20d440e1d26092defc0746e426f1a20d4bc458419715455aadb309f
                                                                                                                                • Instruction ID: 22a2202e2c3cdbbf597cdb47d8e80b543178b6ed2231a3ad95eec5d7bdc1c08a
                                                                                                                                • Opcode Fuzzy Hash: 46e08483a20d440e1d26092defc0746e426f1a20d4bc458419715455aadb309f
                                                                                                                                • Instruction Fuzzy Hash: 8201F4347083889FCB46EB78D8148A97FB6FF8620071488E9E945CB763DA32DD16C791
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634C778 Relevance: .0, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 76ea2d22a76e5e0682f160261f2107733271a5c0c23b6f19aea60fd5dcce5a5f
                                                                                                                                • Instruction ID: d489fc570591e0f30f7e1164b5c0732ac2974f505f5acbc5392c9d2480c836dd
                                                                                                                                • Opcode Fuzzy Hash: 76ea2d22a76e5e0682f160261f2107733271a5c0c23b6f19aea60fd5dcce5a5f
                                                                                                                                • Instruction Fuzzy Hash: E50192702003048FD324EF75D04465A7BF3EBC831AB208A2DD15A97B45DF74A94A8B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06345508 Relevance: .0, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b2a8aa104771a952b07c47fc51006a570e1a502bc5382d0d7a55f300ec49eb01
                                                                                                                                • Instruction ID: 5e0aa3eb109202b33d02de05888477af5a3c302ef3e30e0035fdb54d6f94511d
                                                                                                                                • Opcode Fuzzy Hash: b2a8aa104771a952b07c47fc51006a570e1a502bc5382d0d7a55f300ec49eb01
                                                                                                                                • Instruction Fuzzy Hash: 16016234E11711CFDBA9AA25A404637F7F7BF84225B1488B8E40786A14DA71F484CBD0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06346E90 Relevance: .0, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4ca83218ff22d5699c516a9270475d884873db4319352c83ed2fa35abbb44e5f
                                                                                                                                • Instruction ID: cb7ce7315242bc8db7e177a09f51f8af4b6dc76896f9f95c053284c0ab77fdbb
                                                                                                                                • Opcode Fuzzy Hash: 4ca83218ff22d5699c516a9270475d884873db4319352c83ed2fa35abbb44e5f
                                                                                                                                • Instruction Fuzzy Hash: 82F0C8AB1041D42FCB914EA99C41BFB3FEDDB4D561B084056FA98E2241C439CA619770
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06348C10 Relevance: .0, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b0ef1661ed39f8f9171bb59a7d3d2a9658574266955e751000e49717e1808a2b
                                                                                                                                • Instruction ID: 6b4be9c8324a436d5eeccbc3997271fbc54e77b5951e63195535867cbb80938a
                                                                                                                                • Opcode Fuzzy Hash: b0ef1661ed39f8f9171bb59a7d3d2a9658574266955e751000e49717e1808a2b
                                                                                                                                • Instruction Fuzzy Hash: 7DF0C2B23003055FD714DA64EC80BABBBEDEBC8321F11452EE109C7285EAB5E8018760
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06349168 Relevance: .0, Instructions: 37COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 35c66993321a6b3e9a414bb8734503884cac3e3f45ddc2a052e4a1ceac55728f
                                                                                                                                • Instruction ID: 3ce44cc978aeea309342f612d9b3aba3e3cb3b5b319c1d79d32a83a302c6c4e9
                                                                                                                                • Opcode Fuzzy Hash: 35c66993321a6b3e9a414bb8734503884cac3e3f45ddc2a052e4a1ceac55728f
                                                                                                                                • Instruction Fuzzy Hash: 9B01D6B4D05209EFCB44EFA9D9496AEFBF5BF48300F1084A9E815A3390D7741A40DF90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06349158 Relevance: .0, Instructions: 37COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 54215b3d20fd936960c3636e2a3d58d3e69f36c10a526422335f7ce9b0054966
                                                                                                                                • Instruction ID: b2da76b32500456c3222fe17907f89a16e2af1c61e355254058566d1518757e0
                                                                                                                                • Opcode Fuzzy Hash: 54215b3d20fd936960c3636e2a3d58d3e69f36c10a526422335f7ce9b0054966
                                                                                                                                • Instruction Fuzzy Hash: C30144B4D0824ADFCB10DFA8D9497AEBFB0BB06311F2045A9E820A7391C7741A81DB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00E1D884 Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1832334086.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_e1d000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f3e14a2b4e0525a1c60c1180c232944252b4ee2617907a93877408975100bbed
                                                                                                                                • Instruction ID: cab29a286a323f89d74bff79734b3eae70c0129e707792b280daf01889fde910
                                                                                                                                • Opcode Fuzzy Hash: f3e14a2b4e0525a1c60c1180c232944252b4ee2617907a93877408975100bbed
                                                                                                                                • Instruction Fuzzy Hash: 4DF062724083449AE7149E1ADC84BA2FFD8EB55739F18C45AED085B286C279AC84CA71
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634C440 Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9b0bc52a3870aac90df1cedc567e8ae5d00687cea2d54cdc7a0f2ff8fde49965
                                                                                                                                • Instruction ID: d4b46da0fc402ab9f01e77ca956f4cb57e7b87d3133e00e1efec3fe9be2f5d57
