Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BARSYL SHIPPING Co (VIETNAM).exe

Overview

General Information

Sample name:BARSYL SHIPPING Co (VIETNAM).exe
Analysis ID:1430678
MD5:5385333a8618dac516b8b33b0bbf11a1
SHA1:3a1171327abe7aefeb85914afae6ec6c8bfbe6e0
SHA256:6c06c665c435cf95787310f59e984006711d50bf091ae610cb4440abae1448c4
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
Contains functionality to log keystrokes (.Net Source)
Contains functionality to register a low level keyboard hook
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Suspicious powershell command line found
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • BARSYL SHIPPING Co (VIETNAM).exe (PID: 8092 cmdline: "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe" MD5: 5385333A8618DAC516B8B33B0BBF11A1)
    • powershell.exe (PID: 6944 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7640 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wpvgIECypA.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 8212 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 5688 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp6A32.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegSvcs.exe (PID: 1384 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
  • wpvgIECypA.exe (PID: 6012 cmdline: C:\Users\user\AppData\Roaming\wpvgIECypA.exe MD5: 5385333A8618DAC516B8B33B0BBF11A1)
    • schtasks.exe (PID: 8360 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp80E7.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 8372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegSvcs.exe (PID: 8408 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
  • BjTxJte.exe (PID: 8524 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
    • conhost.exe (PID: 8532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • BjTxJte.exe (PID: 8800 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
    • conhost.exe (PID: 8808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.starmech.net", "Username": "electronics@starmech.net", "Password": "nics123"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.3759975358.0000000002B6B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    0000000E.00000002.3759975358.0000000002B6B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000009.00000002.1376206083.0000000002FDC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000009.00000002.1376206083.0000000002FB1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000009.00000002.1376206083.0000000002FB1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 17 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            10.2.wpvgIECypA.exe.4ac9bf8.11.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              10.2.wpvgIECypA.exe.4ac9bf8.11.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                10.2.wpvgIECypA.exe.4ac9bf8.11.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x31d8a:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x31dfc:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x31e86:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x31f18:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x31f82:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x31ff4:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x3208a:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x3211a:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 22 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", ParentImage: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe, ParentProcessId: 8092, ParentProcessName: BARSYL SHIPPING Co (VIETNAM).exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", ProcessId: 6944, ProcessName: powershell.exe
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 1384, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BjTxJte
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", ParentImage: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe, ParentProcessId: 8092, ParentProcessName: BARSYL SHIPPING Co (VIETNAM).exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", ProcessId: 6944, ProcessName: powershell.exe
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp80E7.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp80E7.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\wpvgIECypA.exe, ParentImage: C:\Users\user\AppData\Roaming\wpvgIECypA.exe, ParentProcessId: 6012, ParentProcessName: wpvgIECypA.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp80E7.tmp", ProcessId: 8360, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 207.174.215.249, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, Initiated: true, ProcessId: 1384, Protocol: tcp, SourceIp: 192.168.2.10, SourceIsIpv6: false, SourcePort: 49709
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp6A32.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp6A32.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", ParentImage: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe, ParentProcessId: 8092, ParentProcessName: BARSYL SHIPPING Co (VIETNAM).exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp6A32.tmp", ProcessId: 5688, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", ParentImage: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe, ParentProcessId: 8092, ParentProcessName: BARSYL SHIPPING Co (VIETNAM).exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", ProcessId: 6944, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp6A32.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp6A32.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe", ParentImage: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe, ParentProcessId: 8092, ParentProcessName: BARSYL SHIPPING Co (VIETNAM).exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp6A32.tmp", ProcessId: 5688, ProcessName: schtasks.exe

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.starmech.net", "Username": "electronics@starmech.net", "Password": "nics123"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeReversingLabs: Detection: 54%
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeVirustotal: Detection: 33%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: BARSYL SHIPPING Co (VIETNAM).exeReversingLabs: Detection: 54%
                    Source: BARSYL SHIPPING Co (VIETNAM).exeVirustotal: Detection: 33%Perma Link
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: BARSYL SHIPPING Co (VIETNAM).exeJoe Sandbox ML: detected
                    Source: BARSYL SHIPPING Co (VIETNAM).exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.10:49708 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.10:49712 version: TLS 1.2
                    Source: BARSYL SHIPPING Co (VIETNAM).exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: RegSvcs.pdb, source: RegSvcs.exe, 00000009.00000002.1381456082.0000000006100000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 0000000F.00000000.1427537677.0000000000BC2000.00000002.00000001.01000000.0000000E.sdmp, BjTxJte.exe.9.dr
                    Source: Binary string: RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.1381456082.0000000006100000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 0000000F.00000000.1427537677.0000000000BC2000.00000002.00000001.01000000.0000000E.sdmp, BjTxJte.exe.9.dr
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\NULLJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbxJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\NULLJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\AdobeJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\AcrobatJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Users\user\AppData\Local\Temp\acrocef_low\NULLJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 4x nop then jmp 0187B56Ch0_2_0187B776
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 4x nop then jmp 02D2AA2Ch10_2_02D2AC36
                    Source: global trafficTCP traffic: 192.168.2.10:49709 -> 207.174.215.249:587
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewASN Name: PUBLIC-DOMAIN-REGISTRYUS PUBLIC-DOMAIN-REGISTRYUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: global trafficTCP traffic: 192.168.2.10:49709 -> 207.174.215.249:587
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownDNS traffic detected: queries for: api.ipify.org
                    Source: RegSvcs.exe, 00000009.00000002.1376206083.0000000002FDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.starmech.net
                    Source: RegSvcs.exe, 00000009.00000002.1381456082.0000000006100000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1373558252.00000000010F5000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1376206083.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3785470663.00000000094A2000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3773435120.0000000005DC7000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3759975358.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3759975358.0000000002BDE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3772385659.0000000005D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
                    Source: RegSvcs.exe, 00000009.00000002.1381456082.0000000006100000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1373558252.00000000010F5000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1376206083.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3785470663.00000000094A2000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3773435120.0000000005DC7000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3759975358.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3759975358.0000000002BDE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3772385659.0000000005D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1335233850.0000000003475000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1376206083.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, wpvgIECypA.exe, 0000000A.00000002.1391661425.0000000002FB5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3759975358.0000000002B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, wpvgIECypA.exe.0.drString found in binary or memory: http://tempuri.org/DataSet1.xsd
                    Source: RegSvcs.exe, 00000009.00000002.1381456082.0000000006100000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1376206083.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3785470663.00000000094A2000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3758104376.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3772385659.0000000005D11000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3758874259.0000000000EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: RegSvcs.exe, 00000009.00000002.1381456082.0000000006100000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1376206083.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3785470663.00000000094A2000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3758104376.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3772385659.0000000005D11000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3758874259.0000000000EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1339206516.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1370919411.0000000000402000.00000040.00000400.00020000.00000000.sdmp, wpvgIECypA.exe, 0000000A.00000002.1396381178.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1339206516.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1376206083.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1370919411.0000000000402000.00000040.00000400.00020000.00000000.sdmp, wpvgIECypA.exe, 0000000A.00000002.1396381178.0000000004AC9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3759975358.0000000002B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: RegSvcs.exe, 00000009.00000002.1376206083.0000000002F61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: RegSvcs.exe, 00000009.00000002.1376206083.0000000002F61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.10:49708 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.10:49712 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, cPKWk.cs.Net Code: BFizZFdmpI1
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4f890d0.10.raw.unpack, cPKWk.cs.Net Code: BFizZFdmpI1
                    Contains functionality to register a low level keyboard hook
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06759100 SetWindowsHookExA 0000000D,00000000,?,?,?,?,?,?,?,?,?,06759DF0,00000000,000000009_2_06759100
                    Installs a global keyboard hook
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow created: window name: CLIPBRDWNDCLASS

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 10.2.wpvgIECypA.exe.4ac9bf8.11.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4f890d0.10.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 9.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 10.2.wpvgIECypA.exe.4b04e18.9.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 10.2.wpvgIECypA.exe.4b04e18.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4f890d0.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 10.2.wpvgIECypA.exe.4ac9bf8.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_0164DAFC0_2_0164DAFC
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_0187D4C80_2_0187D4C8
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_01871F400_2_01871F40
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_018750080_2_01875008
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_018758670_2_01875867
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_01874BD00_2_01874BD0
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_018774E80_2_018774E8
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_018754400_2_01875440
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F47B00_2_078F47B0
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F96E00_2_078F96E0
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F5A910_2_078F5A91
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F99E90_2_078F99E9
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F69500_2_078F6950
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F50280_2_078F5028
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F472F0_2_078F472F
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F96D00_2_078F96D0
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F86E80_2_078F86E8
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F3C910_2_078F3C91
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F8CA00_2_078F8CA0
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F54F00_2_078F54F0
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F8A580_2_078F8A58
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F8A680_2_078F8A68
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078FE1A80_2_078FE1A8
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078FE1B80_2_078FE1B8
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F69170_2_078F6917
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078FA9780_2_078FA978
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078FC0900_2_078FC090
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078FC0A00_2_078FC0A0
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F78320_2_078F7832
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F78400_2_078F7840
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F68600_2_078F6860
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_011BEB809_2_011BEB80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_011B4AC89_2_011B4AC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_011BADF89_2_011BADF8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_011B3EB09_2_011B3EB0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_011B41F89_2_011B41F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06750A549_2_06750A54
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_067520039_2_06752003
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_067520089_2_06752008
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06752CF79_2_06752CF7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0675F1009_2_0675F100
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_067666189_2_06766618
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_067634A09_2_067634A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_067655E09_2_067655E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06767DA09_2_06767DA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_067676C09_2_067676C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0676E3D09_2_0676E3D0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_067600409_2_06760040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06765D189_2_06765D18
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_067600169_2_06760016
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_02D2C98810_2_02D2C988
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_02D21F5010_2_02D21F50
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_02D24BD010_2_02D24BD0
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_02D2587810_2_02D25878
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_02D2500810_2_02D25008
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_02D24FF710_2_02D24FF7
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_02D21F4010_2_02D21F40
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_02D274E810_2_02D274E8
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_02D2544010_2_02D25440
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_051CDAFC10_2_051CDAFC
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_052F050810_2_052F0508
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_052F051810_2_052F0518
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A99F810_2_089A99F8
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A695010_2_089A6950
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A5AA010_2_089A5AA0
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A503810_2_089A5038
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A96E010_2_089A96E0
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A47B010_2_089A47B0
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A783210_2_089A7832
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A784010_2_089A7840
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A686010_2_089A6860
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A99E910_2_089A99E9
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089AA97810_2_089AA978
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089AA96810_2_089AA968
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A5A9110_2_089A5A91
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A8A5810_2_089A8A58
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A8A6810_2_089A8A68
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A3C9110_2_089A3C91
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A3CA010_2_089A3CA0
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A8CA010_2_089A8CA0
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089AC09010_2_089AC090
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089AC0A010_2_089AC0A0
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A502810_2_089A5028
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089AE1B810_2_089AE1B8
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089AE1A810_2_089AE1A8
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A92A810_2_089A92A8
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A54F010_2_089A54F0
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089AA5F010_2_089AA5F0
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A550010_2_089A5500
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A96D010_2_089A96D0
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A86F810_2_089A86F8
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A86E810_2_089A86E8
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A471810_2_089A4718
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_0297E19014_2_0297E190
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_029741F814_2_029741F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_02974AC814_2_02974AC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_0297EB4D14_2_0297EB4D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_02973EB014_2_02973EB0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_0297AEAA14_2_0297AEAA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_0297067814_2_02970678
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063D0A6C14_2_063D0A6C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063D200814_2_063D2008
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063D200214_2_063D2002
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063D2CF614_2_063D2CF6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063E661014_2_063E6610
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063EB42414_2_063EB424
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063E349814_2_063E3498
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063E7D9814_2_063E7D98
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063E55D814_2_063E55D8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063EC1A014_2_063EC1A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063E76B814_2_063E76B8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063E274A14_2_063E274A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063E5CFF14_2_063E5CFF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063EE3C814_2_063EE3C8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063E004014_2_063E0040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063E000614_2_063E0006
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000000.1289075450.0000000000E2A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOxoT.exeB vs BARSYL SHIPPING Co (VIETNAM).exe
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1335233850.00000000034D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename2d8b1906-b358-437e-8bd5-9446514c9756.exe4 vs BARSYL SHIPPING Co (VIETNAM).exe
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1339206516.0000000004F89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename2d8b1906-b358-437e-8bd5-9446514c9756.exe4 vs BARSYL SHIPPING Co (VIETNAM).exe
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1339206516.0000000004C1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs BARSYL SHIPPING Co (VIETNAM).exe
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1334150555.00000000017E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs BARSYL SHIPPING Co (VIETNAM).exe
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1349145305.00000000078D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs BARSYL SHIPPING Co (VIETNAM).exe
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1335233850.0000000003241000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs BARSYL SHIPPING Co (VIETNAM).exe
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1333690874.000000000144E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs BARSYL SHIPPING Co (VIETNAM).exe
                    Source: BARSYL SHIPPING Co (VIETNAM).exeBinary or memory string: OriginalFilenameOxoT.exeB vs BARSYL SHIPPING Co (VIETNAM).exe
                    Source: BARSYL SHIPPING Co (VIETNAM).exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 10.2.wpvgIECypA.exe.4ac9bf8.11.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4f890d0.10.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 9.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 10.2.wpvgIECypA.exe.4b04e18.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 10.2.wpvgIECypA.exe.4b04e18.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4f890d0.10.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 10.2.wpvgIECypA.exe.4ac9bf8.11.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: BARSYL SHIPPING Co (VIETNAM).exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: wpvgIECypA.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, cPs8D.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, 72CF8egH.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, G5CXsdn.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, 3uPsILA6U.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, 6oQOw74dfIt.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, aMIWm.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, HrG4M4DBRtPV58boTJ.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, HrG4M4DBRtPV58boTJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, HrG4M4DBRtPV58boTJ.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, NXGE22Z6sxCIN5BpHE.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, HrG4M4DBRtPV58boTJ.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, HrG4M4DBRtPV58boTJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, HrG4M4DBRtPV58boTJ.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, NXGE22Z6sxCIN5BpHE.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@23/19@2/2
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile created: C:\Users\user\AppData\Roaming\wpvgIECypA.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7416:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMutant created: \Sessions\1\BaseNamedObjects\LYPeSgLAUVUUbdShexBa
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1436:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7456:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8532:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8372:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8808:120:WilError_03
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile created: C:\Users\user\AppData\Local\Temp\tmp6A32.tmpJump to behavior
                    Source: BARSYL SHIPPING Co (VIETNAM).exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: BARSYL SHIPPING Co (VIETNAM).exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: RegSvcs.exe, 0000000E.00000002.3758874259.0000000000EB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM Win32_Processor);
                    Source: BARSYL SHIPPING Co (VIETNAM).exeReversingLabs: Detection: 54%
                    Source: BARSYL SHIPPING Co (VIETNAM).exeVirustotal: Detection: 33%
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile read: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe:Zone.IdentifierJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe"
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wpvgIECypA.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp6A32.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\wpvgIECypA.exe C:\Users\user\AppData\Roaming\wpvgIECypA.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp80E7.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe"Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wpvgIECypA.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp6A32.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp80E7.tmp"
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: textshaping.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: ntmarta.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: BARSYL SHIPPING Co (VIETNAM).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: BARSYL SHIPPING Co (VIETNAM).exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: RegSvcs.pdb, source: RegSvcs.exe, 00000009.00000002.1381456082.0000000006100000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 0000000F.00000000.1427537677.0000000000BC2000.00000002.00000001.01000000.0000000E.sdmp, BjTxJte.exe.9.dr
                    Source: Binary string: RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.1381456082.0000000006100000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 0000000F.00000000.1427537677.0000000000BC2000.00000002.00000001.01000000.0000000E.sdmp, BjTxJte.exe.9.dr