                                                                                                                                • Opcode Fuzzy Hash: 9b0bc52a3870aac90df1cedc567e8ae5d00687cea2d54cdc7a0f2ff8fde49965
                                                                                                                                • Instruction Fuzzy Hash: AF01D1705067418FC726DF29E818166BFF2FF89310B14865ED4CAC7A22CB74A40ACF81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06348C20 Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: be99fdb636a9a67e65f75b4fe437fd2a06d32ab64008baddba8d21bb56ed16e5
                                                                                                                                • Instruction ID: 335b5e2c2f7840bc3a0bb05c79f7f8655511fd0201b701c07ab210b0ea8947b0
                                                                                                                                • Opcode Fuzzy Hash: be99fdb636a9a67e65f75b4fe437fd2a06d32ab64008baddba8d21bb56ed16e5
                                                                                                                                • Instruction Fuzzy Hash: 6EF05EB27002155FD714DA59EC44EABBBEEEBC8324F10452EE50AC7295EAB1EC0587B0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06346E72 Relevance: .0, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 67063a48e017f5f2c45032d390276654443c7886c52c3cabd91056c097f2e58d
                                                                                                                                • Instruction ID: b47fafa45c7a792d47cf7cf1d11d7bb4c43cbb7773850f7494a6ed9e418a9bcb
                                                                                                                                • Opcode Fuzzy Hash: 67063a48e017f5f2c45032d390276654443c7886c52c3cabd91056c097f2e58d
                                                                                                                                • Instruction Fuzzy Hash: 3CF05E773041E42FCF928EA99C119FB3FEC9B8E262F094596FE94D5141C029C961DBB0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06346EA0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5bd09d5dc0415a91793833a0d7308d6d327bdefe5159d167f21278d17ea18d8c
                                                                                                                                • Instruction ID: 12c2895bb977c6c24dc4e7f52e8213569f79820179bdff70a3e02a57b6856c61
                                                                                                                                • Opcode Fuzzy Hash: 5bd09d5dc0415a91793833a0d7308d6d327bdefe5159d167f21278d17ea18d8c
                                                                                                                                • Instruction Fuzzy Hash: BCF037762041E83F8B514EAA5C10CFB7FEDDA8E261B084156FFD8D2241C439C961ABB0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634AF88 Relevance: .0, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4a1776bd0262a8a028a6da99190069c3d1890c51bb8b1fe115e8cf88a1a2c3fa
                                                                                                                                • Instruction ID: ad0665d9428659038d58156f7b93d7c51eb41a188f6a82c35469503f43eecbe3
                                                                                                                                • Opcode Fuzzy Hash: 4a1776bd0262a8a028a6da99190069c3d1890c51bb8b1fe115e8cf88a1a2c3fa
                                                                                                                                • Instruction Fuzzy Hash: FDF052B230D2A05FC7523738AC250BD7FE4D9D665230802DBE08ACB642CA0C6A02C3E1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634B4B9 Relevance: .0, Instructions: 34COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8c2afb285b3c5836d74516e4373335fe64c462bcfc8844b168930ef9f6f68a4f
                                                                                                                                • Instruction ID: 288c5972c60054e646d08e2b33de14a64fa4d5c48e939f0395cb56f1de0d165e
                                                                                                                                • Opcode Fuzzy Hash: 8c2afb285b3c5836d74516e4373335fe64c462bcfc8844b168930ef9f6f68a4f
                                                                                                                                • Instruction Fuzzy Hash: 70F0E2703052416BC3102779E8197DABFD9EFCA365F004169F18DC3643CAB9288587A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063491E8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5f88eaf052a609e3c1407a3c8fe546fd664d9ef9796e10f0a7f944dcb5babbee
                                                                                                                                • Instruction ID: 667e5c0c03092031ab27a653442c96a8fe65b04a430a61b4a02964b87dbc5996
                                                                                                                                • Opcode Fuzzy Hash: 5f88eaf052a609e3c1407a3c8fe546fd664d9ef9796e10f0a7f944dcb5babbee
                                                                                                                                • Instruction Fuzzy Hash: D7F05E317002044B8694EAA9E980666F7E9DF88665314C46ED90EC7740DA22FC028790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063467C8 Relevance: .0, Instructions: 32COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4ee295bc6c87dadcf483812f5d6bbf4865142d31c2ed533c81c81a72386a32bc
                                                                                                                                • Instruction ID: 7e0ce026ed36b2ac5d0dab1acc9e489359b537fec2e4cd1eb8034675b0fa16f0
                                                                                                                                • Opcode Fuzzy Hash: 4ee295bc6c87dadcf483812f5d6bbf4865142d31c2ed533c81c81a72386a32bc
                                                                                                                                • Instruction Fuzzy Hash: 02F02E72B003009FC720DBA8EC02F52BBE4AB43711F068267F214CF1E2E6B0E8098780
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634C3E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2963e4ba07434970d78aae936be51d4c1428dba33252446488d037b01ddaedf3
                                                                                                                                • Instruction ID: a050fe8158a2586e3d629dc5e0539cf06e8fafea5cc548bb7b562501ca4343ca
                                                                                                                                • Opcode Fuzzy Hash: 2963e4ba07434970d78aae936be51d4c1428dba33252446488d037b01ddaedf3
                                                                                                                                • Instruction Fuzzy Hash: 35F0963020A7E14FC713973CE81979A3FE1DF86315B09089FE186CB552C6A558468751
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063454F8 Relevance: .0, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: aa0f14af833162ba513cd5c539a8fc3dee34381020e8b4f9c2d9ffd8393743a9