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: BARSYL SHIPPING Co (VIETNAM).exe, Form1.cs.Net Code: InitializeComponent
                    Source: wpvgIECypA.exe.0.dr, Form1.cs.Net Code: InitializeComponent
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, HrG4M4DBRtPV58boTJ.cs.Net Code: XpWOxgDQVk System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, HrG4M4DBRtPV58boTJ.cs.Net Code: XpWOxgDQVk System.Reflection.Assembly.Load(byte[])
                    Suspicious powershell command line found
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe"
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe"Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_0164D45A push eax; ret 0_2_0164D461
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F639D pushad ; retf 0_2_078F639E
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeCode function: 0_2_078F63A7 pushad ; retf 0_2_078F63A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_011B0C95 push edi; retf 9_2_011B0C3A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_011B0CB5 push edi; ret 9_2_011B0CC2
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_051CD45A push eax; ret 10_2_051CD461
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A639D pushad ; retf 10_2_089A639E
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeCode function: 10_2_089A63A7 pushad ; retf 10_2_089A63A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_02970C95 push edi; retf 14_2_02970C3A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_02970CB5 push edi; ret 14_2_02970CC2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 14_2_063D9340 push es; ret 14_2_063D934C
                    Source: BARSYL SHIPPING Co (VIETNAM).exeStatic PE information: section name: .text entropy: 7.943943023810395
                    Source: wpvgIECypA.exe.0.drStatic PE information: section name: .text entropy: 7.943943023810395
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, W5YO8oY2oNhQ8f9D99.csHigh entropy of concatenated method names: 'yvDg0V6hkl', 'gIKgjBcn3Y', 'K8ngx9mRMU', 'iYwg6Pbw7S', 'ExUgkpgVMs', 'kLDgdVhFoD', 'qwwg1ockWp', 'lEngZWOO5l', 'dqlgqlrH3c', 'eP9gvLd3Mf'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, sTHEXKfYHuk1awm6nx.csHigh entropy of concatenated method names: 'CKunlEl5c3', 'MvwnHrvUMI', 'Ag1ncWJm2o', 'aVunt6Z90S', 'rQ8nIf8KbT', 'ag6nicNLrv', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, robPgsoG3t14kq7cBx.csHigh entropy of concatenated method names: 'Exlgh2onWW', 'Y4rgPufJ13', 'TXYgeqatMU', 'b27eyK1gUT', 'RceeziY2gp', 'AD5gRPE045', 'i1UgVyxWvu', 'M6ngBNkhGk', 'm4Pg9KHA13', 'BPGgOGiJZT'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, LAN4VLV9pcs1igLjHkO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'bgLXIrDKLI', 'CnmXw3ay09', 'C4hXGXZOZx', 'zH4X3Oo3mf', 'hlGXKLgQrt', 'DZQXrAV7oC', 'cS4XE2qXx9'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, wdMx6ivIZy3IEwQLoZ.csHigh entropy of concatenated method names: 'oejpkoHPfK', 'sMOp16blFv', 'NZoPcSaX2h', 'JUkPtLpoVr', 'KUjPi1AjxS', 'Pp7PLVlgZ4', 'm4hPoo6LZO', 'lpsPMEy2Vv', 'yApPYefcS1', 'D6SP73U7Hh'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, YJvTP7toLwDEKw8Pgf.csHigh entropy of concatenated method names: 'VLJeS8HdfC', 'K20e0LiXjb', 'noqexCKXEp', 'zhce6rchnt', 'ptkedKTKyS', 'Bl5e19LU01', 'pVpeqHuhMa', 'o7wevN9Oyl', 'D3ewfHTZCPo7fstG7Wr', 'k4HNinTWxGXQQhwEphi'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, PWJJFOTPulVPmOkCyk.csHigh entropy of concatenated method names: 'Dispose', 'NJhVfAkAGt', 'LuKBHeUyJW', 'Yri22FMaAd', 'W3BVyWgXAi', 'yvqVzelshr', 'ProcessDialogKey', 'mbXBRTHEXK', 'MHuBVk1awm', 'AnxBB8puMq'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, oyA5HNIo2nofF65HgC.csHigh entropy of concatenated method names: 'KWks7WKnM1', 'L37sbWYc2y', 't3psINdTHJ', 'hbBswCYP3e', 'YOYsHgpN08', 'EZTscWjWDI', 'N58stVevxh', 'GMMsioLU1e', 'Q0TsLaNxwq', 'nGIsoNO7g9'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, NXGE22Z6sxCIN5BpHE.csHigh entropy of concatenated method names: 'oWlTIknXoC', 'a31TwsAmUj', 'jRsTGRXBun', 'YGST3E5keI', 'TRQTK2A4uF', 'ExBTrq8Iwb', 'aTsTEiSf4H', 'dNtTmdsvED', 'btLTfvIk9i', 't7WTy19bIQ'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, TBWgXAmijvqelshrUb.csHigh entropy of concatenated method names: 'g1DnhKCfHQ', 'SB8nTLN4OM', 'fg9nP1kh6W', 'CaZnpZIXdo', 'WYpnemWNxU', 'QRcnglLp6q', 'W8wnDA5CHJ', 'vjrn8jy20G', 'UQLnWLspga', 'Dg0nUNQNQ0'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, lKD7Lor1sHPYVrtld9.csHigh entropy of concatenated method names: 'NXKamY71e4', 'ECkayaCJSR', 'bvbnRDnLXJ', 'xFOnVC2thO', 'PKfa5CGbav', 'g2pabFANrZ', 'pRCaJjaIeF', 'gYVaICM0Hd', 'cJGaw2gihw', 'IKyaGtxj5i'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, TRKFH1OGpgdF1mMELh.csHigh entropy of concatenated method names: 'fT7VgXGE22', 'AsxVDCIN5B', 'DACVWiEXAl', 'QTSVUJSdMx', 'SQLVsoZ0j8', 'ynTVCs0r8m', 'HPYFlHmwf8PTQLTjom', 'Mdxpi7IoG353aqjjW3', 'rLiVV32R48', 'BW6V9Cp7WY'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, xj8jnTls0r8monc41t.csHigh entropy of concatenated method names: 'DWPeu5aWll', 'Un0eT4MqtZ', 'cdpept1AaE', 'AkYegRAOvw', 'V1JeDArG7K', 'VUNpKdbiwb', 'hYTprLfB0r', 'GOupEwdQZK', 'SEwpm52bDL', 'nr1pfdx8LC'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, vlAJwWVRZyjtnTdYtHm.csHigh entropy of concatenated method names: 'wxQ40XDoo1', 'uuu4jeYuQV', 'p314xEAudv', 'VeL469xC4v', 'oLf4kZoxct', 'TOs4dkmiHn', 'LJm41h2gyc', 'ggj4Zt0PyD', 'oEs4qqE4be', 'sCw4vMKTge'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, njGMMo3iYWbL5Xd4d9.csHigh entropy of concatenated method names: 'FROaWYKpYn', 'zRJaUtIm67', 'ToString', 'OtAahyFSHl', 'zfJaToe5yv', 'cXgaPbIQBX', 'APhap26uVX', 'u8taeXjWSX', 'MQ7agI43Fg', 'KlfaDSyln3'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, Kmkpf2B7Fqyws7pD4X.csHigh entropy of concatenated method names: 'VohxO39qB', 'Dpx6GlNfG', 'f4Ad0lOnb', 'OhH1ShnKM', 'oEJqRfiou', 'edRvry0nJ', 'mYHtPx7sguvFcye996', 'PX2i0EbFTWDbbBOpdr', 'B4dmTeXZsrR9cuogqA', 'rRhnbSkLZ'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, HrG4M4DBRtPV58boTJ.csHigh entropy of concatenated method names: 'eMv9uutYVj', 'RxO9h9Xto2', 'FVD9Tw9V9q', 'onx9PJuGOB', 'zUZ9pJS3QT', 'nH19eNyfLp', 'fDw9gLyn1Y', 'Y329DD9CRS', 'xEq98lE7hV', 'WsY9WPCBFb'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, SpCLCeJccdp48PnK3D.csHigh entropy of concatenated method names: 'kSeAZl689h', 'xCEAq0aut2', 'EZeAlp9Com', 'ADjAH4n36y', 'crJAtPw2sU', 'XSrAiHFe4A', 'YXAAom6GUD', 'u3tAMVYo9q', 'di0A7qEVye', 'reaA5TDAAX'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, c6EUJ1qACiEXAlITSJ.csHigh entropy of concatenated method names: 'eywP6D9DmY', 'ldKPdt5fmy', 'BHnPZWe9Fm', 'fYQPqbdwNG', 'EVxPsbRPMv', 'CZYPCLnm7k', 'uTVPaKlZ9C', 'VGnPnZMCFa', 'MPtP4KTkXG', 'oZiPX6Wix4'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4ea5260.11.raw.unpack, lpuMqkyawaVp1sbiSy.csHigh entropy of concatenated method names: 'fnv4V1aSYp', 'DGg4909lc6', 'SH44OmYy2X', 'aQD4hTL7Yo', 'qAb4T1enyU', 'qvM4px23dg', 'Tfq4eGidfy', 'h0wnEm9ugy', 'uxtnm5CD9o', 'CnxnfUkNyU'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, W5YO8oY2oNhQ8f9D99.csHigh entropy of concatenated method names: 'yvDg0V6hkl', 'gIKgjBcn3Y', 'K8ngx9mRMU', 'iYwg6Pbw7S', 'ExUgkpgVMs', 'kLDgdVhFoD', 'qwwg1ockWp', 'lEngZWOO5l', 'dqlgqlrH3c', 'eP9gvLd3Mf'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, sTHEXKfYHuk1awm6nx.csHigh entropy of concatenated method names: 'CKunlEl5c3', 'MvwnHrvUMI', 'Ag1ncWJm2o', 'aVunt6Z90S', 'rQ8nIf8KbT', 'ag6nicNLrv', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, robPgsoG3t14kq7cBx.csHigh entropy of concatenated method names: 'Exlgh2onWW', 'Y4rgPufJ13', 'TXYgeqatMU', 'b27eyK1gUT', 'RceeziY2gp', 'AD5gRPE045', 'i1UgVyxWvu', 'M6ngBNkhGk', 'm4Pg9KHA13', 'BPGgOGiJZT'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, LAN4VLV9pcs1igLjHkO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'bgLXIrDKLI', 'CnmXw3ay09', 'C4hXGXZOZx', 'zH4X3Oo3mf', 'hlGXKLgQrt', 'DZQXrAV7oC', 'cS4XE2qXx9'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, wdMx6ivIZy3IEwQLoZ.csHigh entropy of concatenated method names: 'oejpkoHPfK', 'sMOp16blFv', 'NZoPcSaX2h', 'JUkPtLpoVr', 'KUjPi1AjxS', 'Pp7PLVlgZ4', 'm4hPoo6LZO', 'lpsPMEy2Vv', 'yApPYefcS1', 'D6SP73U7Hh'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, YJvTP7toLwDEKw8Pgf.csHigh entropy of concatenated method names: 'VLJeS8HdfC', 'K20e0LiXjb', 'noqexCKXEp', 'zhce6rchnt', 'ptkedKTKyS', 'Bl5e19LU01', 'pVpeqHuhMa', 'o7wevN9Oyl', 'D3ewfHTZCPo7fstG7Wr', 'k4HNinTWxGXQQhwEphi'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, PWJJFOTPulVPmOkCyk.csHigh entropy of concatenated method names: 'Dispose', 'NJhVfAkAGt', 'LuKBHeUyJW', 'Yri22FMaAd', 'W3BVyWgXAi', 'yvqVzelshr', 'ProcessDialogKey', 'mbXBRTHEXK', 'MHuBVk1awm', 'AnxBB8puMq'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, oyA5HNIo2nofF65HgC.csHigh entropy of concatenated method names: 'KWks7WKnM1', 'L37sbWYc2y', 't3psINdTHJ', 'hbBswCYP3e', 'YOYsHgpN08', 'EZTscWjWDI', 'N58stVevxh', 'GMMsioLU1e', 'Q0TsLaNxwq', 'nGIsoNO7g9'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, NXGE22Z6sxCIN5BpHE.csHigh entropy of concatenated method names: 'oWlTIknXoC', 'a31TwsAmUj', 'jRsTGRXBun', 'YGST3E5keI', 'TRQTK2A4uF', 'ExBTrq8Iwb', 'aTsTEiSf4H', 'dNtTmdsvED', 'btLTfvIk9i', 't7WTy19bIQ'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, TBWgXAmijvqelshrUb.csHigh entropy of concatenated method names: 'g1DnhKCfHQ', 'SB8nTLN4OM', 'fg9nP1kh6W', 'CaZnpZIXdo', 'WYpnemWNxU', 'QRcnglLp6q', 'W8wnDA5CHJ', 'vjrn8jy20G', 'UQLnWLspga', 'Dg0nUNQNQ0'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, lKD7Lor1sHPYVrtld9.csHigh entropy of concatenated method names: 'NXKamY71e4', 'ECkayaCJSR', 'bvbnRDnLXJ', 'xFOnVC2thO', 'PKfa5CGbav', 'g2pabFANrZ', 'pRCaJjaIeF', 'gYVaICM0Hd', 'cJGaw2gihw', 'IKyaGtxj5i'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, TRKFH1OGpgdF1mMELh.csHigh entropy of concatenated method names: 'fT7VgXGE22', 'AsxVDCIN5B', 'DACVWiEXAl', 'QTSVUJSdMx', 'SQLVsoZ0j8', 'ynTVCs0r8m', 'HPYFlHmwf8PTQLTjom', 'Mdxpi7IoG353aqjjW3', 'rLiVV32R48', 'BW6V9Cp7WY'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, xj8jnTls0r8monc41t.csHigh entropy of concatenated method names: 'DWPeu5aWll', 'Un0eT4MqtZ', 'cdpept1AaE', 'AkYegRAOvw', 'V1JeDArG7K', 'VUNpKdbiwb', 'hYTprLfB0r', 'GOupEwdQZK', 'SEwpm52bDL', 'nr1pfdx8LC'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, vlAJwWVRZyjtnTdYtHm.csHigh entropy of concatenated method names: 'wxQ40XDoo1', 'uuu4jeYuQV', 'p314xEAudv', 'VeL469xC4v', 'oLf4kZoxct', 'TOs4dkmiHn', 'LJm41h2gyc', 'ggj4Zt0PyD', 'oEs4qqE4be', 'sCw4vMKTge'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, njGMMo3iYWbL5Xd4d9.csHigh entropy of concatenated method names: 'FROaWYKpYn', 'zRJaUtIm67', 'ToString', 'OtAahyFSHl', 'zfJaToe5yv', 'cXgaPbIQBX', 'APhap26uVX', 'u8taeXjWSX', 'MQ7agI43Fg', 'KlfaDSyln3'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, Kmkpf2B7Fqyws7pD4X.csHigh entropy of concatenated method names: 'VohxO39qB', 'Dpx6GlNfG', 'f4Ad0lOnb', 'OhH1ShnKM', 'oEJqRfiou', 'edRvry0nJ', 'mYHtPx7sguvFcye996', 'PX2i0EbFTWDbbBOpdr', 'B4dmTeXZsrR9cuogqA', 'rRhnbSkLZ'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, HrG4M4DBRtPV58boTJ.csHigh entropy of concatenated method names: 'eMv9uutYVj', 'RxO9h9Xto2', 'FVD9Tw9V9q', 'onx9PJuGOB', 'zUZ9pJS3QT', 'nH19eNyfLp', 'fDw9gLyn1Y', 'Y329DD9CRS', 'xEq98lE7hV', 'WsY9WPCBFb'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, SpCLCeJccdp48PnK3D.csHigh entropy of concatenated method names: 'kSeAZl689h', 'xCEAq0aut2', 'EZeAlp9Com', 'ADjAH4n36y', 'crJAtPw2sU', 'XSrAiHFe4A', 'YXAAom6GUD', 'u3tAMVYo9q', 'di0A7qEVye', 'reaA5TDAAX'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, c6EUJ1qACiEXAlITSJ.csHigh entropy of concatenated method names: 'eywP6D9DmY', 'ldKPdt5fmy', 'BHnPZWe9Fm', 'fYQPqbdwNG', 'EVxPsbRPMv', 'CZYPCLnm7k', 'uTVPaKlZ9C', 'VGnPnZMCFa', 'MPtP4KTkXG', 'oZiPX6Wix4'
                    Source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.17e0000.0.raw.unpack, lpuMqkyawaVp1sbiSy.csHigh entropy of concatenated method names: 'fnv4V1aSYp', 'DGg4909lc6', 'SH44OmYy2X', 'aQD4hTL7Yo', 'qAb4T1enyU', 'qvM4px23dg', 'Tfq4eGidfy', 'h0wnEm9ugy', 'uxtnm5CD9o', 'CnxnfUkNyU'
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeJump to dropped file
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile created: C:\Users\user\AppData\Roaming\wpvgIECypA.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp6A32.tmp"
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BjTxJteJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BjTxJteJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier read attributes | delete
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: BARSYL SHIPPING Co (VIETNAM).exe PID: 8092, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: wpvgIECypA.exe PID: 6012, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory allocated: 1640000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory allocated: 3240000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory allocated: 17E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory allocated: 91B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory allocated: 7A80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory allocated: A1B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory allocated: B1B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory allocated: B620000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory allocated: C620000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory allocated: D620000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory allocated: 13C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory allocated: 2D80000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory allocated: 2C90000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory allocated: 89B0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory allocated: 8740000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory allocated: 99B0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory allocated: A9B0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory allocated: AE00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory allocated: BE00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory allocated: CE00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 11E0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2ED0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2D80000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: D70000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2900000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 4900000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199937Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1200000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199875
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199764
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199656
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199547
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199437
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199328
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199219
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199100
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1198997
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1197867
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1197763
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1197655
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1196488
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1196129
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1196015
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195905
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195777
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195671
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195562
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195453
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195342
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195234
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195119
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195016
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1194905
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1194796
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1194672
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7347Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7084Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 3586Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 1360Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 1731
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 8113
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe TID: 8120Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7528Thread sleep count: 7347 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7344Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3380Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1732Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1636Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exe TID: 512Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8596Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 8856Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99625Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99508Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99390Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99274Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99130Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99014Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98900Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98786Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98547Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97999Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97671Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97554Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97431Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97217Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97108Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96999Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199937Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 100000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99872
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99750
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99641
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99516
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99406
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99297
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99183
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99078
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98969
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98830
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98703
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98594
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98484
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98375
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98266
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98156
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98047
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97938
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97826
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97719
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97594
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1200000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199875
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199764
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199656
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199547
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199437
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199328
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199219
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1199100
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1198997
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1197867
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1197763
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1197655
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1196488
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1196129
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1196015
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195905
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195777
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195671
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195562
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195453
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195342
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195234
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195119
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1195016
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1194905
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1194796
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 1194672
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\NULLJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbxJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\NULLJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\AdobeJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\AcrobatJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeFile opened: C:\Users\user\AppData\Local\Temp\acrocef_low\NULLJump to behavior
                    Source: RegSvcs.exe, 0000000E.00000002.3772385659.0000000005D11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll..b
                    Source: wpvgIECypA.exe, 0000000A.00000002.1400345948.00000000070EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                    Source: RegSvcs.exe, 00000009.00000002.1373558252.00000000010F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe"
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wpvgIECypA.exe"
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe"Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wpvgIECypA.exe"Jump to behavior
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and write
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 440000Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: B16008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 43E000
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 440000
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 806008
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe"Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wpvgIECypA.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp6A32.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp80E7.tmp"
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                    Source: RegSvcs.exe, 0000000E.00000002.3759975358.0000000002B6B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeQueries volume information: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeQueries volume information: C:\Users\user\AppData\Roaming\wpvgIECypA.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\wpvgIECypA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                    Source: C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 10.2.wpvgIECypA.exe.4ac9bf8.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4f890d0.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.wpvgIECypA.exe.4b04e18.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.wpvgIECypA.exe.4b04e18.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4f890d0.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.wpvgIECypA.exe.4ac9bf8.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000E.00000002.3759975358.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1376206083.0000000002FDC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1376206083.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1376206083.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1339206516.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1370919411.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.1396381178.0000000004AC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: BARSYL SHIPPING Co (VIETNAM).exe PID: 8092, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 1384, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: wpvgIECypA.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 8408, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 10.2.wpvgIECypA.exe.4ac9bf8.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4f890d0.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.wpvgIECypA.exe.4b04e18.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.wpvgIECypA.exe.4b04e18.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4f890d0.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.wpvgIECypA.exe.4ac9bf8.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000E.00000002.3759975358.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1376206083.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1339206516.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1370919411.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.1396381178.0000000004AC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: BARSYL SHIPPING Co (VIETNAM).exe PID: 8092, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 1384, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: wpvgIECypA.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 8408, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 10.2.wpvgIECypA.exe.4ac9bf8.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4f890d0.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.wpvgIECypA.exe.4b04e18.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4fc42f0.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.wpvgIECypA.exe.4b04e18.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.BARSYL SHIPPING Co (VIETNAM).exe.4f890d0.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.wpvgIECypA.exe.4ac9bf8.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000E.00000002.3759975358.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1376206083.0000000002FDC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1376206083.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1376206083.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1339206516.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1370919411.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.1396381178.0000000004AC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: BARSYL SHIPPING Co (VIETNAM).exe PID: 8092, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 1384, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: wpvgIECypA.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 8408, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		2
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		312
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		31
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    PowerShell                    		1
                    Registry Run Keys / Startup Folder                    		1
                    Scheduled Task/Job                    		3
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		211
                    Security Software Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    Registry Run Keys / Startup Folder                    		12
                    Software Packing                    		NTDS2
                    Process Discovery                    		Distributed Component Object Model31
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets141
                    Virtualization/Sandbox Evasion                    		SSH1
                    Clipboard Data                    		23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials1
                    Application Window Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                    Virtualization/Sandbox Evasion                    		DCSync1
                    System Network Configuration Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job312
                    Process Injection                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Hidden Files and Directories                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1430678 Sample: BARSYL SHIPPING Co (VIETNAM).exe Startdate: 24/04/2024 Architecture: WINDOWS Score: 100 53 mail.starmech.net 2->53 55 api.ipify.org 2->55 61 Found malware configuration 2->61 63 Malicious sample detected (through community Yara rule) 2->63 65 Sigma detected: Scheduled temp file as task from temp location 2->65 67 10 other signatures 2->67 8 BARSYL SHIPPING Co (VIETNAM).exe 7 2->8         started        12 wpvgIECypA.exe 2->12         started        14 BjTxJte.exe 2->14         started        16 BjTxJte.exe 2->16         started        signatures3 process4 file5 49 C:\Users\user\AppData\...\wpvgIECypA.exe, PE32 8->49 dropped 51 C:\Users\user\AppData\Local\...\tmp6A32.tmp, XML 8->51 dropped 85 Suspicious powershell command line found 8->85 87 Writes to foreign memory regions 8->87 89 Allocates memory in foreign processes 8->89 91 Adds a directory exclusion to Windows Defender 8->91 18 RegSvcs.exe 17 4 8->18         started        23 powershell.exe 22 8->23         started        25 powershell.exe 21 8->25         started        27 schtasks.exe 1 8->27         started        93 Multi AV Scanner detection for dropped file 12->93 95 Machine Learning detection for dropped file 12->95 97 Injects a PE file into a foreign processes 12->97 29 RegSvcs.exe 12->29         started        31 schtasks.exe 12->31         started        33 conhost.exe 14->33         started        35 conhost.exe 16->35         started        signatures6 process7 dnsIp8 57 mail.starmech.net 207.174.215.249, 49709, 49713, 49719 PUBLIC-DOMAIN-REGISTRYUS United States 18->57 59 api.ipify.org 172.67.74.152, 443, 49708, 49712 CLOUDFLARENETUS United States 18->59 47 C:\Users\user\AppData\Roaming\...\BjTxJte.exe, PE32 18->47 dropped 69 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 18->69 71 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 18->71 73 Tries to steal Mail credentials (via file / registry access) 18->73 83 2 other signatures 18->83 75 Loading BitLocker PowerShell Module 23->75 37 conhost.exe 23->37         started        39 WmiPrvSE.exe 23->39         started        41 conhost.exe 25->41         started        43 conhost.exe 27->43         started        77 Tries to harvest and steal ftp login credentials 29->77 79 Tries to harvest and steal browser information (history, passwords, etc) 29->79 81 Hides that the sample has been downloaded from the Internet (zone.identifier) 29->81 45 conhost.exe 31->45         started        file9 signatures10 process11

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    BARSYL SHIPPING Co (VIETNAM).exe54%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    BARSYL SHIPPING Co (VIETNAM).exe34%VirustotalBrowse
                    BARSYL SHIPPING Co (VIETNAM).exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\wpvgIECypA.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe0%ReversingLabs
                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe0%VirustotalBrowse
                    C:\Users\user\AppData\Roaming\wpvgIECypA.exe54%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    C:\Users\user\AppData\Roaming\wpvgIECypA.exe34%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    mail.starmech.net0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://r3.o.lencr.org00%URL Reputationsafe
                    http://r3.i.lencr.org/0W0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    http://mail.starmech.net0%Avira URL Cloudsafe
                    http://tempuri.org/DataSet1.xsd0%Avira URL Cloudsafe
                    http://tempuri.org/DataSet1.xsd2%VirustotalBrowse
                    http://mail.starmech.net0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    mail.starmech.net
                    		207.174.215.249
                    		truetrueunknown
                    api.ipify.org
                    		172.67.74.152
                    		truefalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://api.ipify.org/false
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://r3.o.lencr.org0RegSvcs.exe, 00000009.00000002.1381456082.0000000006100000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1373558252.00000000010F5000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1376206083.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3785470663.00000000094A2000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3773435120.0000000005DC7000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3759975358.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3759975358.0000000002BDE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3772385659.0000000005D11000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://api.ipify.orgBARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1339206516.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1376206083.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1370919411.0000000000402000.00000040.00000400.00020000.00000000.sdmp, wpvgIECypA.exe, 0000000A.00000002.1396381178.0000000004AC9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3759975358.0000000002B2C000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://account.dyn.com/BARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1339206516.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1370919411.0000000000402000.00000040.00000400.00020000.00000000.sdmp, wpvgIECypA.exe, 0000000A.00000002.1396381178.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://api.ipify.org/tRegSvcs.exe, 00000009.00000002.1376206083.0000000002F61000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://r3.i.lencr.org/0WRegSvcs.exe, 00000009.00000002.1381456082.0000000006100000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1373558252.00000000010F5000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1376206083.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3785470663.00000000094A2000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3773435120.0000000005DC7000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3759975358.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3759975358.0000000002BDE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3772385659.0000000005D11000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameBARSYL SHIPPING Co (VIETNAM).exe, 00000000.00000002.1335233850.0000000003475000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1376206083.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, wpvgIECypA.exe, 0000000A.00000002.1391661425.0000000002FB5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3759975358.0000000002B2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://x1.c.lencr.org/0RegSvcs.exe, 00000009.00000002.1381456082.0000000006100000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1376206083.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3785470663.00000000094A2000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3758104376.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3772385659.0000000005D11000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3758874259.0000000000EB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://x1.i.lencr.org/0RegSvcs.exe, 00000009.00000002.1381456082.0000000006100000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.1376206083.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3785470663.00000000094A2000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3758104376.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3772385659.0000000005D11000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.3758874259.0000000000EB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://mail.starmech.netRegSvcs.exe, 00000009.00000002.1376206083.0000000002FDC000.00000004.00000800.00020000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://tempuri.org/DataSet1.xsdBARSYL SHIPPING Co (VIETNAM).exe, wpvgIECypA.exe.0.drfalse
                                • 2%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                207.174.215.249
                                		mail.starmech.netUnited States
                                		394695PUBLIC-DOMAIN-REGISTRYUStrue
                                172.67.74.152
                                		api.ipify.orgUnited States
                                		13335CLOUDFLARENETUSfalse

                                General Information

                                Joe Sandbox version:40.0.0 Tourmaline
                                Analysis ID:1430678
                                Start date and time:2024-04-24 02:41:58 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 10m 53s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:23
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:BARSYL SHIPPING Co (VIETNAM).exe
                                Detection:MAL
                                Classification:mal100.troj.spyw.evad.winEXE@23/19@2/2
                                EGA Information:
                                • Successful, ratio: 66.7%
                                HCA Information:
                                • Successful, ratio: 99%
                                • Number of executed functions: 402
                                • Number of non-executed functions: 20
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Execution Graph export aborted for target BjTxJte.exe, PID 8524 because it is empty
                                • Execution Graph export aborted for target BjTxJte.exe, PID 8800 because it is empty
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size getting too big, too many NtCreateKey calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Report size getting too big, too many NtReadVirtualMemory calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                02:42:52API Interceptor1x Sleep call for process: BARSYL SHIPPING Co (VIETNAM).exe modified
                                02:42:54Task SchedulerRun new task: wpvgIECypA path: C:\Users\user\AppData\Roaming\wpvgIECypA.exe
                                02:42:54API Interceptor53x Sleep call for process: powershell.exe modified
                                02:42:56API Interceptor8230528x Sleep call for process: RegSvcs.exe modified
                                02:42:57AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BjTxJte C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                02:42:58API Interceptor1x Sleep call for process: wpvgIECypA.exe modified
                                02:43:05AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BjTxJte C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                207.174.215.249V2i5WDBNV7.exeGet hashmaliciousAgentTeslaBrowse
                                  payment slip.exeGet hashmaliciousAgentTeslaBrowse
                                    SHIPPING ADVICE.exeGet hashmaliciousAgentTeslaBrowse
                                      PO 20240105.exeGet hashmaliciousAgentTeslaBrowse
                                        172.67.74.152Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                                        • api.ipify.org/?format=json
                                        Sky-Beta.exeGet hashmaliciousUnknownBrowse
                                        • api.ipify.org/?format=json
                                        Sky-Beta.exeGet hashmaliciousUnknownBrowse
                                        • api.ipify.org/?format=json
                                        Sky-Beta-Setup.exeGet hashmaliciousStealitBrowse
                                        • api.ipify.org/?format=json
                                        Sky-Beta.exeGet hashmaliciousStealitBrowse
                                        • api.ipify.org/?format=json
                                        SongOfVikings.exeGet hashmaliciousUnknownBrowse
                                        • api.ipify.org/?format=json
                                        SongOfVikings.exeGet hashmaliciousUnknownBrowse
                                        • api.ipify.org/?format=json
                                        Sky-Beta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                        • api.ipify.org/?format=json

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        mail.starmech.netV2i5WDBNV7.exeGet hashmaliciousAgentTeslaBrowse
                                        • 207.174.215.249
                                        payment slip.exeGet hashmaliciousAgentTeslaBrowse
                                        • 207.174.215.249
                                        SHIPPING ADVICE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 207.174.215.249
                                        PO 20240105.exeGet hashmaliciousAgentTeslaBrowse
                                        • 207.174.215.249
                                        api.ipify.orgSecuriteInfo.com.Python.Stealer.1437.14994.32063.exeGet hashmaliciousPython StealerBrowse
                                        • 172.67.74.152
                                        https://wmicrosouab-4ba8.udydzj.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                        • 104.26.13.205
                                        CR-FEDEX_TN-775720741041.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                        • 172.67.74.152
                                        copy#10476235.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 172.67.74.152
                                        Wire Transfer Payment Receipt#2024-22-04.exeGet hashmaliciousAgentTeslaBrowse
                                        • 104.26.12.205
                                        DHL_RF_20200712_BN_OTN 0095673441.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                        • 104.26.12.205
                                        BARSYL SHIPPING Co (VIETNAM).exeGet hashmaliciousAgentTeslaBrowse
                                        • 172.67.74.152
                                        Ship Docs_ CI_BL_HBL_.exeGet hashmaliciousAgentTeslaBrowse
                                        • 104.26.13.205
                                        sZXuT60Q6P.exeGet hashmaliciousAgentTeslaBrowse
                                        • 104.26.12.205

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        PUBLIC-DOMAIN-REGISTRYUSPR2403016.scr.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.91.199.223
                                        OKJ2402PRT000025.PDF.scr.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.91.199.224
                                        PO82100088.exeGet hashmaliciousAgentTeslaBrowse
                                        • 199.79.62.115
                                        BARSYL SHIPPING Co (VIETNAM).exeGet hashmaliciousAgentTeslaBrowse
                                        • 162.215.248.214
                                        Urgent PO 18-3081 Confirmation.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.91.199.224
                                        72625413524.vbsGet hashmaliciousXWormBrowse
                                        • 116.206.104.215
                                        HDPESDR11OD5606METERS.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.91.199.224
                                        SecuriteInfo.com.MSIL.Kryptik.AGUH.tr.13955.20631.exeGet hashmaliciousAgentTeslaBrowse
                                        • 162.215.248.214
                                        HDPESDR1145-6METERS.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.91.199.224
                                        CLOUDFLARENETUSSecuriteInfo.com.Python.Stealer.1437.14994.32063.exeGet hashmaliciousPython StealerBrowse
                                        • 172.67.74.152
                                        3CB27VUHRg.exeGet hashmaliciousBabuk, DjvuBrowse
                                        • 172.67.139.220
                                        https://d-wz.info/mygovGet hashmaliciousHTMLPhisherBrowse
                                        • 104.21.4.29
                                        mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                        • 104.21.65.24
                                        SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                        • 104.22.54.104
                                        https://wmicrosouab-4ba8.udydzj.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                        • 104.17.25.14
                                        https://uqgekpc20qn1.azureedge.net/6466/Get hashmaliciousTechSupportScamBrowse
                                        • 104.21.53.38
                                        https://windowdefalerts-error0x21916-alert-virus-detected.pages.dev/Get hashmaliciousHTMLPhisher, TechSupportScamBrowse
                                        • 172.66.44.57
                                        https://windowdefalerts-error0x21915-alert-virus-detected.pages.dev/Get hashmaliciousHTMLPhisher, TechSupportScamBrowse
                                        • 172.66.47.25
                                        https://storage.googleapis.com/sjajsskdkasdk0038.appspot.com/65743.htmlGet hashmaliciousHTMLPhisherBrowse
                                        • 104.17.25.14

                                        JA3 Fingerprints

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        3b5074b1b5d032e5620f69f9f700ff0ehttps://www.admin-longin.co.jp.mc3lva.cn/Get hashmaliciousUnknownBrowse
                                        • 172.67.74.152
                                        https://wmicrosouab-4ba8.udydzj.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                        • 172.67.74.152
                                        KxgGGaiW3E.exeGet hashmaliciousQuasarBrowse
                                        • 172.67.74.152
                                        https://www.linkedin.com/redir/redirect?url=https%3A%2F%2Flookerstudio%2Egoogle%2Ecom%2Fs%2FscrHqwjeA3k&urlhash=dcQj&trk=public_profile-settings_topcard-websiteGet hashmaliciousUnknownBrowse
                                        • 172.67.74.152
                                        HS202410407 Elemento de proyecto MSMU5083745.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                        • 172.67.74.152
                                        YZPS3Bfyza.exeGet hashmaliciousQuasarBrowse
                                        • 172.67.74.152
                                        CR-FEDEX_TN-775720741041.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                        • 172.67.74.152
                                        YZPS3Bfyza.exeGet hashmaliciousQuasarBrowse
                                        • 172.67.74.152
                                        QUOTATION_APRQTRA031244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 172.67.74.152

                                        Dropped Files

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeUrgent PO 18-3081 Confirmation.exeGet hashmaliciousAgentTeslaBrowse
                                          CAHKHCM2404009CFS.exeGet hashmaliciousAgentTeslaBrowse
                                            FAR.N_2430-240009934.exeGet hashmaliciousAgentTeslaBrowse
                                              TT copy of the first payment.exeGet hashmaliciousAgentTeslaBrowse
                                                Booking_BK24-000288_19_Apr_2410_52_34 AM.exeGet hashmaliciousAgentTeslaBrowse
                                                  charesworh.exeGet hashmaliciousAgentTeslaBrowse
                                                    FAR.N_2430-240009934.exeGet hashmaliciousAgentTeslaBrowse
                                                      FAR.N#U00b02430-24000993.exeGet hashmaliciousAgentTeslaBrowse
                                                        tems.exeGet hashmaliciousAgentTeslaBrowse

                                                          Created / dropped Files

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BARSYL SHIPPING Co (VIETNAM).exe.log

                                                          Download File
                                                          Process:C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1415
                                                          Entropy (8bit):5.352427679901606
                                                          Encrypted:false
                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRuAE4KzecKIE4oKNzKorE4x84j:MIHK5HKH1qHiYHKh3oPHKMRuAHKzectP
                                                          MD5:3978978DE913FD1C068312697D6E5917
                                                          SHA1:1DABBE7FB8F38F6EBF474CE5F0ECAA89F48E2538
                                                          SHA-256:33B7B1668DDD3AB39711F9F93B667F6F2F674348A79228BFA163BA625B37F120
                                                          SHA-512:78694B97F5D03758F503155E5CE5B85AABDF9690F0DFBC51FCE9926BE2D86BCF99E008659420F1E8489A7F6EA125F2776D4C6DC4B151566B529454512352953D
                                                          Malicious:false
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll"

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BjTxJte.exe.log

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:modified
                                                          Size (bytes):142
                                                          Entropy (8bit):5.090621108356562
                                                          Encrypted:false
                                                          SSDEEP:3:QHXMKa/xwwUC7WglAFXMWA2yTMGfsbNRLFS9Am12MFuAvOAsDeieVyn:Q3La/xwczlAFXMWTyAGCDLIP12MUAvvw
                                                          MD5:8C0458BB9EA02D50565175E38D577E35
                                                          SHA1:F0B50702CD6470F3C17D637908F83212FDBDB2F2
                                                          SHA-256:C578E86DB701B9AFA3626E804CF434F9D32272FF59FB32FA9A51835E5A148B53
                                                          SHA-512:804A47494D9A462FFA6F39759480700ECBE5A7F3A15EC3A6330176ED9C04695D2684BF6BF85AB86286D52E7B727436D0BB2E8DA96E20D47740B5CE3F856B5D0F
                                                          Malicious:false
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wpvgIECypA.exe.log

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\wpvgIECypA.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1415
                                                          Entropy (8bit):5.352427679901606
                                                          Encrypted:false
                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRuAE4KzecKIE4oKNzKorE4x84j:MIHK5HKH1qHiYHKh3oPHKMRuAHKzectP
                                                          MD5:3978978DE913FD1C068312697D6E5917
                                                          SHA1:1DABBE7FB8F38F6EBF474CE5F0ECAA89F48E2538
                                                          SHA-256:33B7B1668DDD3AB39711F9F93B667F6F2F674348A79228BFA163BA625B37F120
                                                          SHA-512:78694B97F5D03758F503155E5CE5B85AABDF9690F0DFBC51FCE9926BE2D86BCF99E008659420F1E8489A7F6EA125F2776D4C6DC4B151566B529454512352953D
                                                          Malicious:false
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll"

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):64
                                                          Entropy (8bit):1.1940658735648508
                                                          Encrypted:false
                                                          SSDEEP:3:NlllulJnp/p:NllU
                                                          MD5:BC6DB77EB243BF62DC31267706650173
                                                          SHA1:9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF
                                                          SHA-256:5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
                                                          SHA-512:91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9
                                                          Malicious:false
                                                          Preview:@...e.................................X..............@..........