                                                                                                                                • Instruction ID: e0d7ca5c1651813783f8e3454623d1e9e003a06e003c0501e3271baa26152a5c
                                                                                                                                • Opcode Fuzzy Hash: aa0f14af833162ba513cd5c539a8fc3dee34381020e8b4f9c2d9ffd8393743a9
                                                                                                                                • Instruction Fuzzy Hash: 0EF02431901701CFDBA4DE21E540B77BBF2AF80325F4898ACE44746925CAB4F488CB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06349294 Relevance: .0, Instructions: 30COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 05304fc63f8a83913972d26b250aaff9232f40e372ceb31424ea9ae3f129026e
                                                                                                                                • Instruction ID: 33c1cde78c4546a7e8cf07247006a48a95c2b59f342046bc419b3e5bea795f5e
                                                                                                                                • Opcode Fuzzy Hash: 05304fc63f8a83913972d26b250aaff9232f40e372ceb31424ea9ae3f129026e
                                                                                                                                • Instruction Fuzzy Hash: 7EF0B4B5E052449FD741FBA4D8517AABBB0EB51300F0041DAE4448B7E4E774AE51DB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06348340 Relevance: .0, Instructions: 29COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 93b5e01e0cd4cf08960667518e2e904f8e4c5559c032f30cdd3ea655d7e64656
                                                                                                                                • Instruction ID: e8422eede6c7ab3f42923f38e9220b6c00845de4ff43f8602e02c5fc3b4fd30a
                                                                                                                                • Opcode Fuzzy Hash: 93b5e01e0cd4cf08960667518e2e904f8e4c5559c032f30cdd3ea655d7e64656
                                                                                                                                • Instruction Fuzzy Hash: 5EF0A776F141155BCF10DAB9AC456AFBBE9AB84261F09883BD514D3240EB30D40587A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634B4C8 Relevance: .0, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e8fa5df6fd7fe193b95a6d362ef10d49dd9c2a57d75cda49c377fc233b9f2f17
                                                                                                                                • Instruction ID: 67be59a41896be40019b9a9881a83621832367a708e0fbb0caff1e362bcf8992
                                                                                                                                • Opcode Fuzzy Hash: e8fa5df6fd7fe193b95a6d362ef10d49dd9c2a57d75cda49c377fc233b9f2f17
                                                                                                                                • Instruction Fuzzy Hash: 30E092B13005116BC7506A7AE449A9E7AD9EBCE361F40462DF14ED3A42CE69284547A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634C450 Relevance: .0, Instructions: 27COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6fa21ffd31c9282ecc667df68bc1a0340c9c9ebc7dac95e9cf5dbf7053e5e426
                                                                                                                                • Instruction ID: 92e052f02dd559c89aba03554847723a61c0ef1af1867c532c3c6115c27da904
                                                                                                                                • Opcode Fuzzy Hash: 6fa21ffd31c9282ecc667df68bc1a0340c9c9ebc7dac95e9cf5dbf7053e5e426
                                                                                                                                • Instruction Fuzzy Hash: C9F09070500B018FDB25DF26E408666BBF6FB8C301710C62EE54B83A11DB74A40ACF84
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06345698 Relevance: .0, Instructions: 26COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7f6ff349b09d37a80dd8213cf48644d85d63b386c65b3763ba3301d9bbe1bed7
                                                                                                                                • Instruction ID: 33da3afc3f0af64a0b0d84a60ff8c00418589a70e84b22a8917b7a90338e6432
                                                                                                                                • Opcode Fuzzy Hash: 7f6ff349b09d37a80dd8213cf48644d85d63b386c65b3763ba3301d9bbe1bed7
                                                                                                                                • Instruction Fuzzy Hash: 0FE06DB210D210AFD345DA35A805887BBE8EB91220B02886EE444C7141F631E841C7A5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06349237 Relevance: .0, Instructions: 26COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4d2c2fe782f7a41a36075546ca9d0f6bb439f296e17902683ff719d3b257994f
                                                                                                                                • Instruction ID: 6996ddac32e96157425ab80b86f178be7483df1cc6ecf46d1dcbfe770aa1b380
                                                                                                                                • Opcode Fuzzy Hash: 4d2c2fe782f7a41a36075546ca9d0f6bb439f296e17902683ff719d3b257994f
                                                                                                                                • Instruction Fuzzy Hash: B6F08C34E01208AFC780FFA4E995BAEBBF0AB05300F1082A9E404973A4E6705E55DF81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634C3F0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 67e1d8758d1ab5b48e1884273f4d1296c742e2fc025e082f7b1ef4c64e74d573
                                                                                                                                • Instruction ID: d3e90a514bbfaa07788041be9f669fd51989d3faa22ace04e5b34da612e228e6
                                                                                                                                • Opcode Fuzzy Hash: 67e1d8758d1ab5b48e1884273f4d1296c742e2fc025e082f7b1ef4c64e74d573
                                                                                                                                • Instruction Fuzzy Hash: 4EE065302007614FC711A73DE40979E7FE5DFC5316F04092DE246CBA41CBA56D468791
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634AF40 Relevance: .0, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a0b9283c0cb141ab02be02185b5740abfc4211abd91771ef09056d56111ef514
                                                                                                                                • Instruction ID: 6ec4bc777fe54c50479e8142905d53141fe37c2c909d87686479a79b899d5d51
                                                                                                                                • Opcode Fuzzy Hash: a0b9283c0cb141ab02be02185b5740abfc4211abd91771ef09056d56111ef514