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1lykr5jp.onp.psm1

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2i4f3rds.i2s.ps1

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k31l1yc4.hrw.ps1

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p0ydeaxw.n30.psm1

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qizqhwak.g1u.ps1

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r0qnup5a.fgz.psm1

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u223gsju.1gh.psm1

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wfzj2df3.4zi.ps1

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\tmp6A32.tmp

                                                          Download File
                                                          Process:C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe
                                                          File Type:XML 1.0 document, ASCII text
                                                          Category:dropped
                                                          Size (bytes):1569
                                                          Entropy (8bit):5.108118613660259
                                                          Encrypted:false
                                                          SSDEEP:48:cge7XQBBYrFdOFzOzN33ODOiDdKrsuT5Crv:He7XQBBYrFdOFzOz6dKrsuA
                                                          MD5:D9256DA87CDDD325BDDE8CE8821F470F
                                                          SHA1:3EAE7E88D67780BFCFDBFAB8FD31B8FB12DF4236
                                                          SHA-256:8D063894CD635CF5A2851D2DC40B6265A251EEC8D6D8A726D07B68D07ACA4967
                                                          SHA-512:12C26EC0A3114797662ED53FD919A5175BAF7EE3E5D5BAB2C5949A32E8F262704157B63887D660AF2C57A9F0A28B0DF841B33DF073663BC278DF26E113607107
                                                          Malicious:true
                                                          Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

                                                          C:\Users\user\AppData\Local\Temp\tmp80E7.tmp

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\wpvgIECypA.exe
                                                          File Type:XML 1.0 document, ASCII text
                                                          Category:dropped
                                                          Size (bytes):1569
                                                          Entropy (8bit):5.108118613660259
                                                          Encrypted:false
                                                          SSDEEP:48:cge7XQBBYrFdOFzOzN33ODOiDdKrsuT5Crv:He7XQBBYrFdOFzOz6dKrsuA
                                                          MD5:D9256DA87CDDD325BDDE8CE8821F470F
                                                          SHA1:3EAE7E88D67780BFCFDBFAB8FD31B8FB12DF4236
                                                          SHA-256:8D063894CD635CF5A2851D2DC40B6265A251EEC8D6D8A726D07B68D07ACA4967
                                                          SHA-512:12C26EC0A3114797662ED53FD919A5175BAF7EE3E5D5BAB2C5949A32E8F262704157B63887D660AF2C57A9F0A28B0DF841B33DF073663BC278DF26E113607107
                                                          Malicious:false
                                                          Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

                                                          C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

                                                          Download File
                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                          File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:modified
                                                          Size (bytes):45984
                                                          Entropy (8bit):6.16795797263964
                                                          Encrypted:false
                                                          SSDEEP:768:4BbSoy+SdIBf0k2dsjYg6Iq8S1GYqWH8BR:noOIBf0ddsjY/ZGyc7
                                                          MD5:9D352BC46709F0CB5EC974633A0C3C94
                                                          SHA1:1969771B2F022F9A86D77AC4D4D239BECDF08D07
                                                          SHA-256:2C1EEB7097023C784C2BD040A2005A5070ED6F3A4ABF13929377A9E39FAB1390
                                                          SHA-512:13C714244EC56BEEB202279E4109D59C2A43C3CF29F90A374A751C04FD472B45228CA5A0178F41109ED863DBD34E0879E4A21F5E38AE3D89559C57E6BE990A9B
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                          Joe Sandbox View:
                                                          • Filename: Urgent PO 18-3081 Confirmation.exe, Detection: malicious, Browse
                                                          • Filename: CAHKHCM2404009CFS.exe, Detection: malicious, Browse
                                                          • Filename: FAR.N_2430-240009934.exe, Detection: malicious, Browse
                                                          • Filename: TT copy of the first payment.exe, Detection: malicious, Browse
                                                          • Filename: Booking_BK24-000288_19_Apr_2410_52_34 AM.exe, Detection: malicious, Browse
                                                          • Filename: charesworh.exe, Detection: malicious, Browse
                                                          • Filename: FAR.N_2430-240009934.exe, Detection: malicious, Browse
                                                          • Filename: FAR.N#U00b02430-24000993.exe, Detection: malicious, Browse
                                                          • Filename: tems.exe, Detection: malicious, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.]..............0..d..........V.... ........@.. ..............................s.....`.....................................O.......8............r...A.......................................................... ............... ..H............text...\c... ...d.................. ..`.rsrc...8............f..............@..@.reloc...............p..............@..B................8.......H........+...S..........|...P...........................................r...p(....*2.(....(....*z..r...p(....(....(......}....*..{....*.s.........*.0..{...........Q.-.s.....+i~....o....(.....s.......o.....r!..p..(....Q.P,:.P.....(....o....o ........(....o!...o".....,..o#...t......*..0..(....... ....s$........o%....X..(....-..*.o&...*.0...........('......&.....*.*...................0...........(.......&.....*.................0............(.....(....~....,.(....~....o....9]...

                                                          C:\Users\user\AppData\Roaming\wpvgIECypA.exe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):685056
                                                          Entropy (8bit):7.9372707633391295
                                                          Encrypted:false
                                                          SSDEEP:12288:x4WzE3RYDR05N+rTd2/6pjhHyKj1jb9WKhsq9Q/V8pekTGzd2S96QKNe:1WR03BAWj0Kj17YV8petwsK
                                                          MD5:5385333A8618DAC516B8B33B0BBF11A1
                                                          SHA1:3A1171327ABE7AEFEB85914AFAE6EC6C8BFBE6E0
                                                          SHA-256:6C06C665C435CF95787310F59E984006711D50BF091AE610CB4440ABAE1448C4
                                                          SHA-512:0392FD0FC5F79B8C19655D279E882BF7CD83A4D841D1BF1F1845997396368734866F47D06C19FA0DA48ECC305D2113611F65153E07FF6AAE0C99A8137E9E3CEA
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 54%
                                                          • Antivirus: Virustotal, Detection: 34%, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v.'f.................j.............. ........@.. ....................................@.................................t...W.................................................................................... ............... ..H............text....h... ...j.................. ..`.rsrc................l..............@..@.reloc...............r..............@..B........................H.......x/...X......E....................................................0..A....... .........%.R...(.....S... .........%.[...(.....\...(F...*.....&*....0..P.........}.....(.......(.....+..(............s......(.....o....+...(.....o......(.....*.0..[.........}........(......+....(......,7...(............s......(.....o....+...(.....o.....8.....r...p.....(....o....t........(.........+...9.....s.........s....s....o........o....(....+.....o....(........o....(....+.....o....(......

                                                          C:\Users\user\AppData\Roaming\wpvgIECypA.exe:Zone.Identifier

                                                          Download File
                                                          Process:C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):26
                                                          Entropy (8bit):3.95006375643621
                                                          Encrypted:false
                                                          SSDEEP:3:ggPYV:rPYV
                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                          Malicious:false
                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                          \Device\ConDrv

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1141
                                                          Entropy (8bit):4.442398121585593
                                                          Encrypted:false
                                                          SSDEEP:24:zKLXkhDObntKlglUEnfQtvNuNpKOK5aM9YJC:zKL0hDQntKKH1MqJC
                                                          MD5:6FB4D27A716A8851BC0505666E7C7A10
                                                          SHA1:AD2A232C6E709223532C4D1AB892303273D8C814
                                                          SHA-256:1DC36F296CE49BDF1D560B527DB06E1E9791C10263459A67EACE706C6DDCDEAE
                                                          SHA-512:3192095C68C6B7AD94212B7BCA0563F2058BCE00C0C439B90F0E96EA2F029A37C2F2B69487591B494C1BA54697FE891E214582E392127CB8C90AB682E0D81ADB
                                                          Malicious:false
                                                          Preview:Microsoft (R) .NET Framework Services Installation Utility Version 4.8.4084.0..Copyright (C) Microsoft Corporation. All rights reserved.....USAGE: regsvcs.exe [options] AssemblyName..Options:.. /? or /help Display this usage message... /fc Find or create target application (default)... /c Create target application, error if it already exists... /exapp Expect an existing application... /tlb:<tlbfile> Filename for the exported type library... /appname:<name> Use the specified name for the target application... /parname:<name> Use the specified name or id for the target partition... /extlb Use an existing type library... /reconfig Reconfigure existing target application (default)... /noreconfig Don't reconfigure existing target application... /u Uninstall target application... /nologo Suppress logo output... /quiet Suppress logo output and success output... /c

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Entropy (8bit):7.9372707633391295
                                                          TrID:
                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                          • DOS Executable Generic (2002/1) 0.01%
                                                          File name:BARSYL SHIPPING Co (VIETNAM).exe
                                                          File size:685'056 bytes
                                                          MD5:5385333a8618dac516b8b33b0bbf11a1
                                                          SHA1:3a1171327abe7aefeb85914afae6ec6c8bfbe6e0
                                                          SHA256:6c06c665c435cf95787310f59e984006711d50bf091ae610cb4440abae1448c4
                                                          SHA512:0392fd0fc5f79b8c19655d279e882bf7cd83a4d841d1bf1f1845997396368734866f47d06c19fa0da48ecc305d2113611f65153e07ff6aae0c99a8137e9e3cea
                                                          SSDEEP:12288:x4WzE3RYDR05N+rTd2/6pjhHyKj1jb9WKhsq9Q/V8pekTGzd2S96QKNe:1WR03BAWj0Kj17YV8petwsK
                                                          TLSH:A8E4131033AD9B0BE67DE3391532182517F379A6F576E69B8FC280C959A2BD4C711323
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v.'f.................j............... ........@.. ....................................@................................

                                                          File Icon

                                                          Icon Hash:90cececece8e8eb0

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x4a88ce
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x66279D76 [Tue Apr 23 11:37:26 2024 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                          Entrypoint Preview

                                                          Instruction
                                                          jmp dword ptr [00402000h]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xa88740x57.text
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xaa0000x600.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xac0000xc.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x20000xa68d40xa6a0068b4ed7bce0ad1abc2bad70e9d74ac02False0.9577316204051013data7.943943023810395IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rsrc0xaa0000x6000x600722202f277ec404c561e2f7d3f77f457False0.423828125data4.1103433280572625IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0xac0000xc0x200e4117dd7e7f979e3827b5b8db1e522d3False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_VERSION0xaa0900x32cdata0.42610837438423643
                                                          RT_MANIFEST0xaa3cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                          Imports

                                                          DLLImport
                                                          mscoree.dll_CorExeMain