                                                                                                                                • Instruction Fuzzy Hash: ABE0D8703141655BCB466338A4190BD7FD5DBC5623704426BE58987641CF1C295683D5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634B7D0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4983a57ca71a03283775b2cb76508a7d3f32b838facd5ce392eb515d432c0573
                                                                                                                                • Instruction ID: 5f5f019e329f53febdc17b659fdc1443af2a01c43f1312a6755035a3acdc1930
                                                                                                                                • Opcode Fuzzy Hash: 4983a57ca71a03283775b2cb76508a7d3f32b838facd5ce392eb515d432c0573
                                                                                                                                • Instruction Fuzzy Hash: 81F01535E00108EFCF41EFB4DA848CDBBB5EB04200F1482AAD905E7241EA305B45DB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06349248 Relevance: .0, Instructions: 23COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a3e7ab6329bfd37dabee69ce091605f4e745961290b5230f4673836208204906
                                                                                                                                • Instruction ID: 8edc2c58b212f38bff22fbe09a598797bcc706e3e63de9a044cc3aca774c577b
                                                                                                                                • Opcode Fuzzy Hash: a3e7ab6329bfd37dabee69ce091605f4e745961290b5230f4673836208204906
                                                                                                                                • Instruction Fuzzy Hash: 77F0ED74E41308AFC794FFA4E851BAEBBB5AB44300F1081A9E81497394EB746E55CFC1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634CF10 Relevance: .0, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e43584fa4749badd5e8e5852b2826207277dfe0aede26cc8bc4f4d70c2a82b34
                                                                                                                                • Instruction ID: df8c75e9c072ab8845d1bef8d56153f9dcbb8ded2536556e403969cd97b22fe2
                                                                                                                                • Opcode Fuzzy Hash: e43584fa4749badd5e8e5852b2826207277dfe0aede26cc8bc4f4d70c2a82b34
                                                                                                                                • Instruction Fuzzy Hash: BAE0DF3120A3808FCF02EF28F8006C83FA1FF4A620306419EE08DEB71BC6241D62C791
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634E4BF Relevance: .0, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2cf15b530895cdfbb583ca311cd2989463743dc7186dab94a6dbbb773ee6aaa7
                                                                                                                                • Instruction ID: 8c0dd5db558ab72ce870370f53d6346c43be7ff68711cdf2891ab6043c9f22d0
                                                                                                                                • Opcode Fuzzy Hash: 2cf15b530895cdfbb583ca311cd2989463743dc7186dab94a6dbbb773ee6aaa7
                                                                                                                                • Instruction Fuzzy Hash: 5BE09A71A05348EFCF02DFA8E9409A87FF0EB4621272006DEE008EB2A2D6340F209752
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 063491DA Relevance: .0, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 931246b0f57c1ff27846efb046b55adafeb9edc39f4a8413129d09d882f648fe
                                                                                                                                • Instruction ID: e0687c528306367b7a8a102c8aa54ce4a1b1f69d9324f1c9b6255b2e319a9f9a
                                                                                                                                • Opcode Fuzzy Hash: 931246b0f57c1ff27846efb046b55adafeb9edc39f4a8413129d09d882f648fe
                                                                                                                                • Instruction Fuzzy Hash: 28E0C2716042081BC380EAD8EC80757FFEDDF89751B18886EE90DCB381ED22EC018790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634AF50 Relevance: .0, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1fa63b14db33e031d5e95400b288d10d9c18e6eaf2307b6039834be26bdbb667
                                                                                                                                • Instruction ID: a4495aa6e38f1d1c615f19cda63573a51f7bce93919ad262f9b6ecc997a9f5f8
                                                                                                                                • Opcode Fuzzy Hash: 1fa63b14db33e031d5e95400b288d10d9c18e6eaf2307b6039834be26bdbb667
                                                                                                                                • Instruction Fuzzy Hash: 69D02EB1310128A7CA453328F8094BE3BEAEBC8B22301422AF54AC3700CE2C2E0283D5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634B7E0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4f4d8b94a2e4ff697dfe510e0d85b8ffddfc8cb737a4676f96801062f01d13c4
                                                                                                                                • Instruction ID: 7ec00bbb0f91414ee57e12035fd5266dd8f145a746bf9a76306fceb4a3963d86
                                                                                                                                • Opcode Fuzzy Hash: 4f4d8b94a2e4ff697dfe510e0d85b8ffddfc8cb737a4676f96801062f01d13c4
                                                                                                                                • Instruction Fuzzy Hash: 5DE09A75D0020CEFCF41DFE4D9448DDBBB9EB48200F1082AAD915A3200EB315B55DF80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634E540 Relevance: .0, Instructions: 18COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 63688b45b5e1da3a3c8dafa43b3935e9f5eba555d730a3f1e9f7b30786f5d6db
                                                                                                                                • Instruction ID: c866837422dbbfa908455c302e8afd9756c0b0aa3686e63e7c6e1e62c591e8e6
                                                                                                                                • Opcode Fuzzy Hash: 63688b45b5e1da3a3c8dafa43b3935e9f5eba555d730a3f1e9f7b30786f5d6db
                                                                                                                                • Instruction Fuzzy Hash: 43E086311012178BCA44FA14F986B84F7E5F74CB15F21511CF80A8B668C7746FAA8BD4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634FBA2 Relevance: .0, Instructions: 18COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 50ab6cc4c5235247e66a8b88eb510d1d06edaab218f9dc5e9768f33158639ff6
                                                                                                                                • Instruction ID: e27562d96cffdc63ef119e6dcf7f1ab7315031692c216798932b85fbedc1598b
                                                                                                                                • Opcode Fuzzy Hash: 50ab6cc4c5235247e66a8b88eb510d1d06edaab218f9dc5e9768f33158639ff6
                                                                                                                                • Instruction Fuzzy Hash: C7D05E2175E3E11B871362AC78140696FA6D9CB66635A01DFE445CB247C9644C1583A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634E4D0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: efa0feb6945d6d992185dab5a2aa15dbba3ae7161d65a47d785583defa6b9dde
                                                                                                                                • Instruction ID: 5935b4264904654fdb7d3a9d698c91408dbb7ac88382a65566ab64045f8e3687
                                                                                                                                • Opcode Fuzzy Hash: efa0feb6945d6d992185dab5a2aa15dbba3ae7161d65a47d785583defa6b9dde
                                                                                                                                • Instruction Fuzzy Hash: E8D01271A01208FF8F00EFA8E90155D7BF5EB44215B10459DE40DE3741EA351F109790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634EBB8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 55b6a600509a935fb9426c2c94b6f864728c19bdb97ba3a41b75792a5d51afad
                                                                                                                                • Instruction ID: 0aa41e3a0d803952a1052eb956befab22d3d7feebd70507469df621a366ab9d8
                                                                                                                                • Opcode Fuzzy Hash: 55b6a600509a935fb9426c2c94b6f864728c19bdb97ba3a41b75792a5d51afad
                                                                                                                                • Instruction Fuzzy Hash: 11E05B3529D3849FC703DB68D8548547F75BF4661075444CBF584CF533C2769824DB11
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634FF4C Relevance: .0, Instructions: 15COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7d8956f9a67d41702ccf13ba3dc4ee4899692399b0ab3529a23c7dfc732697b5
                                                                                                                                • Instruction ID: 8cf079465a8606099571c4b29f531ec4f2cbe5ac1309df64a75216a4ff1215c9
                                                                                                                                • Opcode Fuzzy Hash: 7d8956f9a67d41702ccf13ba3dc4ee4899692399b0ab3529a23c7dfc732697b5
                                                                                                                                • Instruction Fuzzy Hash: D1D02236304011834F002928B8054D9BF82C6D32727288327E2B051EE0C620011BD2E0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06343721 Relevance: .0, Instructions: 8COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fccc79b5cd40a1817b62e58f0f7f87263934fc3880555dc6e842433715df0307
                                                                                                                                • Instruction ID: 729c00e655a40dde57f69717c5f97c40258052357332f2a4dc04847e65defe0d
                                                                                                                                • Opcode Fuzzy Hash: fccc79b5cd40a1817b62e58f0f7f87263934fc3880555dc6e842433715df0307
                                                                                                                                • Instruction Fuzzy Hash: 5EC09BF25655400BE30555745D06F477F149760346F0B98665202971C6D965D04199B1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Non-executed Functions

                                                                                                                                Function 06992E88 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $dq$$dq
                                                                                                                                • API String ID: 0-2340669324
                                                                                                                                • Opcode ID: 2c5e60a3d3bc96c7340b312f69d2399f4c91447a122042f5a9ccdb5947d21538
                                                                                                                                • Instruction ID: 98c4c489b4655dbb52053e91cdf57a599fc0ffa5c9152f981ce82dc969ea1dc1
                                                                                                                                • Opcode Fuzzy Hash: 2c5e60a3d3bc96c7340b312f69d2399f4c91447a122042f5a9ccdb5947d21538
                                                                                                                                • Instruction Fuzzy Hash: 4861CE74E002089FDB54DFA9C880ADDBBF2FF89310F649069E405BB265DB34A986CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0699F078 Relevance: 1.8, Strings: 1, Instructions: 540COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 0oGp
                                                                                                                                • API String ID: 0-2111374174
                                                                                                                                • Opcode ID: 5aef3277e447cad5e1daf5ca6c1c3f040a7a50371211ae86bb38fb0e79500f75
                                                                                                                                • Instruction ID: 6e929353869e746da7b418e5551b187cb95bb3bccbddbaee636e09203f1010b6
                                                                                                                                • Opcode Fuzzy Hash: 5aef3277e447cad5e1daf5ca6c1c3f040a7a50371211ae86bb38fb0e79500f75
                                                                                                                                • Instruction Fuzzy Hash: C7428F74E012288FDB64DF69C994BDDBBB2BF89300F1095E9D509AB264DB349E81CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06996050 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: \VWj
                                                                                                                                • API String ID: 0-2419293905
                                                                                                                                • Opcode ID: abaa7e893eaabf23aec6d1db115e961e33e4eaa53293c5aef26b48186081309f
                                                                                                                                • Instruction ID: 023bbb9248dc5e99195bc34f824ccadbc4525701bc05ad35235a5cade0b1fd2e
                                                                                                                                • Opcode Fuzzy Hash: abaa7e893eaabf23aec6d1db115e961e33e4eaa53293c5aef26b48186081309f