                                                          Network Behavior

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Apr 24, 2024 02:42:55.399648905 CEST49708443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:42:55.399709940 CEST44349708172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:42:55.399775028 CEST49708443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:42:55.405381918 CEST49708443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:42:55.405399084 CEST44349708172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:42:55.739780903 CEST44349708172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:42:55.739860058 CEST49708443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:42:55.752688885 CEST49708443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:42:55.752732038 CEST44349708172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:42:55.753139973 CEST44349708172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:42:55.828783035 CEST49708443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:42:55.876127005 CEST44349708172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:42:56.176044941 CEST44349708172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:42:56.176125050 CEST44349708172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:42:56.176175117 CEST49708443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:42:56.183881998 CEST49708443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:42:57.263989925 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:57.445188046 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:57.445974112 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:57.780986071 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:57.785701990 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:57.969101906 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:57.969310045 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:58.153434992 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:58.156124115 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:58.344671011 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:58.344686985 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:58.344700098 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:58.344774961 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:58.394006968 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:58.575381041 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:58.578537941 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:58.759803057 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:58.760644913 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:58.943125010 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:58.944106102 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:59.166162014 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:59.226059914 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:59.226636887 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:59.407730103 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:59.407752991 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:59.408097029 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:59.619724035 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:59.619940996 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:59.801314116 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:59.802069902 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:59.802134037 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:59.802134037 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:59.802134037 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:42:59.983367920 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:59.983448982 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:59.983463049 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:42:59.983725071 CEST58749709207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:00.058300018 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:00.519568920 CEST49712443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:43:00.519665003 CEST44349712172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:43:00.519865036 CEST49712443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:43:00.523195982 CEST49712443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:43:00.523240089 CEST44349712172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:43:00.851421118 CEST44349712172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:43:00.851526022 CEST49712443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:43:00.853518963 CEST49712443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:43:00.853563070 CEST44349712172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:43:00.853961945 CEST44349712172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:43:00.928212881 CEST49712443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:43:00.972131014 CEST44349712172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:43:01.219755888 CEST44349712172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:43:01.219832897 CEST44349712172.67.74.152192.168.2.10
                                                          Apr 24, 2024 02:43:01.219907999 CEST49712443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:43:01.223056078 CEST49712443192.168.2.10172.67.74.152
                                                          Apr 24, 2024 02:43:01.475250006 CEST49709587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:02.131511927 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:02.312376022 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:02.312505007 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:02.578917980 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:02.579199076 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:02.760620117 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:02.760807991 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:02.943286896 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:02.945713043 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:03.138972998 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:03.138992071 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:03.139004946 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:03.139056921 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:03.141266108 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:03.322959900 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:03.330563068 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:03.511630058 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:03.511980057 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:03.693274021 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:03.693628073 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:03.876202106 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:03.876482964 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:04.057552099 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:04.058013916 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:04.268812895 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:04.269064903 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:04.450135946 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:04.450875998 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:04.450932980 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:04.450953960 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:04.450975895 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:43:04.631856918 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:04.631880045 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:04.631896019 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:04.631911993 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:04.632260084 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:43:04.683288097 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:41.779635906 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:41.848500013 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:41.960566044 CEST58749713207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:41.961213112 CEST49713587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:41.962199926 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:42.029815912 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.029958963 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:42.142894030 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.146162987 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:42.264837980 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.264998913 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:42.396311045 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.396644115 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:42.446244001 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.446475029 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:42.577734947 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.577872038 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:42.628575087 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.629394054 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:42.759677887 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.760169029 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:42.818038940 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.818125010 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.818142891 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.818180084 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:42.827573061 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:42.947858095 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.947886944 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.947905064 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:42.947968960 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:42.950939894 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:43.008944035 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:43.013927937 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:43.132021904 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:43.133500099 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:43.195344925 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:43.195832968 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:43.314485073 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:43.315026999 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:43.377454996 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:43.377883911 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:43.496284962 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:43.502536058 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:43.599754095 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:43.652570963 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:43.655729055 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:43.684473038 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:43.686752081 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:43.836942911 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:43.836962938 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:43.837587118 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:43.867650986 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:43.867921114 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.048345089 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.051054955 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.080872059 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.081564903 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.232197046 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.233458996 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.233458996 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.233529091 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.233809948 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.235553980 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.262442112 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.262773991 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.262773991 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.262846947 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.262846947 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.414539099 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.414685011 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.414701939 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.414712906 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.414835930 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.416677952 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.416699886 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.416776896 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.416819096 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.416835070 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.416899920 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.417001009 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.443483114 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.443528891 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.443542004 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.443555117 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.443964958 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.457753897 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.460627079 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.496527910 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.596107006 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.596182108 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.597970963 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.598027945 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.598131895 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.598191977 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.598431110 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.598476887 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.598484993 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.598522902 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.598587990 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.598634958 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.598695993 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.598740101 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.599050045 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.599100113 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.622642040 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.641911983 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.642003059 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.777621031 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.777642012 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.777697086 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.779340029 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.779637098 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.779823065 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.780095100 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.780210018 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.780374050 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.780524015 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.780643940 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.780710936 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.780723095 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.780750036 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.780885935 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.781049013 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.781060934 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.781115055 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.781167030 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.781177998 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.781405926 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.781416893 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.781508923 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.781795025 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.781860113 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.781898022 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.781941891 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.803720951 CEST58749720207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.804371119 CEST49720587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.805784941 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.823195934 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.823213100 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.823224068 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.823235989 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.958750963 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.958772898 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.959297895 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.959355116 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.960283041 CEST58749719207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.960338116 CEST49719587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:44.986841917 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:44.986938000 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:45.201580048 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:45.201790094 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:45.383179903 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:45.383475065 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:45.566278934 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:45.572521925 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:45.760921001 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:45.760941029 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:45.760953903 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:45.761044025 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:45.764523029 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:45.946108103 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:45.947633982 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:46.129039049 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:46.130467892 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:46.312113047 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:46.312484026 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:46.494941950 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:46.495126009 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:46.676377058 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:46.676635027 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:46.897876978 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:46.898576975 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:46.898768902 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.080136061 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.080210924 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.080497980 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.080549002 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.080584049 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.080634117 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.081881046 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.261924982 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.261940956 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.261991978 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.262010098 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.262022972 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.262061119 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.262878895 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.262936115 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.262993097 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.263051033 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.263227940 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.263279915 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.263298988 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.263346910 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.303910017 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.303980112 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.443248034 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.443367004 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.444001913 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.444060087 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.444216967 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.444263935 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.444370031 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.444408894 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.444514990 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.444554090 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.444631100 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.444678068 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.444739103 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.444775105 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.444968939 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.445019007 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.485130072 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.485193968 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.526016951 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.527780056 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.624737024 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.624831915 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.625085115 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.625134945 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.625293970 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.625340939 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:47.625480890 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.625607014 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.625749111 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.625888109 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.625952005 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626014948 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626079082 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626126051 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626177073 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626229048 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626302004 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626321077 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626389027 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626436949 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626621962 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626698017 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626754999 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.626766920 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.666285038 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.666306973 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.666318893 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.666357994 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.708944082 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.708965063 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.806894064 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.806932926 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.806943893 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.807275057 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:47.860552073 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:51.018532991 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:51.199917078 CEST58749721207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:51.200655937 CEST49721587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:51.201457977 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:51.383029938 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:51.383104086 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:51.650919914 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:51.652545929 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:51.834326029 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:51.834520102 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:52.018848896 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:52.019671917 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:52.208059072 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:52.208141088 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:52.208234072 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:52.208264112 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:52.210587978 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:52.396621943 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:52.402585030 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:52.588629961 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:52.588948011 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:52.770610094 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:52.771517992 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:52.953963995 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:52.954135895 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.135474920 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.135710955 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.346139908 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.346838951 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.528388977 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.530940056 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.530940056 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.531039953 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.531039953 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.536596060 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.712413073 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.712443113 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.712459087 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.712474108 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.712505102 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.712622881 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.717828989 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.717870951 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.717886925 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.717911959 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.718027115 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.718029976 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.718180895 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.759032965 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.759227037 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.893809080 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.897049904 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.899193048 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.899441004 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.899473906 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.899540901 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.899554014 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.899565935 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.899714947 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.899830103 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.899835110 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.899944067 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.899956942 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.900038004 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.940757990 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.944633961 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:53.980912924 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:53.983659029 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:54.078552008 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.078670979 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.079272032 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:54.080944061 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.081151962 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.081322908 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.081545115 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.081846952 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.081971884 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.082097054 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.082207918 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.082299948 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.082341909 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.082431078 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.082463980 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.083467960 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.083529949 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.083563089 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.083725929 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.083796978 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.084024906 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.084124088 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.084156990 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.084208012 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.084357977 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.126090050 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.126149893 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.126187086 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.126220942 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.165000916 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.165050983 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.260935068 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.260994911 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.261029005 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.261063099 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.262022972 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:54.312593937 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:57.126854897 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:57.308378935 CEST58749722207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:57.308743954 CEST49722587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:57.309850931 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:57.490462065 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:57.490531921 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:57.700377941 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:57.706568003 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:57.888022900 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:57.895168066 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:58.077037096 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:58.077519894 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:58.266716957 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:58.266812086 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:58.266829967 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:58.267133951 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:58.269151926 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:58.450022936 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:58.451761961 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:58.633090019 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:58.633539915 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:58.814985991 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:58.815259933 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:58.997390032 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:58.997627974 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.178704023 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.182620049 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.393413067 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.393892050 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.574903965 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.575314045 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.575314045 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.575391054 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.575391054 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.576704979 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.756242037 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.756283045 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.756323099 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.756349087 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.756393909 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.756673098 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.757505894 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.757540941 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.757615089 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.757647991 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.757653952 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.757711887 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.798007965 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.798151016 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.937331915 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.937442064 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.938283920 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.938350916 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.938541889 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.938617945 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.938699961 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.938859940 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.938914061 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.939069986 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.939172029 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.939208031 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.939228058 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.939239025 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.939486027 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.939625978 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:44:59.978849888 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:44:59.978954077 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:00.118598938 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.118622065 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.118700981 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:00.119554043 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.119638920 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.119672060 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.119683981 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.119755983 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.120210886 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.120322943 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.120507002 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.120701075 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.120810986 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121021986 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121156931 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121220112 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121285915 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121387005 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121429920 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121485949 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121537924 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121726036 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121807098 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121881008 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121951103 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.121963978 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.160002947 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.160032034 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.160051107 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.160067081 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.299431086 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.299449921 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.300605059 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:00.357394934 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:04.558661938 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:04.739595890 CEST58749723207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:04.740067959 CEST49723587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:04.741101027 CEST49724587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:04.922286987 CEST58749724207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:04.922375917 CEST49724587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:05.121305943 CEST58749724207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:05.121463060 CEST49724587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:05.302886009 CEST58749724207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:05.303024054 CEST49724587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:05.485203028 CEST58749724207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:05.485627890 CEST49724587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:05.674029112 CEST58749724207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:05.674104929 CEST58749724207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:05.674146891 CEST58749724207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:05.674376965 CEST49724587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:05.678191900 CEST49724587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:05.859668016 CEST58749724207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:05.861568928 CEST49724587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:05.952661037 CEST49724587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:06.003801107 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:06.042984009 CEST58749724207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:06.043088913 CEST49724587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:06.133990049 CEST58749724207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:06.134121895 CEST49724587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:06.134598017 CEST58749724207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:06.134818077 CEST49724587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:06.184953928 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:06.185065985 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:06.542368889 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:06.542551041 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:06.724222898 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:06.724844933 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:06.906877995 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:06.965418100 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:07.024311066 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:07.213001013 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:07.213053942 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:07.213089943 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:07.213138103 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:07.215946913 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:07.397274971 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:07.449795961 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:08.493633986 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:08.675462961 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:08.675745010 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:08.857604980 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:08.857959986 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.047146082 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.047431946 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.228828907 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.229099035 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.450254917 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.450438023 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.631681919 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.632566929 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.632566929 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.632633924 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.632633924 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.635059118 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.813612938 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.813632011 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.813643932 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.813657045 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.813716888 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.813781977 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.815963030 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.815983057 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.816034079 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.816045046 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.816145897 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.816145897 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.816168070 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.816179037 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.816205025 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.816322088 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.857106924 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.860816956 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.994982958 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.995193958 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.997071981 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.997334957 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.997387886 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.997435093 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.997497082 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:09.997569084 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:09.997642040 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:10.037903070 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.038022995 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:10.041961908 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.042329073 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:10.176234961 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.176259995 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.176443100 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:10.178525925 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.178610086 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.178647041 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.178903103 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.178940058 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.178999901 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.179040909 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.179085016 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.179130077 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.179162025 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.179295063 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.179307938 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.179317951 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.179327965 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.218995094 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.219010115 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.226634026 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.226643085 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.226645947 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.226653099 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.359215975 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.359261990 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.359313965 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.359350920 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.359770060 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:10.528675079 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:11.856683016 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:12.037827015 CEST58749725207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:12.039715052 CEST49725587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:12.039720058 CEST49726587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:12.220737934 CEST58749726207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:12.220881939 CEST49726587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:12.453564882 CEST58749726207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:12.453774929 CEST49726587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:12.635219097 CEST58749726207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:12.636392117 CEST49726587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:12.818665028 CEST58749726207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:12.819129944 CEST49726587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:13.007596016 CEST58749726207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:13.007623911 CEST58749726207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:13.007642031 CEST58749726207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:13.007700920 CEST49726587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:13.010349989 CEST49726587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:13.191581011 CEST58749726207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:13.194077969 CEST49726587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:13.356453896 CEST49726587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:13.375370026 CEST58749726207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:13.375499964 CEST49726587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:13.428397894 CEST49727587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:13.537600994 CEST58749726207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:13.537699938 CEST49726587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:13.538265944 CEST58749726207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:13.538310051 CEST49726587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:13.609525919 CEST58749727207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:13.616782904 CEST49727587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:13.885320902 CEST58749727207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:13.886836052 CEST49727587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:14.068325043 CEST58749727207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:14.068545103 CEST49727587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:14.251041889 CEST58749727207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:14.251557112 CEST49727587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:14.440020084 CEST58749727207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:14.440080881 CEST58749727207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:14.440138102 CEST58749727207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:14.440159082 CEST49727587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:14.444684982 CEST49727587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:14.511384010 CEST49727587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:14.579699039 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:14.626246929 CEST58749727207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:14.626317024 CEST49727587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:14.692760944 CEST58749727207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:14.692874908 CEST49727587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:14.693411112 CEST58749727207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:14.693459034 CEST49727587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:14.758038998 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:14.758121967 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:14.964283943 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:14.964447021 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:15.143019915 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:15.143179893 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:15.322720051 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:15.323296070 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:15.508749008 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:15.508769989 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:15.508785009 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:15.508856058 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:15.512618065 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:15.691355944 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:15.696719885 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:15.875350952 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:15.880702972 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.059686899 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.060910940 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.240472078 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.240900993 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.419790983 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.421444893 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.627607107 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.627898932 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.806375980 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.806736946 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.806936979 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.807008028 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.807085991 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.814109087 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.985132933 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.985171080 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.985224009 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.985259056 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.985265970 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.985311031 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.992369890 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.992496967 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.992530107 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.992563009 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:16.992563963 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.992597103 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:16.992635012 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.032996893 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.033212900 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.163578987 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.163738966 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.170895100 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.171001911 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.171138048 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.171216011 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.171231985 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.171248913 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.171255112 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.171267986 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.171314955 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.171488047 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.171550035 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.211507082 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.211585045 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.257006884 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.342080116 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.342104912 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.342158079 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.349251986 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.349370003 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.349405050 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.349709988 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.349742889 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.349838018 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.349912882 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.349982977 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.350018024 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.350145102 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.350239038 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.350272894 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.350307941 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.350338936 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.350370884 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.350403070 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.350435019 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.350616932 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.350682020 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.350742102 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.390008926 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.390033007 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.438004017 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.438081980 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.520751953 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.520776987 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.521162033 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.521225929 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.521841049 CEST58749728207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.521883011 CEST49728587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.670512915 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.670779943 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:17.851830006 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:17.852488041 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:18.034317017 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:18.034848928 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:18.222646952 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:18.222675085 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:18.222712040 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:18.222810984 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:18.228707075 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:18.409883022 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:18.419970989 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:18.601212978 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:18.601571083 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:18.782836914 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:18.783152103 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:18.965166092 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:18.965604067 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.146709919 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.147088051 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.366256952 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.366491079 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.547437906 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.547805071 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.547852039 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.547909975 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.547969103 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.549379110 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.677845955 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.728732109 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.728774071 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.728790998 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.728827953 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.728902102 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.730216980 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.730412006 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.730451107 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.730499029 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.730655909 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.730771065 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.771979094 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.774823904 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.859153986 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.859378099 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.909946918 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.911179066 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.911289930 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.911604881 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.911643028 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.911824942 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.911997080 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.912812948 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:19.955766916 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:19.955868006 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:20.067881107 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.070954084 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:20.092168093 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.092202902 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.092222929 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.092284918 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.092431068 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.092696905 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.092717886 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.092770100 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.092808008 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.092952967 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093008995 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093116999 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093200922 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093220949 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093337059 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093400002 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093471050 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093592882 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093636036 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093655109 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093683004 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093722105 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.093767881 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.137294054 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.137975931 CEST58749729207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.139873981 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:20.139873981 CEST49729587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:20.252415895 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.253015041 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:20.435167074 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.436060905 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:20.624531031 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.624557972 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.624576092 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.624608040 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:20.627491951 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:20.808799982 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.814008951 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:20.995281935 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:20.995543957 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:21.177073956 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:21.177382946 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:21.359627008 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:21.359954119 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:21.541197062 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:21.541507006 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:21.751048088 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:21.752952099 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:21.934241056 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:21.934848070 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:21.934848070 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:21.934940100 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:21.934940100 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:21.936759949 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:22.115989923 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.116049051 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.116082907 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.116092920 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:22.116134882 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.116568089 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:22.117707014 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.117814064 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.117830038 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:22.117846012 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.117880106 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.117918015 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:22.118020058 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:22.297652960 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.299088955 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.299369097 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.299401045 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:22.299467087 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.299597025 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:22.299640894 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.299779892 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:22.299804926 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.299915075 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:22.480640888 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.480710030 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.480720043 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.480803967 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:22.480851889 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.480906010 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481116056 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481163979 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481257915 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481290102 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481374979 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481409073 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481441021 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481473923 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481506109 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481561899 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481595039 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481652021 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481684923 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481769085 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481801987 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481833935 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481865883 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481898069 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481930017 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481961966 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.481996059 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.482054949 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.482100010 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.662336111 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.662390947 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.662446976 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.662750959 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:22.715493917 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.116755962 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.221992016 CEST49731587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.298075914 CEST58749730207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:26.298690081 CEST49730587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.300765991 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.401649952 CEST58749731207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:26.401777029 CEST49731587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.481487036 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:26.481703997 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.496910095 CEST49731587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.551997900 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.599258900 CEST58749731207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:26.599399090 CEST49731587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.676393986 CEST58749731207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:26.676445007 CEST49731587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.676847935 CEST58749731207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:26.676887035 CEST49731587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.714258909 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:26.714375973 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.730705976 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:26.730786085 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.895464897 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:26.895682096 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:26.937357903 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:26.937469959 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:27.077620983 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.086306095 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:27.118562937 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.118720055 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:27.274542093 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.274564981 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.274580002 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.274622917 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:27.276453972 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:27.298105955 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.298440933 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:27.457354069 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.462219000 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:27.483933926 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.483963013 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.483992100 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.484010935 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:27.485704899 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:27.643325090 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.643805981 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:27.664279938 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.668756962 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:27.825073004 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.825417995 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:27.847193956 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:27.847424030 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.007311106 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.008836031 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.026249886 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.039381981 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.044769049 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.099792957 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.189863920 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.190329075 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.218801975 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.220827103 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.223059893 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.223164082 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.223874092 CEST58749733207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.224076986 CEST49733587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.281100035 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.281964064 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.411726952 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.411973953 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.514308929 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.514502048 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.592797041 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.593373060 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.593373060 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.593436956 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.593492031 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.594769001 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.695862055 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.696031094 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.774542093 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.774605036 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.774640083 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.774661064 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.774673939 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.774723053 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.775588989 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.775624037 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.775650978 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.775695086 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.775937080 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.775994062 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.776014090 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.776073933 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.816210032 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.816282988 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.878372908 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.878890991 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.955674887 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.955750942 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.956479073 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.956549883 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.956799030 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.956835985 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.956861019 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.956903934 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.956935883 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.956994057 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.957112074 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.957185030 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.957246065 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.957303047 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.957439899 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.957537889 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.957598925 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:28.997396946 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:28.997462034 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:29.067040920 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.067111015 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.067194939 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.067286015 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:29.069211006 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:29.136867046 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.136888981 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.136976004 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:29.137897968 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.137934923 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.137995005 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.138093948 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.138946056 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.139013052 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.139117956 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.139215946 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.139297962 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.139369965 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.139494896 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.139533043 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.139544010 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.139575958 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.139631987 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.139688015 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.139976025 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.140068054 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.140079975 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.140115976 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.140177011 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.140208006 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.140219927 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.178505898 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.178541899 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.178575039 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.178680897 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.250484943 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.253371954 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:29.318011045 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.318727970 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.318849087 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.318964005 CEST58749732207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.371891022 CEST49732587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:29.434822083 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.435046911 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:29.616887093 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.621054888 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:29.803561926 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.803777933 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:29.985060930 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:29.985414982 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.206072092 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.207075119 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.388325930 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.393121958 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.393170118 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.393170118 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.393275023 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.395828009 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.574170113 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.574193954 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.574204922 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.574223042 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.574301958 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.576802015 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.576819897 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.576880932 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.576968908 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.576999903 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.577069044 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.618048906 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.618115902 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.755693913 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.755781889 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.758040905 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.758111954 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.758287907 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.758301020 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.758357048 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.758457899 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.758514881 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.758671045 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.758718014 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.758755922 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.758939981 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.759033918 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.759098053 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.799299955 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.799376011 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.937064886 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.937107086 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.937145948 CEST49734587192.168.2.10207.174.215.249
                                                          Apr 24, 2024 02:45:30.939188004 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.939207077 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.939408064 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.939696074 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.939806938 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.939974070 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.940109968 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.940192938 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.940277100 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.940344095 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.940414906 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.940428972 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.940773010 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.940984964 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.941165924 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.941200972 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.941273928 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.941473961 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.941667080 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.941771984 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.941837072 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.941955090 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.942114115 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.981049061 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.981183052 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.981288910 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:30.981352091 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:31.118206024 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:31.118232012 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:31.118244886 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:31.118700981 CEST58749734207.174.215.249192.168.2.10
                                                          Apr 24, 2024 02:45:31.168684006 CEST49734587192.168.2.10207.174.215.249

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Apr 24, 2024 02:42:55.226752996 CEST5969153192.168.2.101.1.1.1
                                                          Apr 24, 2024 02:42:55.380757093 CEST53596911.1.1.1192.168.2.10
                                                          Apr 24, 2024 02:42:56.986483097 CEST5261653192.168.2.101.1.1.1
                                                          Apr 24, 2024 02:42:57.262983084 CEST53526161.1.1.1192.168.2.10

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Apr 24, 2024 02:42:55.226752996 CEST192.168.2.101.1.1.10x53acStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                          Apr 24, 2024 02:42:56.986483097 CEST192.168.2.101.1.1.10x72abStandard query (0)mail.starmech.netA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Apr 24, 2024 02:42:55.380757093 CEST1.1.1.1192.168.2.100x53acNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                          Apr 24, 2024 02:42:55.380757093 CEST1.1.1.1192.168.2.100x53acNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                          Apr 24, 2024 02:42:55.380757093 CEST1.1.1.1192.168.2.100x53acNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                          Apr 24, 2024 02:42:57.262983084 CEST1.1.1.1192.168.2.100x72abNo error (0)mail.starmech.net207.174.215.249A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • api.ipify.org

                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.1049708172.67.74.1524431384C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-04-24 00:42:55 UTC155OUTGET / HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                          Host: api.ipify.org
                                                          Connection: Keep-Alive
                                                          2024-04-24 00:42:56 UTC211INHTTP/1.1 200 OK
                                                          Date: Wed, 24 Apr 2024 00:42:56 GMT
                                                          Content-Type: text/plain
                                                          Content-Length: 13
                                                          Connection: close
                                                          Vary: Origin
                                                          CF-Cache-Status: DYNAMIC
                                                          Server: cloudflare
                                                          CF-RAY: 87920e64190b2f5c-LAX
                                                          2024-04-24 00:42:56 UTC13INData Raw: 31 35 34 2e 31 36 2e 31 30 35 2e 33 36
                                                          Data Ascii: 154.16.105.36


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.1049712172.67.74.1524438408C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-04-24 00:43:00 UTC155OUTGET / HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                          Host: api.ipify.org
                                                          Connection: Keep-Alive
                                                          2024-04-24 00:43:01 UTC211INHTTP/1.1 200 OK
                                                          Date: Wed, 24 Apr 2024 00:43:01 GMT
                                                          Content-Type: text/plain
                                                          Content-Length: 13
                                                          Connection: close
                                                          Vary: Origin
                                                          CF-Cache-Status: DYNAMIC
                                                          Server: cloudflare
                                                          CF-RAY: 87920e841aa57bf5-LAX
                                                          2024-04-24 00:43:01 UTC13INData Raw: 31 35 34 2e 31 36 2e 31 30 35 2e 33 36
                                                          Data Ascii: 154.16.105.36


                                                          SMTP Packets

                                                          TimestampSource PortDest PortSource IPDest IPCommands
                                                          Apr 24, 2024 02:42:57.780986071 CEST58749709207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:12:57 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:42:57.785701990 CEST49709587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:42:57.969101906 CEST58749709207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:42:57.969310045 CEST49709587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:42:58.153434992 CEST58749709207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:43:02.578917980 CEST58749713207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:13:02 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:43:02.579199076 CEST49713587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:43:02.760620117 CEST58749713207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:43:02.760807991 CEST49713587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:43:02.943286896 CEST58749713207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:44:42.264837980 CEST58749719207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:14:42 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:44:42.264998913 CEST49719587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:44:42.396311045 CEST58749720207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:14:42 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:44:42.396644115 CEST49720587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:44:42.446244001 CEST58749719207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:44:42.446475029 CEST49719587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:44:42.577734947 CEST58749720207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:44:42.577872038 CEST49720587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:44:42.628575087 CEST58749719207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:44:42.759677887 CEST58749720207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:44:44.959297895 CEST58749719207.174.215.249192.168.2.10421 Lost incoming connection
                                                          Apr 24, 2024 02:44:45.201580048 CEST58749721207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:14:45 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:44:45.201790094 CEST49721587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:44:45.383179903 CEST58749721207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:44:45.383475065 CEST49721587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:44:45.566278934 CEST58749721207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:44:51.650919914 CEST58749722207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:14:51 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:44:51.652545929 CEST49722587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:44:51.834326029 CEST58749722207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:44:51.834520102 CEST49722587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:44:52.018848896 CEST58749722207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:44:57.700377941 CEST58749723207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:14:57 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:44:57.706568003 CEST49723587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:44:57.888022900 CEST58749723207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:44:57.895168066 CEST49723587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:44:58.077037096 CEST58749723207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:45:05.121305943 CEST58749724207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:15:05 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:45:05.121463060 CEST49724587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:45:05.302886009 CEST58749724207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:45:05.303024054 CEST49724587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:45:05.485203028 CEST58749724207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:45:06.133990049 CEST58749724207.174.215.249192.168.2.10421 md-35.webhostbox.net lost input connection
                                                          Apr 24, 2024 02:45:06.542368889 CEST58749725207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:15:06 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:45:06.542551041 CEST49725587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:45:06.724222898 CEST58749725207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:45:06.724844933 CEST49725587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:45:06.906877995 CEST58749725207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:45:12.453564882 CEST58749726207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:15:12 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:45:12.453774929 CEST49726587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:45:12.635219097 CEST58749726207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:45:12.636392117 CEST49726587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:45:12.818665028 CEST58749726207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:45:13.537600994 CEST58749726207.174.215.249192.168.2.10421 md-35.webhostbox.net lost input connection
                                                          Apr 24, 2024 02:45:13.885320902 CEST58749727207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:15:13 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:45:13.886836052 CEST49727587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:45:14.068325043 CEST58749727207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:45:14.068545103 CEST49727587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:45:14.251041889 CEST58749727207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:45:14.692760944 CEST58749727207.174.215.249192.168.2.10421 md-35.webhostbox.net lost input connection
                                                          Apr 24, 2024 02:45:14.964283943 CEST58749728207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:15:14 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:45:14.964447021 CEST49728587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:45:15.143019915 CEST58749728207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:45:15.143179893 CEST49728587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:45:15.322720051 CEST58749728207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:45:17.521162033 CEST58749728207.174.215.249192.168.2.10421 Lost incoming connection
                                                          Apr 24, 2024 02:45:17.670512915 CEST58749729207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:15:17 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:45:17.670779943 CEST49729587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:45:17.851830006 CEST58749729207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:45:17.852488041 CEST49729587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:45:18.034317017 CEST58749729207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:45:20.067881107 CEST58749730207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:15:19 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:45:20.070954084 CEST49730587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:45:20.137294054 CEST58749729207.174.215.249192.168.2.10421 Lost incoming connection
                                                          Apr 24, 2024 02:45:20.252415895 CEST58749730207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:45:20.253015041 CEST49730587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:45:20.435167074 CEST58749730207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:45:26.599258900 CEST58749731207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:15:26 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:45:26.676393986 CEST58749731207.174.215.249192.168.2.10421 md-35.webhostbox.net lost input connection
                                                          Apr 24, 2024 02:45:26.714258909 CEST58749732207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:15:26 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:45:26.714375973 CEST49732587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:45:26.895464897 CEST58749732207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:45:26.895682096 CEST49732587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:45:26.937357903 CEST58749733207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:15:26 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:45:26.937469959 CEST49733587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:45:27.077620983 CEST58749732207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:45:27.118562937 CEST58749733207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:45:27.118720055 CEST49733587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:45:27.298105955 CEST58749733207.174.215.249192.168.2.10220 TLS go ahead
                                                          Apr 24, 2024 02:45:28.223059893 CEST58749733207.174.215.249192.168.2.10421 md-35.webhostbox.net lost input connection
                                                          Apr 24, 2024 02:45:28.514308929 CEST58749734207.174.215.249192.168.2.10220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Wed, 24 Apr 2024 06:15:28 +0530
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Apr 24, 2024 02:45:28.514502048 CEST49734587192.168.2.10207.174.215.249EHLO 965543
                                                          Apr 24, 2024 02:45:28.695862055 CEST58749734207.174.215.249192.168.2.10250-md-35.webhostbox.net Hello 965543 [154.16.105.36]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Apr 24, 2024 02:45:28.696031094 CEST49734587192.168.2.10207.174.215.249STARTTLS
                                                          Apr 24, 2024 02:45:28.878372908 CEST58749734207.174.215.249192.168.2.10220 TLS go ahead

                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:02:42:51
                                                          Start date:24/04/2024
                                                          Path:C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe"
                                                          Imagebase:0xd80000
                                                          File size:685'056 bytes
                                                          MD5 hash:5385333A8618DAC516B8B33B0BBF11A1
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1339206516.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1339206516.0000000004F89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:3
                                                          Start time:02:42:52
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BARSYL SHIPPING Co (VIETNAM).exe"
                                                          Imagebase:0x3b0000
                                                          File size:433'152 bytes
                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:4
                                                          Start time:02:42:53
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff620390000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:5
                                                          Start time:02:42:53
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wpvgIECypA.exe"
                                                          Imagebase:0x3b0000
                                                          File size:433'152 bytes
                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:6
                                                          Start time:02:42:53
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff620390000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:7
                                                          Start time:02:42:53
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp6A32.tmp"
                                                          Imagebase:0xa60000
                                                          File size:187'904 bytes
                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:8
                                                          Start time:02:42:53
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff620390000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:9
                                                          Start time:02:42:53
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                                          Imagebase:0x9f0000
                                                          File size:45'984 bytes
                                                          MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.1376206083.0000000002FDC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.1376206083.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.1376206083.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.1376206083.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.1370919411.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.1370919411.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:10
                                                          Start time:02:42:54
                                                          Start date:24/04/2024
                                                          Path:C:\Users\user\AppData\Roaming\wpvgIECypA.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Roaming\wpvgIECypA.exe
                                                          Imagebase:0x9a0000
                                                          File size:685'056 bytes
                                                          MD5 hash:5385333A8618DAC516B8B33B0BBF11A1
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.1396381178.0000000004AC9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.1396381178.0000000004AC9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          Antivirus matches:
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 54%, ReversingLabs
                                                          • Detection: 34%, Virustotal, Browse
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:11
                                                          Start time:02:42:56
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                          Imagebase:0x7ff6616b0000
                                                          File size:496'640 bytes
                                                          MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                          Has elevated privileges:true
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:12
                                                          Start time:02:42:59
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wpvgIECypA" /XML "C:\Users\user\AppData\Local\Temp\tmp80E7.tmp"
                                                          Imagebase:0xa60000
                                                          File size:187'904 bytes
                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:13
                                                          Start time:02:42:59
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff620390000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:14
                                                          Start time:02:42:59
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                                          Imagebase:0x7b0000
                                                          File size:45'984 bytes
                                                          MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.3759975358.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.3759975358.0000000002B6B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:15
                                                          Start time:02:43:05
                                                          Start date:24/04/2024
                                                          Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                          Imagebase:0xbc0000
                                                          File size:45'984 bytes
                                                          MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 0%, ReversingLabs
                                                          • Detection: 0%, Virustotal, Browse
                                                          Has exited:true

                                                          General

                                                          Target ID:16
                                                          Start time:02:43:05
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff620390000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:18
                                                          Start time:02:43:14
                                                          Start date:24/04/2024
                                                          Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                          Imagebase:0x5e0000
                                                          File size:45'984 bytes
                                                          MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          General

                                                          Target ID:19
                                                          Start time:02:43:14
                                                          Start date:24/04/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff620390000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:12.4%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:187
                                                            Total number of Limit Nodes:9
                                                            execution_graph 31472 16449e0 31473 16449e9 31472->31473 31474 16449ef 31473->31474 31476 1644ad8 31473->31476 31477 1644afd 31476->31477 31481 1644ff0 31477->31481 31485 1644fe1 31477->31485 31482 1644ffe 31481->31482 31484 16450f4 31482->31484 31489 1644c5c 31482->31489 31486 1644fef 31485->31486 31487 16450f4 31486->31487 31488 1644c5c CreateActCtxA 31486->31488 31487->31487 31488->31487 31490 1646080 CreateActCtxA 31489->31490 31492 1646143 31490->31492 31500 164d580 31501 164d5c6 GetCurrentProcess 31500->31501 31503 164d611 31501->31503 31504 164d618 GetCurrentThread 31501->31504 31503->31504 31505 164d655 GetCurrentProcess 31504->31505 31506 164d64e 31504->31506 31507 164d68b 31505->31507 31506->31505 31508 164d6b3 GetCurrentThreadId 31507->31508 31509 164d6e4 31508->31509 31510 164dbd0 DuplicateHandle 31511 164dc66 31510->31511 31512 164b210 31513 164b21f 31512->31513 31515 164b2f9 31512->31515 31516 164b319 31515->31516 31517 164b33c 31515->31517 31516->31517 31523 164b5a0 31516->31523 31527 164b591 31516->31527 31517->31513 31518 164b334 31518->31517 31519 164b540 GetModuleHandleW 31518->31519 31520 164b56d 31519->31520 31520->31513 31524 164b5b4 31523->31524 31526 164b5d9 31524->31526 31531 164a690 31524->31531 31526->31518 31528 164b5b4 31527->31528 31529 164a690 LoadLibraryExW 31528->31529 31530 164b5d9 31528->31530 31529->31530 31530->31518 31532 164b760 LoadLibraryExW 31531->31532 31534 164b7d9 31532->31534 31534->31526 31535 187833b 31536 187829c 31535->31536 31537 18782ac 31535->31537 31541 187b118 31536->31541 31558 187b0c8 31536->31558 31575 187b0b8 31536->31575 31542 187b0bc 31541->31542 31549 187b0ea 31542->31549 31592 187bb10 31542->31592 31597 187bc93 31542->31597 31601 187bb34 31542->31601 31606 187bc2a 31542->31606 31611 187baca 31542->31611 31616 187b84a 31542->31616 31621 187b5cd 31542->31621 31626 187b62f 31542->31626 31630 187ba47 31542->31630 31635 187b578 31542->31635 31639 187b6f9 31542->31639 31644 187b679 31542->31644 31649 187b8db 31542->31649 31653 187b7fe 31542->31653 31549->31537 31559 187b0e2 31558->31559 31560 187b0ea 31559->31560 31561 187ba47 2 API calls 31559->31561 31562 187b62f 2 API calls 31559->31562 31563 187b5cd 2 API calls 31559->31563 31564 187b84a 2 API calls 31559->31564 31565 187baca 2 API calls 31559->31565 31566 187bc2a 2 API calls 31559->31566 31567 187bb34 2 API calls 31559->31567 31568 187bc93 2 API calls 31559->31568 31569 187bb10 2 API calls 31559->31569 31570 187b7fe 2 API calls 31559->31570 31571 187b8db 2 API calls 31559->31571 31572 187b679 2 API calls 31559->31572 31573 187b6f9 2 API calls 31559->31573 31574 187b578 2 API calls 31559->31574 31560->31537 31561->31560 31562->31560 31563->31560 31564->31560 31565->31560 31566->31560 31567->31560 31568->31560 31569->31560 31570->31560 31571->31560 31572->31560 31573->31560 31574->31560 31576 187b0bc 31575->31576 31577 187ba47 2 API calls 31576->31577 31578 187b62f 2 API calls 31576->31578 31579 187b5cd 2 API calls 31576->31579 31580 187b84a 2 API calls 31576->31580 31581 187baca 2 API calls 31576->31581 31582 187bc2a 2 API calls 31576->31582 31583 187b0ea 31576->31583 31584 187bb34 2 API calls 31576->31584 31585 187bc93 2 API calls 31576->31585 31586 187bb10 2 API calls 31576->31586 31587 187b7fe 2 API calls 31576->31587 31588 187b8db 2 API calls 31576->31588 31589 187b679 2 API calls 31576->31589 31590 187b6f9 2 API calls 31576->31590 31591 187b578 2 API calls 31576->31591 31577->31583 31578->31583 31579->31583 31580->31583 31581->31583 31582->31583 31583->31537 31584->31583 31585->31583 31586->31583 31587->31583 31588->31583 31589->31583 31590->31583 31591->31583 31593 187b5d9 31592->31593 31657 1877920 31593->31657 31661 1877918 31593->31661 31594 187bdcd 31665 187740a 31597->31665 31669 1877410 31597->31669 31598 187bcad 31602 187ba5e 31601->31602 31603 187ba7f 31601->31603 31673 18779e0 31602->31673 31677 18779da 31602->31677 31603->31549 31607 187bf2e 31606->31607 31609 1877410 Wow64SetThreadContext 31607->31609 31610 187740a Wow64SetThreadContext 31607->31610 31608 187bf49 31609->31608 31610->31608 31612 187b5d9 31611->31612 31614 1877920 VirtualAllocEx 31612->31614 31615 1877918 VirtualAllocEx 31612->31615 31613 187bdcd 31614->31613 31615->31613 31617 187b86b 31616->31617 31681 187c2b0 31617->31681 31686 187c2c0 31617->31686 31618 187b87e 31618->31549 31622 187b5d9 31621->31622 31624 1877920 VirtualAllocEx 31622->31624 31625 1877918 VirtualAllocEx 31622->31625 31623 187bdcd 31624->31623 31625->31623 31628 18779e0 WriteProcessMemory 31626->31628 31629 18779da WriteProcessMemory 31626->31629 31627 187b65d 31627->31549 31628->31627 31629->31627 31631 187ba4d 31630->31631 31633 18779e0 WriteProcessMemory 31631->31633 31634 18779da WriteProcessMemory 31631->31634 31632 187ba7f 31632->31549 31633->31632 31634->31632 31699 1877c5c 31635->31699 31704 1877c68 31635->31704 31640 187b5d9 31639->31640 31642 1877920 VirtualAllocEx 31640->31642 31643 1877918 VirtualAllocEx 31640->31643 31641 187bdcd 31642->31641 31643->31641 31645 187b686 31644->31645 31647 187c2b0 2 API calls 31645->31647 31648 187c2c0 2 API calls 31645->31648 31646 187b87e 31646->31549 31647->31646 31648->31646 31708 1877ad0 31649->31708 31712 1877ac9 31649->31712 31650 187b917 31655 18779e0 WriteProcessMemory 31653->31655 31656 18779da WriteProcessMemory 31653->31656 31654 187b822 31654->31549 31655->31654 31656->31654 31658 1877960 VirtualAllocEx 31657->31658 31660 187799d 31658->31660 31660->31594 31662 1877920 VirtualAllocEx 31661->31662 31664 187799d 31662->31664 31664->31594 31666 1877410 Wow64SetThreadContext 31665->31666 31668 187749d 31666->31668 31668->31598 31670 1877455 Wow64SetThreadContext 31669->31670 31672 187749d 31670->31672 31672->31598 31674 1877a28 WriteProcessMemory 31673->31674 31676 1877a7f 31674->31676 31676->31603 31678 18779e0 WriteProcessMemory 31677->31678 31680 1877a7f 31678->31680 31680->31603 31682 187c2c0 31681->31682 31691 1877360 31682->31691 31695 187735a 31682->31695 31683 187c2e8 31683->31618 31687 187c2c7 31686->31687 31689 1877360 ResumeThread 31687->31689 31690 187735a ResumeThread 31687->31690 31688 187c2e8 31688->31618 31689->31688 31690->31688 31692 18773a0 ResumeThread 31691->31692 31694 18773d1 31692->31694 31694->31683 31696 18773a0 ResumeThread 31695->31696 31698 18773d1 31696->31698 31698->31683 31700 1877c0a 31699->31700 31701 1877c62 CreateProcessA 31699->31701 31703 1877eb3 31701->31703 31705 1877ccd CreateProcessA 31704->31705 31707 1877eb3 31705->31707 31709 1877b1b ReadProcessMemory 31708->31709 31711 1877b5f 31709->31711 31711->31650 31713 1877b1b ReadProcessMemory 31712->31713 31715 1877b5f 31713->31715 31715->31650 31493 187c348 31494 187c4d3 31493->31494 31496 187c36e 31493->31496 31496->31494 31497 1879120 31496->31497 31498 187c5c8 PostMessageW 31497->31498 31499 187c634 31498->31499 31499->31496