                                                                                                                                • Instruction Fuzzy Hash: 73916F70E002099FEF64CFADD98179DBBF6BF89304F248529D405E7694EB349846CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06346FE8 Relevance: .8, Instructions: 784COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d00c0dcb633772ae8486898d28b456bda4b7fabb6ffdd22704e729f33b667760
                                                                                                                                • Instruction ID: 43fed08a31b91600a196afb14e3075c0a4d1bb4e075342254529a23be05186e9
                                                                                                                                • Opcode Fuzzy Hash: d00c0dcb633772ae8486898d28b456bda4b7fabb6ffdd22704e729f33b667760
                                                                                                                                • Instruction Fuzzy Hash: 476222B06002009BD748DF68D45475ABEE6EB88309F64C85CD10D9F396DFBADA4B8B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06346FF8 Relevance: .8, Instructions: 780COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1df2a027833bd39bf76943bb1ce5cdcff75461f569686557f62990119fb7a4d9
                                                                                                                                • Instruction ID: a537de14abbed29abf55ae795a72fc663c49b6d7c0dedbadfe889f886937dea1
                                                                                                                                • Opcode Fuzzy Hash: 1df2a027833bd39bf76943bb1ce5cdcff75461f569686557f62990119fb7a4d9
                                                                                                                                • Instruction Fuzzy Hash: B06221B07002009BD748DF68D45475ABEE6EB88309F64C85CD10D9F396DFBADA4B8B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 05130040 Relevance: .3, Instructions: 315COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858067786.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5130000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6604955d93c9dac7a4eac8b4cdb9a2c3b2b529b0800300c39eb1d353d6ebfc48
                                                                                                                                • Instruction ID: acfc53032ccce257c5c8be33c09bd6f2bd6780f4ba621433a16b701fb92dc6c3
                                                                                                                                • Opcode Fuzzy Hash: 6604955d93c9dac7a4eac8b4cdb9a2c3b2b529b0800300c39eb1d353d6ebfc48
                                                                                                                                • Instruction Fuzzy Hash: 181296B4422B45AED320CF65ED4E9AD3FB2B745324B904219EAE11A2E1DFBC154BCF44
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 02B9DC74 Relevance: .3, Instructions: 264COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1834835766.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2b90000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ea1731aa9126946091d955a2c4df1b707373344128ca5d30a18c2c71f68df6d1
                                                                                                                                • Instruction ID: 34d55d5aef9bd8bb1587ed46be651986fc59ecba1e68bace401612fdd5a1ce92
                                                                                                                                • Opcode Fuzzy Hash: ea1731aa9126946091d955a2c4df1b707373344128ca5d30a18c2c71f68df6d1
                                                                                                                                • Instruction Fuzzy Hash: 37A16E32A102168FCF05DFB5C8805EEBBB2FF85310B1585BAE805AB265DB75D956CF80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 05130006 Relevance: .2, Instructions: 236COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858067786.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5130000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 046ac9ccfa112f03141bf3e2caf73d8c25c2265c057ed2323b26511eb74d401b
                                                                                                                                • Instruction ID: 1cd3c884657796382e9c0967fbb013424db134c9906e2198cf05e3cf81d4b312
                                                                                                                                • Opcode Fuzzy Hash: 046ac9ccfa112f03141bf3e2caf73d8c25c2265c057ed2323b26511eb74d401b
                                                                                                                                • Instruction Fuzzy Hash: 39C1F7B0422B45AED721CF25EC4A9AD7FB2BB85324F504219E5A16B2E1DFBC144BCF44
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0699E598 Relevance: .2, Instructions: 199COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fdb6569dd846ad7b4b0340abcd0073ddc2bb09e0f46f8a1f26d7562d38fa1a88
                                                                                                                                • Instruction ID: 8fc5a92f5a7862f35d50eb24873bc0d27bf39201cc41699dc8afd4f276357c7d
                                                                                                                                • Opcode Fuzzy Hash: fdb6569dd846ad7b4b0340abcd0073ddc2bb09e0f46f8a1f26d7562d38fa1a88
                                                                                                                                • Instruction Fuzzy Hash: AE91A5B0D012288FDB64DF69C951B9EBBB2BF89300F1091EAD409B7654DB345E85CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 06998D99 Relevance: .1, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d809099c899c8a6297f3d7dec33a88b497f9f86209059e5fe7950827939fd523
                                                                                                                                • Instruction ID: 2aa18c18d9c6b416971ba0c20b15c3802d1b745afe9742d71c4a2e627a4f624c
                                                                                                                                • Opcode Fuzzy Hash: d809099c899c8a6297f3d7dec33a88b497f9f86209059e5fe7950827939fd523
                                                                                                                                • Instruction Fuzzy Hash: A731C271E056188BEB58CFABD8406DEFBF7AFC9300F18D12AD419AB614EB301946CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0699E4F4 Relevance: .0, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a06a4b814bca105f3a86b108dc372af8b008d550ee622a015cd5d4f4be4a7ee4
                                                                                                                                • Instruction ID: f0d3c2549c66d374a5d0ae487e56f4698347078b060d405b680805250b5a7efb
                                                                                                                                • Opcode Fuzzy Hash: a06a4b814bca105f3a86b108dc372af8b008d550ee622a015cd5d4f4be4a7ee4