                                                            Executed Functions

                                                            Function 078F5028 Relevance: 3.9, Strings: 3, Instructions: 179COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 159 78f5028-78f5034 160 78f4fbb-78f4fcd 159->160 161 78f5036 159->161 162 78f4fcf 160->162 163 78f4fd4-78f4fe0 160->163 164 78f503f-78f5059 161->164 165 78f5038-78f503e 161->165 162->163 166 78f505b 164->166 167 78f5060-78f5085 164->167 165->164 166->167 168 78f508c-78f5098 167->168 169 78f5087 167->169 171 78f509b 168->171 169->168 172 78f50a2-78f50be 171->172 173 78f50c7-78f50c8 172->173 174 78f50c0 172->174 179 78f523a-78f523e 173->179 174->171 174->173 175 78f521e-78f5235 174->175 176 78f50cd-78f50ee 174->176 177 78f511d-78f513b 174->177 178 78f51fb-78f51fe 174->178 174->179 180 78f51aa-78f51c1 174->180 181 78f515a-78f5161 174->181 182 78f51c6-78f51d0 174->182 183 78f50f0-78f50f4 174->183 184 78f5140-78f5155 174->184 175->172 176->172 177->172 195 78f5201 call 78f5280 178->195 196 78f5201 call 78f5270 178->196 180->172 185 78f5168-78f51a5 181->185 186 78f5163 181->186 187 78f51d7-78f51f6 182->187 188 78f51d2 182->188 189 78f5107-78f510e 183->189 190 78f50f6-78f5105 183->190 184->172 185->172 186->185 187->172 188->187 191 78f5115-78f511b 189->191 190->191 191->172 192 78f5207-78f5219 192->172 195->192 196->192
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 7Z/t$RWIK$[[bb
                                                            • API String ID: 0-1157992699
                                                            • Opcode ID: bb05a584827f7c9c0463840582c1e6acc7673ee1f9182de5f9ac019a20dd64d9
                                                            • Instruction ID: 2275e7e6509e437cc75a890e18f6f59d4ec7e134abc1bb881bb285d8a771fc14
                                                            • Opcode Fuzzy Hash: bb05a584827f7c9c0463840582c1e6acc7673ee1f9182de5f9ac019a20dd64d9
                                                            • Instruction Fuzzy Hash: E9613AB0E1520A8FCB08CFAAC8406AEFBF2BF99310F14D56AD515E7254E7348A518F94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F6860 Relevance: 1.6, Strings: 1, Instructions: 369COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 399 78f6860-78f68f4 401 78f6956-78f6975 399->401 402 78f68f6-78f6914 399->402 403 78f697c-78f69ba call 78f6f81 401->403 404 78f6977 401->404 406 78f69c0 403->406 404->403 407 78f69c7-78f69e3 406->407 408 78f69ec-78f69ed 407->408 409 78f69e5 407->409 410 78f6d7c-78f6d8f 408->410 411 78f69f2-78f6a09 408->411 409->406 409->410 409->411 412 78f6c8f-78f6caf 409->412 413 78f6b8f-78f6baf 409->413 414 78f6bce-78f6bd2 409->414 415 78f6b4e-78f6b60 409->415 416 78f6d4c-78f6d50 409->416 417 78f6a0b-78f6a0f 409->417 418 78f6ac9-78f6ad5 409->418 419 78f6b1a-78f6b26 409->419 420 78f6c18-78f6c2c 409->420 421 78f6d14-78f6d2b 409->421 422 78f6a6f-78f6a78 409->422 423 78f6ceb-78f6cf8 409->423 424 78f6c65-78f6c71 409->424 425 78f6b65-78f6b71 409->425 426 78f6aa4-78f6ac4 409->426 427 78f6bfe-78f6c13 409->427 428 78f6cfd-78f6d0f 409->428 429 78f6a38-78f6a44 409->429 430 78f6bb4-78f6bc9 409->430 431 78f6cb4-78f6cc0 409->431 432 78f6c31-78f6c3d 409->432 433 78f6d30-78f6d47 409->433 411->407 412->407 413->407 440 78f6be5-78f6bec 414->440 441 78f6bd4-78f6be3 414->441 415->407 436 78f6d63-78f6d6a 416->436 437 78f6d52-78f6d61 416->437 452 78f6a22-78f6a29 417->452 453 78f6a11-78f6a20 417->453 442 78f6adc-78f6af2 418->442 443 78f6ad7 418->443 448 78f6b2d-78f6b49 419->448 449 78f6b28 419->449 420->407 421->407 438 78f6a8b-78f6a92 422->438 439 78f6a7a-78f6a89 422->439 423->407 446 78f6c78-78f6c8a 424->446 447 78f6c73 424->447 454 78f6b78-78f6b8a 425->454 455 78f6b73 425->455 426->407 427->407 428->407 434 78f6a4b-78f6a6a 429->434 435 78f6a46 429->435 430->407 450 78f6cc7-78f6ce6 431->450 451 78f6cc2 431->451 444 78f6c3f 432->444 445 78f6c44-78f6c60 432->445 433->407 434->407 435->434 457 78f6d71-78f6d77 436->457 437->457 456 78f6a99-78f6a9f 438->456 439->456 460 78f6bf3-78f6bf9 440->460 441->460 471 78f6af9-78f6b15 442->471 472 78f6af4 442->472 443->442 444->445 445->407 446->407 447->446 448->407 449->448 450->407 451->450 462 78f6a30-78f6a36 452->462 453->462 454->407 455->454 456->407 457->407 460->407 462->407 471->407 472->471
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: tIh
                                                            • API String ID: 0-443931868
                                                            • Opcode ID: 1c3932301701354dcb8fad47ac78869311c6bb97aa32f8fbe97bd969b59fa25a
                                                            • Instruction ID: 092433150a8a079c8231b0075c7f956b43e4fd648dfd0bbf101d2a694e327e41
                                                            • Opcode Fuzzy Hash: 1c3932301701354dcb8fad47ac78869311c6bb97aa32f8fbe97bd969b59fa25a
                                                            • Instruction Fuzzy Hash: 61E18DB1E1420ACFCB04CFA5D4819AEFBB2FF99350B20D65AC511EB214E7349A56CF94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F6917 Relevance: 1.6, Strings: 1, Instructions: 316COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: tIh
                                                            • API String ID: 0-443931868
                                                            • Opcode ID: b8b0ce759c439a011fe41fc1b7e02866a00ef58b7e9c42daadce7eff5b153943
                                                            • Instruction ID: 91a5c42ecf01fd8a46a5803062dd22d65e268398474ac21baf976adb91ccd195
                                                            • Opcode Fuzzy Hash: b8b0ce759c439a011fe41fc1b7e02866a00ef58b7e9c42daadce7eff5b153943
                                                            • Instruction Fuzzy Hash: C0D16BB0E1420ADFCB04CFA5C4819AEFBB2FF99304B10C65AD511EB254E734AA42CF95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F6950 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: tIh
                                                            • API String ID: 0-443931868
                                                            • Opcode ID: 8e8b30fbdcbbc8e187dd2a6bd01992f05d5f77270c67a9d99ec4b959790d7a1d
                                                            • Instruction ID: 792343815c1d32c350f33d3fcfe1c5d1bf3f214e505fa6f9646161426c15e561
                                                            • Opcode Fuzzy Hash: 8e8b30fbdcbbc8e187dd2a6bd01992f05d5f77270c67a9d99ec4b959790d7a1d
                                                            • Instruction Fuzzy Hash: 69D136B0E1420ADFCB04CF95C4859AEFBB2FF99304B10D65AD511EB254E734AA42CF95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F472F Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: )"
                                                            • API String ID: 0-4237191880
                                                            • Opcode ID: 0476f46736e8ee90c8ba8a0644b5fbdc7a313c1c71d48b4c7283885400abee0d
                                                            • Instruction ID: fa806a3444f8cc11cac5bb97865481866669b680491d43898130044cbd5c3f61
                                                            • Opcode Fuzzy Hash: 0476f46736e8ee90c8ba8a0644b5fbdc7a313c1c71d48b4c7283885400abee0d
                                                            • Instruction Fuzzy Hash: 4DA145B5E15249CFDB04CFAAD8806EEFBB2FF89310F20902AC519AB254D7349956CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F47B0 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: )"
                                                            • API String ID: 0-4237191880
                                                            • Opcode ID: 19e17370f6dfe1ead53e9d0132694659782dc8535ff6977b0f5aeebd785ebd5c
                                                            • Instruction ID: f54f0db9566bd919f006291c551dde5f936ffe8ce5691da6c6474a73e38b0f11
                                                            • Opcode Fuzzy Hash: 19e17370f6dfe1ead53e9d0132694659782dc8535ff6977b0f5aeebd785ebd5c
                                                            • Instruction Fuzzy Hash: 1681D3B4E102498FDB08CFAAC984ADEFBB2FF89310F24902AD519AB354D7349945CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0187D4C8 Relevance: .4, Instructions: 397COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5069e08d74e79fa6a920e9cb1a5375c90ce6f289f72574b81d36411c2111da42
                                                            • Instruction ID: fc4a88c2439497f71c894d2709675dff63cdf4d20fd9e6848957d157cd39a858
                                                            • Opcode Fuzzy Hash: 5069e08d74e79fa6a920e9cb1a5375c90ce6f289f72574b81d36411c2111da42
                                                            • Instruction Fuzzy Hash: 2CE1AD71B016059FEB25DBB9C850BAEBBF7AF89304F14456DD24ADB290CB34EA01CB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F99E9 Relevance: .2, Instructions: 241COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 48b8cba4a8abfa17964950d4a8c23206596820c84833886e0a94394316e7e4e0
                                                            • Instruction ID: 97e72ea72f744028ffec45e844286f1bf00948b7115c205a871169de07956aea
                                                            • Opcode Fuzzy Hash: 48b8cba4a8abfa17964950d4a8c23206596820c84833886e0a94394316e7e4e0
                                                            • Instruction Fuzzy Hash: 41A129B0D16209DFCB08CF96D584A9DFBB2FB9A300F24A41AE516FB264D734A945CF14
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F96D0 Relevance: .2, Instructions: 207COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 84cdcc577641ebf9f023a9d14481f8084920ae5e6b13c15d626a7483ae79d7be
                                                            • Instruction ID: 371b558994388335d56ae42e37c8a8d3645a2f4247e807ec9d392cee40d13156
                                                            • Opcode Fuzzy Hash: 84cdcc577641ebf9f023a9d14481f8084920ae5e6b13c15d626a7483ae79d7be
                                                            • Instruction Fuzzy Hash: 9E8113B4E15219DFCF04CFA9C880AAEFBB2FB99200F14955AD905E7364D738A912CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F96E0 Relevance: .2, Instructions: 204COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 443220da68ff7ad5a98582007b814452241248b7f5109b09673b19ce64c2053f
                                                            • Instruction ID: 257c409530f93f11ea4b989b7467399321a4a4ef54a463156e67616dea4c5afd
                                                            • Opcode Fuzzy Hash: 443220da68ff7ad5a98582007b814452241248b7f5109b09673b19ce64c2053f
                                                            • Instruction Fuzzy Hash: F58100B4E15219DFCF04CFA9C880AAEFBB2FB99200F14955AD905E7354D738A912CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F5A91 Relevance: .1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2b7219a671d605825747ce5ecde731650ffb0a8251ba2a4335d508be9b7e2983
                                                            • Instruction ID: 2c229849359c2620c732ed52cb24402f1685600f7d4188fcd4406fc56099d06e
                                                            • Opcode Fuzzy Hash: 2b7219a671d605825747ce5ecde731650ffb0a8251ba2a4335d508be9b7e2983
                                                            • Instruction Fuzzy Hash: 99211BB1E016588BDB18CF9BD9402DEFBF3AFC9310F14C17AD508A6258DB741A55CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01871F40 Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0717a400eafe5ba0acb21aecb01237f82130015a03964c87caf2c8865d3881a9
                                                            • Instruction ID: 7225237a833c56c33393576ffdfc4060d4def2ff1eb03185b95ef861602e062a
                                                            • Opcode Fuzzy Hash: 0717a400eafe5ba0acb21aecb01237f82130015a03964c87caf2c8865d3881a9
                                                            • Instruction Fuzzy Hash: 53211DB1D056588FEB09CFABC8443DEFFB7AFC9304F14C16AC508A6255DB7419468BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0187B776 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: db740d254c2f56a2f887ed0ace6132931d7889df90eca2b6b657ef175ecfa65a
                                                            • Instruction ID: ad9f021f3823ee2f88d3d3eaa59622eaff777f1c750afabe8cabded92e19b29d
                                                            • Opcode Fuzzy Hash: db740d254c2f56a2f887ed0ace6132931d7889df90eca2b6b657ef175ecfa65a
                                                            • Instruction Fuzzy Hash: E4D05EB4D0D20CCFCB51EF2498881F8B6B9AB1B349F0420B9440EE7202D931C640CF29
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0164D570 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32 ref: 0164D5FE
                                                            • GetCurrentThread.KERNEL32 ref: 0164D63B
                                                            • GetCurrentProcess.KERNEL32 ref: 0164D678
                                                            • GetCurrentThreadId.KERNEL32 ref: 0164D6D1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333977812.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1640000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: Current$ProcessThread
                                                            • String ID:
                                                            • API String ID: 2063062207-0
                                                            • Opcode ID: f763d0d80d30d9cdb273489b710cae6d52386a3f01ce3a083add27a9f976ef74
                                                            • Instruction ID: 9e36658c8dbe6cccedc1340c770cb94f840cfd1cae1ae6a61abde0cc85430383
                                                            • Opcode Fuzzy Hash: f763d0d80d30d9cdb273489b710cae6d52386a3f01ce3a083add27a9f976ef74
                                                            • Instruction Fuzzy Hash: 1D5175B09013498FDB14DFA9D988B9EBFF1EF88304F208459D409A7360D739A845CF66
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0164D580 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32 ref: 0164D5FE
                                                            • GetCurrentThread.KERNEL32 ref: 0164D63B
                                                            • GetCurrentProcess.KERNEL32 ref: 0164D678
                                                            • GetCurrentThreadId.KERNEL32 ref: 0164D6D1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333977812.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1640000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: Current$ProcessThread
                                                            • String ID:
                                                            • API String ID: 2063062207-0
                                                            • Opcode ID: 4a4122375a2896ded44b2acd3a1f1119fea759551477304c862bd61a8e871a80
                                                            • Instruction ID: 54356527c981d752195ab8bd4a9cb454be2b6f2470bdcab38ade09c1b3aa62b3
                                                            • Opcode Fuzzy Hash: 4a4122375a2896ded44b2acd3a1f1119fea759551477304c862bd61a8e871a80
                                                            • Instruction Fuzzy Hash: 0B5164B0D013098FDB14DFA9D988B9EBBF5EB88304F208419E509A7360D739A845CF66
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F1F80 Relevance: 4.0, Strings: 3, Instructions: 281COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 47 78f1f80 48 78f1f85-78f1f88 47->48 49 78f1f9a-78f1f9e 48->49 50 78f1f8a 48->50 62 78f1fc1 49->62 63 78f1fa0-78f1fa9 49->63 50->49 51 78f22cc-78f22f6 50->51 52 78f224a-78f224f 50->52 53 78f231a-78f232e 50->53 54 78f2118-78f211c 50->54 55 78f2167-78f217a 50->55 56 78f2254-78f226a 50->56 57 78f2074-78f2078 50->57 58 78f2203-78f220b 50->58 59 78f2053-78f205d 50->59 60 78f2331-78f233a 50->60 61 78f2210-78f2223 50->61 137 78f22f8 51->137 138 78f2302-78f230c 51->138 52->48 64 78f213f 54->64 65 78f211e-78f2127 54->65 66 78f233d-78f2352 55->66 91 78f2180-78f2188 55->91 96 78f226c-78f227e 56->96 97 78f2280 56->97 68 78f209b 57->68 69 78f207a-78f2083 57->69 58->48 59->66 67 78f2063-78f206f 59->67 88 78f2225-78f222c 61->88 89 78f2243-78f2248 61->89 72 78f1fc4-78f1fc6 62->72 70 78f1fab-78f1fae 63->70 71 78f1fb0-78f1fbd 63->71 76 78f2142-78f2162 64->76 74 78f212e-78f213b 65->74 75 78f2129-78f212c 65->75 67->48 83 78f209e-78f20a2 68->83 79 78f208a-78f2097 69->79 80 78f2085-78f2088 69->80 82 78f1fbf 70->82 71->82 85 78f1fde-78f1ffb 72->85 86 78f1fc8-78f1fce 72->86 87 78f213d 74->87 75->87 76->48 90 78f2099 79->90 80->90 82->72 94 78f20b8 83->94 95 78f20a4-78f20b6 83->95 112 78f201e 85->112 113 78f1ffd-78f2006 85->113 98 78f1fd2-78f1fdc 86->98 99 78f1fd0 86->99 87->76 88->66 104 78f2232-78f2239 88->104 105 78f223e 89->105 90->83 107 78f21ab 91->107 108 78f218a-78f2193 91->108 109 78f20bb-78f20bf 94->109 95->109 110 78f2283-78f2290 96->110 97->110 98->85 99->85 104->105 105->48 116 78f21ae-78f21b0 107->116 114 78f219a-78f21a7 108->114 115 78f2195-78f2198 108->115 117 78f20c1-78f20ca 109->117 118 78f20e0 109->118 133 78f22a8-78f22b5 110->133 134 78f2292-78f2298 110->134 127 78f2021-78f204a call 78f32a7 112->127 125 78f200d-78f201a 113->125 126 78f2008-78f200b 113->126 129 78f21a9 114->129 115->129 119 78f21ce 116->119 120 78f21b2-78f21b8 116->120 121 78f20cc-78f20cf 117->121 122 78f20d1-78f20d4 117->122 124 78f20e3-78f2104 118->124 135 78f21d0-78f21d2 119->135 130 78f21be-78f21ca 120->130 131 78f21ba-78f21bc 120->131 132 78f20de 121->132 122->132 124->66 152 78f210a-78f2113 124->152 136 78f201c 125->136 126->136 156 78f2050 127->156 129->116 140 78f21cc 130->140 131->140 132->124 133->66 143 78f22bb-78f22c7 133->143 141 78f229c-78f229e 134->141 142 78f229a 134->142 145 78f21ec-78f21fe 135->145 146 78f21d4-78f21da 135->146 136->127 149 78f22fd 137->149 138->66 150 78f230e-78f2318 138->150 140->135 141->133 142->133 143->48 145->48 153 78f21de-78f21ea 146->153 154 78f21dc 146->154 149->48 150->149 152->48 153->145 154->145 156->59
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: fq$ fq$ fq
                                                            • API String ID: 0-2888945447
                                                            • Opcode ID: 4217a1e9ad1598231cd82441d5bd7d8a6933a2dad90c76b8e711684f198a00c3
                                                            • Instruction ID: 2cf03f892ceef565c25ef92a39b2bd106fdd7d90d0b5bd0493c9522a829c519e
                                                            • Opcode Fuzzy Hash: 4217a1e9ad1598231cd82441d5bd7d8a6933a2dad90c76b8e711684f198a00c3
                                                            • Instruction Fuzzy Hash: 18B14CB1E1021DCFDB24CB94C844BADB7B2BB95314F648059E602EB395DB78AC81CF95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F6F81 Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 197 78f6f81-78f6fae 198 78f6fb5-78f6fba 197->198 199 78f6fb0 197->199 211 78f6fbd call 78f7088 198->211 212 78f6fbd call 78f7078 198->212 199->198 200 78f6fc3 201 78f6fca-78f6fe6 200->201 202 78f6fef-78f6ff0 201->202 203 78f6fe8 201->203 204 78f705d-78f7061 202->204 203->200 203->202 203->204 205 78f7036-78f7058 203->205 206 78f6ff2-78f7006 203->206 205->201 208 78f7019-78f7020 206->208 209 78f7008-78f7017 206->209 210 78f7027-78f7034 208->210 209->210 210->201 211->200 212->200
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 3H5$3H5
                                                            • API String ID: 0-2752242361
                                                            • Opcode ID: 1e37e7224deba6479fce304800296489b206895821363243a01d3677f95e00ee
                                                            • Instruction ID: 4efdf4f8533d383c42dadad976c31ae5fb7562a470aa02b023d17cefc0bf78ba
                                                            • Opcode Fuzzy Hash: 1e37e7224deba6479fce304800296489b206895821363243a01d3677f95e00ee
                                                            • Instruction Fuzzy Hash: F5210AB0E14209DFDB04CFA9D540AAEBBB1FF9A300F14C5AAC508E7254E7349A45CB81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01877C5C Relevance: 1.8, APIs: 1, Instructions: 276processCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 213 1877c5c-1877c60 214 1877c62-1877c64 213->214 215 1877c0a-1877c22 213->215 216 1877c66-1877ccc 214->216 217 1877ccd-1877cfd 214->217 221 1877c24-1877c2a 215->221 222 1877c2b-1877c50 215->222 216->217 223 1877d36-1877d56 217->223 224 1877cff-1877d09 217->224 221->222 234 1877d8f-1877dbe 223->234 235 1877d58-1877d62 223->235 224->223 225 1877d0b-1877d0d 224->225 228 1877d30-1877d33 225->228 229 1877d0f-1877d19 225->229 228->223 232 1877d1d-1877d2c 229->232 233 1877d1b 229->233 232->232 236 1877d2e 232->236 233->232 241 1877df7-1877eb1 CreateProcessA 234->241 242 1877dc0-1877dca 234->242 235->234 237 1877d64-1877d66 235->237 236->228 239 1877d89-1877d8c 237->239 240 1877d68-1877d72 237->240 239->234 243 1877d76-1877d85 240->243 244 1877d74 240->244 255 1877eb3-1877eb9 241->255 256 1877eba-1877f40 241->256 242->241 246 1877dcc-1877dce 242->246 243->243 245 1877d87 243->245 244->243 245->239 247 1877df1-1877df4 246->247 248 1877dd0-1877dda 246->248 247->241 250 1877dde-1877ded 248->250 251 1877ddc 248->251 250->250 253 1877def 250->253 251->250 253->247 255->256 266 1877f42-1877f46 256->266 267 1877f50-1877f54 256->267 266->267 268 1877f48 266->268 269 1877f56-1877f5a 267->269 270 1877f64-1877f68 267->270 268->267 269->270 271 1877f5c 269->271 272 1877f6a-1877f6e 270->272 273 1877f78-1877f7c 270->273 271->270 272->273 276 1877f70 272->276 274 1877f8e-1877f95 273->274 275 1877f7e-1877f84 273->275 277 1877f97-1877fa6 274->277 278 1877fac 274->278 275->274 276->273 277->278 280 1877fad 278->280 280->280
                                                            APIs