                                                                                                                                • Instruction Fuzzy Hash: 3FF0C970C44219CFEFA0DF58D8987BEBA74AF0A305F105459D006B3990DB748A84DF96
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0699A8A3 Relevance: .0, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1859287499.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6990000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cde9a9ff45075609a2aad648fa2bd2c62745bc790141fe82db579054cccf500f
                                                                                                                                • Instruction ID: cec1c8989cf6c34ec3f8ed168fdde0dae91345230dba6f0610fff426adbc689c
                                                                                                                                • Opcode Fuzzy Hash: cde9a9ff45075609a2aad648fa2bd2c62745bc790141fe82db579054cccf500f
                                                                                                                                • Instruction Fuzzy Hash: 3DE09A30C4610ECEEF588FAAC1197FFF634EB81200FA06845840277680DB708A468EB5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634E587 Relevance: 46.6, Strings: 37, Instructions: 387COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j
                                                                                                                                • API String ID: 0-3555537224
                                                                                                                                • Opcode ID: ce71ca04160aaab7693f6d3b2f72bcc0cea94d864c115b4c97c2ff5084548938
                                                                                                                                • Instruction ID: 09eed469d374d9ca8bab19113bf9eb45cbcea5ed2be8efa21a21bff42fb32473
                                                                                                                                • Opcode Fuzzy Hash: ce71ca04160aaab7693f6d3b2f72bcc0cea94d864c115b4c97c2ff5084548938
                                                                                                                                • Instruction Fuzzy Hash: 6AD1A0307147126FC205A6B4DC92BBDAAD3BB8A701B845828E10D4FB95EF712E594397
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634E598 Relevance: 46.6, Strings: 37, Instructions: 383COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j
                                                                                                                                • API String ID: 0-3555537224
                                                                                                                                • Opcode ID: 802679a855c68114b637745c20986cd03d8393ab461bf4de20db61ce8666a240
                                                                                                                                • Instruction ID: 1b9a29ee13113e8de2559dece8135ac0c30c18ff50196b540d9408219430eb46
                                                                                                                                • Opcode Fuzzy Hash: 802679a855c68114b637745c20986cd03d8393ab461bf4de20db61ce8666a240
                                                                                                                                • Instruction Fuzzy Hash: 84D1AF307147026FC205B6B4DC92BBDAAD3BB8A701B845838E10D4FB95EFB12E594397
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634CF57 Relevance: 16.4, Strings: 13, Instructions: 148COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j
                                                                                                                                • API String ID: 0-3976991907
                                                                                                                                • Opcode ID: 4a5e66f0630d6c457182e3be9f3336ee34d146b24b461c4791b25241ed9b6d1c
                                                                                                                                • Instruction ID: e18bd1a5729a344c3a53d49df91ed094f9b44f998a0c762939dc2ac875163949
                                                                                                                                • Opcode Fuzzy Hash: 4a5e66f0630d6c457182e3be9f3336ee34d146b24b461c4791b25241ed9b6d1c
                                                                                                                                • Instruction Fuzzy Hash: 7841B4303047026FD305A6B4D8927BD6AD3FB8A701B844C38E20D4FA96DF752E994397
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634CF68 Relevance: 16.4, Strings: 13, Instructions: 143COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j
                                                                                                                                • API String ID: 0-3976991907
                                                                                                                                • Opcode ID: 7b5c086bbe94975f98c6db8004ab577f7ecbd60379e8997c0c40ceb02cfa80c0
                                                                                                                                • Instruction ID: 2233d95d95b132c5cdb1a0820b18622c2cc191321c7a312aef452abb3851b3ff
                                                                                                                                • Opcode Fuzzy Hash: 7b5c086bbe94975f98c6db8004ab577f7ecbd60379e8997c0c40ceb02cfa80c0
                                                                                                                                • Instruction Fuzzy Hash: A241A4303147126FD605A6B4D8827BE6AD3FB8A701B844C38E20D4FE85DF756E594397
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634D1A9 Relevance: 10.1, Strings: 8, Instructions: 99COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j
                                                                                                                                • API String ID: 0-1603575766
                                                                                                                                • Opcode ID: 92505009beeb53b6ce4ecc15b0387b5d1d9edf940c9ecaba23912be3e8da767e
                                                                                                                                • Instruction ID: 8acbe0bdb76b25046d25431ff4a5e80af6d15614f39efc15924156d0d4fc649b
                                                                                                                                • Opcode Fuzzy Hash: 92505009beeb53b6ce4ecc15b0387b5d1d9edf940c9ecaba23912be3e8da767e
                                                                                                                                • Instruction Fuzzy Hash: 2531B9307043426FC706A6B498817BD6ED3BB8A700B845938E10D8FA96DF752E594397
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634D1B8 Relevance: 10.1, Strings: 8, Instructions: 93COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: D|j$D|j$D|j$D|j$D|j$D|j$D|j$D|j
                                                                                                                                • API String ID: 0-1603575766
                                                                                                                                • Opcode ID: a2aae3d4942ab0cec960ea0e916e87f3ecb02ff3d37a91b1604b3da1fc40819e
                                                                                                                                • Instruction ID: 53548c856134c7291b98e21d9ab7457379f436f580ed9f1ddd83518233b2e67a
                                                                                                                                • Opcode Fuzzy Hash: a2aae3d4942ab0cec960ea0e916e87f3ecb02ff3d37a91b1604b3da1fc40819e
                                                                                                                                • Instruction Fuzzy Hash: 6F21C8307143122FC605A6B4D8827BDAAD3FB8A700B845838E20D4FB85DF752E994397
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634CC40 Relevance: 8.8, Strings: 7, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: D|j$D|j$D|j$D|j$D|j$D|j$D|j
                                                                                                                                • API String ID: 0-1109028299
                                                                                                                                • Opcode ID: 79802431b241419692d76e09fcd3f9be33b8a23558d02fb1c74cc696eb1f9778
                                                                                                                                • Instruction ID: b6ef74a8e104697381cd522c42558af40373384c2caa1748699628c4d6c12a20
                                                                                                                                • Opcode Fuzzy Hash: 79802431b241419692d76e09fcd3f9be33b8a23558d02fb1c74cc696eb1f9778
                                                                                                                                • Instruction Fuzzy Hash: 043181303006816FCB052BA4D852ABD7FE3FB8A7017445478E10ADFB95DE705E9A8B92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634CC50 Relevance: 8.8, Strings: 7, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: D|j$D|j$D|j$D|j$D|j$D|j$D|j
                                                                                                                                • API String ID: 0-1109028299
                                                                                                                                • Opcode ID: aef670c8e78bab7aa4c283e417b16532210d90ffbe1fe1ebb142588a56e7cb33
                                                                                                                                • Instruction ID: 0e9beda9c436d7c255743c7929eb399d74567a5e356d9813f482c25adc4a6d86
                                                                                                                                • Opcode Fuzzy Hash: aef670c8e78bab7aa4c283e417b16532210d90ffbe1fe1ebb142588a56e7cb33
                                                                                                                                • Instruction Fuzzy Hash: FD21B4303006466FCB013BA4DC52ABD7BE3FB8A7017445438F10A9FB95DE705E9A8B92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634D7F8 Relevance: 7.6, Strings: 6, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: D|j$D|j$D|j$D|j$D|j$D|j
                                                                                                                                • API String ID: 0-3256744231
                                                                                                                                • Opcode ID: 318109dcd972af3a0f0359e41e94b1b4cb1341965426dda911a5659f55ba33c4
                                                                                                                                • Instruction ID: 7c1be039e84a69e48bd98ad04a6cc4fa88b6bf7b89f6409c4f68d007e5bfe7f3
                                                                                                                                • Opcode Fuzzy Hash: 318109dcd972af3a0f0359e41e94b1b4cb1341965426dda911a5659f55ba33c4
                                                                                                                                • Instruction Fuzzy Hash: 5A21DD317043422FC30267B8D891BBD6ED3FB86714B844978E1098FA96DF715E994393
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634D808 Relevance: 7.6, Strings: 6, Instructions: 73COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: D|j$D|j$D|j$D|j$D|j$D|j
                                                                                                                                • API String ID: 0-3256744231
                                                                                                                                • Opcode ID: f82d33711a88e2d59137e9f5436f3aedd19d2ea9986face0e35378a050f02202
                                                                                                                                • Instruction ID: 7e2a9b0bd5513c9a08a3e06f2138a719d6ad08610ca82f697d6cc8d4a44370a1
                                                                                                                                • Opcode Fuzzy Hash: f82d33711a88e2d59137e9f5436f3aedd19d2ea9986face0e35378a050f02202
                                                                                                                                • Instruction Fuzzy Hash: 7511D8307043522FC30166A5D882B7DAAD3FB8AB00B844938E10D4FA85DF722E594393
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0634EFD0 Relevance: 5.2, Strings: 4, Instructions: 241COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1858541045.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_6340000_pdhmXuEYmc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: (_dq$(_dq$(_dq$(_dq
                                                                                                                                • API String ID: 0-2092114380
                                                                                                                                • Opcode ID: c602e82c6690d79761af5f773df070185bb92e5093221124e66dce14f353376d
                                                                                                                                • Instruction ID: 1ca0971a463d341e481c64631f387fe0b90b02b24e93f259c4e1c8911875e6b2
                                                                                                                                • Opcode Fuzzy Hash: c602e82c6690d79761af5f773df070185bb92e5093221124e66dce14f353376d
                                                                                                                                • Instruction Fuzzy Hash: 21919E78B042449FCB45AF78C4145AE7BF2EF89350B64806EEC06DB382DA35DE46CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%