                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 01877E9E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: CreateProcess
                                                            • String ID:
                                                            • API String ID: 963392458-0
                                                            • Opcode ID: 3726894391247f6577419ae4d394b1109d78c45d85b13b7ebb8040fba6d274fc
                                                            • Instruction ID: 431430b82dbea363a12330437d2622226bf51c6f26471cf7f4ab98c9af00fdc4
                                                            • Opcode Fuzzy Hash: 3726894391247f6577419ae4d394b1109d78c45d85b13b7ebb8040fba6d274fc
                                                            • Instruction Fuzzy Hash: 79B15A71D00359CFEB20DFA8C844BEEBBB2BF48314F148569D859A7280DB749A85CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01877C68 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 281 1877c68-1877cfd 284 1877d36-1877d56 281->284 285 1877cff-1877d09 281->285 292 1877d8f-1877dbe 284->292 293 1877d58-1877d62 284->293 285->284 286 1877d0b-1877d0d 285->286 287 1877d30-1877d33 286->287 288 1877d0f-1877d19 286->288 287->284 290 1877d1d-1877d2c 288->290 291 1877d1b 288->291 290->290 294 1877d2e 290->294 291->290 299 1877df7-1877eb1 CreateProcessA 292->299 300 1877dc0-1877dca 292->300 293->292 295 1877d64-1877d66 293->295 294->287 297 1877d89-1877d8c 295->297 298 1877d68-1877d72 295->298 297->292 301 1877d76-1877d85 298->301 302 1877d74 298->302 313 1877eb3-1877eb9 299->313 314 1877eba-1877f40 299->314 300->299 304 1877dcc-1877dce 300->304 301->301 303 1877d87 301->303 302->301 303->297 305 1877df1-1877df4 304->305 306 1877dd0-1877dda 304->306 305->299 308 1877dde-1877ded 306->308 309 1877ddc 306->309 308->308 311 1877def 308->311 309->308 311->305 313->314 324 1877f42-1877f46 314->324 325 1877f50-1877f54 314->325 324->325 326 1877f48 324->326 327 1877f56-1877f5a 325->327 328 1877f64-1877f68 325->328 326->325 327->328 329 1877f5c 327->329 330 1877f6a-1877f6e 328->330 331 1877f78-1877f7c 328->331 329->328 330->331 334 1877f70 330->334 332 1877f8e-1877f95 331->332 333 1877f7e-1877f84 331->333 335 1877f97-1877fa6 332->335 336 1877fac 332->336 333->332 334->331 335->336 338 1877fad 336->338 338->338
                                                            APIs
                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 01877E9E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: CreateProcess
                                                            • String ID:
                                                            • API String ID: 963392458-0
                                                            • Opcode ID: 97eb075121de5843f69b7381de079547e1f1f440dafd37e2f15b918c5a763b49
                                                            • Instruction ID: 1b04ae4a2ed75e54352f525dd0936d43d062312fb8d70abec2d07606b31e7ef3
                                                            • Opcode Fuzzy Hash: 97eb075121de5843f69b7381de079547e1f1f440dafd37e2f15b918c5a763b49
                                                            • Instruction Fuzzy Hash: E7914B71D00759DFEB24DFA8C844BEDBBB2BB48314F148569D808E7284DB749A85CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0164B2F9 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 339 164b2f9-164b317 340 164b343-164b347 339->340 341 164b319-164b326 call 164a62c 339->341 343 164b349-164b353 340->343 344 164b35b-164b39c 340->344 346 164b33c 341->346 347 164b328 341->347 343->344 350 164b39e-164b3a6 344->350 351 164b3a9-164b3b7 344->351 346->340 397 164b32e call 164b5a0 347->397 398 164b32e call 164b591 347->398 350->351 352 164b3b9-164b3be 351->352 353 164b3db-164b3dd 351->353 355 164b3c0-164b3c7 call 164a638 352->355 356 164b3c9 352->356 358 164b3e0-164b3e7 353->358 354 164b334-164b336 354->346 357 164b478-164b4a1 354->357 360 164b3cb-164b3d9 355->360 356->360 376 164b4a3-164b4f0 357->376 361 164b3f4-164b3fb 358->361 362 164b3e9-164b3f1 358->362 360->358 364 164b3fd-164b405 361->364 365 164b408-164b411 call 164a648 361->365 362->361 364->365 370 164b413-164b41b 365->370 371 164b41e-164b423 365->371 370->371 372 164b425-164b42c 371->372 373 164b441-164b44e 371->373 372->373 375 164b42e-164b43e call 164a658 call 164a668 372->375 381 164b450-164b46e 373->381 382 164b471-164b477 373->382 375->373 390 164b4f2-164b538 376->390 381->382 392 164b540-164b56b GetModuleHandleW 390->392 393 164b53a-164b53d 390->393 394 164b574-164b588 392->394 395 164b56d-164b573 392->395 393->392 395->394 397->354 398->354
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0164B55E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333977812.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1640000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 8c8ca4e4391f7d83261c760292d0346d6a8a595424c25acc1740cbaeeb0fa6df
                                                            • Instruction ID: 318c2faf2e9b304162691ffc3c3e6a60e9e1b00c0d41f4ddd3dd71b98ff8ac6b
                                                            • Opcode Fuzzy Hash: 8c8ca4e4391f7d83261c760292d0346d6a8a595424c25acc1740cbaeeb0fa6df
                                                            • Instruction Fuzzy Hash: CC815470A00B058FE725DF6AD84479ABBF1FF88204F008A2DD48AD7B50E774E946CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01646075 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 475 1646075-1646141 CreateActCtxA 477 1646143-1646149 475->477 478 164614a-16461a4 475->478 477->478 485 16461a6-16461a9 478->485 486 16461b3-16461b7 478->486 485->486 487 16461c8 486->487 488 16461b9-16461c5 486->488 490 16461c9 487->490 488->487 490->490
                                                            APIs
                                                            • CreateActCtxA.KERNEL32(?), ref: 01646131
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333977812.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1640000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: f78b111a7456f1c1fad688a6734f708dd9a72bd5ed98b1db73a56c3c2ba5a730
                                                            • Instruction ID: a344cd9be0c215bb8a34bdd3807f455d4076b44c7a9fdceb06f7a4a12a2a2262
                                                            • Opcode Fuzzy Hash: f78b111a7456f1c1fad688a6734f708dd9a72bd5ed98b1db73a56c3c2ba5a730
                                                            • Instruction Fuzzy Hash: 6641E1B0C01719CFEB24CFA9C884BCDBBB1BF49304F20816AD518AB255D7756946CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01644C5C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 491 1644c5c-1646141 CreateActCtxA 494 1646143-1646149 491->494 495 164614a-16461a4 491->495 494->495 502 16461a6-16461a9 495->502 503 16461b3-16461b7 495->503 502->503 504 16461c8 503->504 505 16461b9-16461c5 503->505 507 16461c9 504->507 505->504 507->507
                                                            APIs
                                                            • CreateActCtxA.KERNEL32(?), ref: 01646131
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333977812.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1640000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: 2eeddd7c2269397c16d1d503e29267573e3cc886b3e6ed251a84d82331cdd5e2
                                                            • Instruction ID: 68eafe156c370c614993fb88153323ca8e34f84c1d5d78d3186c3024643b64d4
                                                            • Opcode Fuzzy Hash: 2eeddd7c2269397c16d1d503e29267573e3cc886b3e6ed251a84d82331cdd5e2
                                                            • Instruction Fuzzy Hash: 6241CF70C01718CFEB24CFA9C884BCDBBB5BF49304F20806AD518AB255D7B9694ACF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 018779DA Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 508 18779da-1877a2e 511 1877a30-1877a3c 508->511 512 1877a3e-1877a7d WriteProcessMemory 508->512 511->512 514 1877a86-1877ab6 512->514 515 1877a7f-1877a85 512->515 515->514
                                                            APIs
                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 01877A70
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessWrite
                                                            • String ID:
                                                            • API String ID: 3559483778-0
                                                            • Opcode ID: 8bbf07124eab6046eff6b6ab055c860d0ee14b177e6b58d88fc91e40f17a1ec9
                                                            • Instruction ID: dd64cc08371937ed7efbdf94c9b5b364154609e563850500116ccf8793c0f436
                                                            • Opcode Fuzzy Hash: 8bbf07124eab6046eff6b6ab055c860d0ee14b177e6b58d88fc91e40f17a1ec9
                                                            • Instruction Fuzzy Hash: 4C2148719003499FDB10DFA9C884BEEBBF5FF48310F14842AE959A7240D7789A55CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 018779E0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 519 18779e0-1877a2e 521 1877a30-1877a3c 519->521 522 1877a3e-1877a7d WriteProcessMemory 519->522 521->522 524 1877a86-1877ab6 522->524 525 1877a7f-1877a85 522->525 525->524
                                                            APIs
                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 01877A70
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessWrite
                                                            • String ID:
                                                            • API String ID: 3559483778-0
                                                            • Opcode ID: ef3e34ad93c32e889ab24ae98d31e42a6351c179670184f04486f638f715c2d1
                                                            • Instruction ID: 1a960c3b76d3b79b8a391917ded3c812fd0945a7e55a7ee83c42bb95fa9b5444
                                                            • Opcode Fuzzy Hash: ef3e34ad93c32e889ab24ae98d31e42a6351c179670184f04486f638f715c2d1
                                                            • Instruction Fuzzy Hash: 16212771D003499FEB10DFAAC885BDEBBF5FF48310F10842AE918A7240D7789A55CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01877AC9 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 529 1877ac9-1877b5d ReadProcessMemory 532 1877b66-1877b96 529->532 533 1877b5f-1877b65 529->533 533->532
                                                            APIs
                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 01877B50
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessRead
                                                            • String ID:
                                                            • API String ID: 1726664587-0
                                                            • Opcode ID: 59b415130477817747cb7a2144fcb4d6c97530b30dd18101a3d91c01bae44518
                                                            • Instruction ID: 246f855baee1051477dcfc72a3c63bc83e4bd950300614efaf70faaea787c969
                                                            • Opcode Fuzzy Hash: 59b415130477817747cb7a2144fcb4d6c97530b30dd18101a3d91c01bae44518
                                                            • Instruction Fuzzy Hash: 672127B1C013599FDB10CFA9C880BEEBBF1FF48310F10842AE559A7250C7389945CB60
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0187740A Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 537 187740a-187745b 540 187745d-1877469 537->540 541 187746b-187749b Wow64SetThreadContext 537->541 540->541 543 18774a4-18774d4 541->543 544 187749d-18774a3 541->544 544->543
                                                            APIs
                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0187748E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: ContextThreadWow64
                                                            • String ID:
                                                            • API String ID: 983334009-0
                                                            • Opcode ID: 33782f8a92ad975fa19f3bfae62d9353bb460d5c943a112e22525bc09e227e53
                                                            • Instruction ID: cbc5e331866830fddc0dc6211948aae5a1fabd96a28f413926923d6ddcbbfa57
                                                            • Opcode Fuzzy Hash: 33782f8a92ad975fa19f3bfae62d9353bb460d5c943a112e22525bc09e227e53
                                                            • Instruction Fuzzy Hash: D12148719003088FDB20CFAAC4847EEBBF4EF48314F14842AD559A7241CB789945CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0164DBC8 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0164DC57
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333977812.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1640000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: 9facca3f67fcf43d8c9b1632c1f6c91e96b884a6e67258c083ec43e2bf73fbee
                                                            • Instruction ID: 52912eaad96704b9c8d6ae386d879c779b2f7abccd85cad46f6e1802b230fca5
                                                            • Opcode Fuzzy Hash: 9facca3f67fcf43d8c9b1632c1f6c91e96b884a6e67258c083ec43e2bf73fbee
                                                            • Instruction Fuzzy Hash: B121E5B5D002489FDB10CFAAD984ADEBFF9EB48310F14845AE958A3350D378A945CF65
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01877AD0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 01877B50
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessRead
                                                            • String ID:
                                                            • API String ID: 1726664587-0
                                                            • Opcode ID: f8adc4fd1218067487957bcd7ba07b3843b48ac32ae3df38480433f5a150afc1
                                                            • Instruction ID: 3daa4193b76cc0fddbd8ff3dfa39189fa8e0c2aa2dbce37e3ccfddefe7605861
                                                            • Opcode Fuzzy Hash: f8adc4fd1218067487957bcd7ba07b3843b48ac32ae3df38480433f5a150afc1
                                                            • Instruction Fuzzy Hash: 1B212871C003499FDB10CFAAC884BEEBBF5FF48310F10842AE518A7240C7789945CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01877410 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0187748E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: ContextThreadWow64
                                                            • String ID:
                                                            • API String ID: 983334009-0
                                                            • Opcode ID: 1e78939bea45c3c425a4f1ef758392087d8c137ebd280665d0e7f605728ce453
                                                            • Instruction ID: 48afd35f4052eedda39bd57b6d4d46d42a9151176c8164019f4b3378e9482687
                                                            • Opcode Fuzzy Hash: 1e78939bea45c3c425a4f1ef758392087d8c137ebd280665d0e7f605728ce453
                                                            • Instruction Fuzzy Hash: E6211571D003098FDB24DFAAC4857EEBBF4EF48324F14842AD559A7241DB78AA45CFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0164DBD0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0164DC57
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333977812.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1640000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: a86966af1518fdc18371f1d55c96f61c37d860d8ac6426df7acc395e8d35115c
                                                            • Instruction ID: 4e0d62388c250d1a16ac07307e236498ce1f6a22c5573672bf8395726cbb4adf
                                                            • Opcode Fuzzy Hash: a86966af1518fdc18371f1d55c96f61c37d860d8ac6426df7acc395e8d35115c
                                                            • Instruction Fuzzy Hash: 9E21C4B5D003489FDB10CF9AD984ADEBBF9EB48310F14841AE918A3350D379A945CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01877918 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0187798E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: b13aad8a2dd16ff6f31f089f33ad2355f317be181a00db1f032d875827326361
                                                            • Instruction ID: a34bde4e7f4484880c6363fb2cd8a3864b09d8b263e0da274b19a993ee49ce93
                                                            • Opcode Fuzzy Hash: b13aad8a2dd16ff6f31f089f33ad2355f317be181a00db1f032d875827326361
                                                            • Instruction Fuzzy Hash: EB2147718003489FDB21CFAAD844BEEBFF5EF88314F148819E559A7250CB79A555CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0164B758 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0164B5D9,00000800,00000000,00000000), ref: 0164B7CA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333977812.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1640000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad
                                                            • String ID:
                                                            • API String ID: 1029625771-0
                                                            • Opcode ID: 7ad920b501e031a48bc0f207c54cdebadf66cf01d5f253e012d15cbd6dff9a94
                                                            • Instruction ID: 4fa06da4009ef9b8bc374a9e29f0ccfc6967399c64ef999a569757440cfacd9e
                                                            • Opcode Fuzzy Hash: 7ad920b501e031a48bc0f207c54cdebadf66cf01d5f253e012d15cbd6dff9a94
                                                            • Instruction Fuzzy Hash: C12106B6C003499FDB14CF9AD444BDEFBF4EB48310F14842AD519A7200C379A545CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0164A690 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0164B5D9,00000800,00000000,00000000), ref: 0164B7CA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333977812.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1640000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad
                                                            • String ID:
                                                            • API String ID: 1029625771-0
                                                            • Opcode ID: 541caf868492bf54bcd1b0436bde35bd70c9356752cecc428e78678ee78997f8
                                                            • Instruction ID: 242fc5d851bf8ea65928d48921fe6c58b59c6f811e0da40756e7b4369f22bec9
                                                            • Opcode Fuzzy Hash: 541caf868492bf54bcd1b0436bde35bd70c9356752cecc428e78678ee78997f8
                                                            • Instruction Fuzzy Hash: 5F1106B59003499FDB10CF9AC844BEEFBF4EB88310F14842AD519A7200C379A545CFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01877920 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0187798E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 289b3d348edb1572017550124481b313175b2f4ba9823bec8ce5ee6750f0e49c
                                                            • Instruction ID: 1c1870a98581cb6f84326e7be378bf1dbd4b6b72a1e7aa54b9df27793238dfb9
                                                            • Opcode Fuzzy Hash: 289b3d348edb1572017550124481b313175b2f4ba9823bec8ce5ee6750f0e49c
                                                            • Instruction Fuzzy Hash: B4113A719003499FDB20DFAAC844BDEBBF5EF48310F148819D515A7250CB799555CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0187735A Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: ResumeThread
                                                            • String ID:
                                                            • API String ID: 947044025-0
                                                            • Opcode ID: a7ab9b61ef0a7fa6055ca4d5cd402ef61114c1a134ab7f02c7010984a0b3b4c1
                                                            • Instruction ID: aa701170110038219c0693556d640dadf11f494c8e987c9e16e72296eaf34c2c
                                                            • Opcode Fuzzy Hash: a7ab9b61ef0a7fa6055ca4d5cd402ef61114c1a134ab7f02c7010984a0b3b4c1
                                                            • Instruction Fuzzy Hash: 73110A71900349CFDB24DFA9D4457EEFBF5EF48310F14881AD555A7240CB79A545CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01877360 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: ResumeThread
                                                            • String ID:
                                                            • API String ID: 947044025-0
                                                            • Opcode ID: 917902ac1486a9c76f3f1043ab379971d7a9c8cb1fd499df33919c56646eb313
                                                            • Instruction ID: fb40d67fa1dd5cc113bdfa612897c087859dd3312e74a7969244e9cabac8aa89
                                                            • Opcode Fuzzy Hash: 917902ac1486a9c76f3f1043ab379971d7a9c8cb1fd499df33919c56646eb313
                                                            • Instruction Fuzzy Hash: 86112871D003488FDB24DFAAD4457DEFBF5EB88320F148829D519A7240CB79A945CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0164B4F8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0164B55E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333977812.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1640000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 6be7d809bbc5315c59cd451a5d1ff7f7c9291250ecfdc39e1cdb3e84e98358d8
                                                            • Instruction ID: 0d75c38bc0ea79e757f450ac429cb62e089a132e251da6a429bef874ef8b2827
                                                            • Opcode Fuzzy Hash: 6be7d809bbc5315c59cd451a5d1ff7f7c9291250ecfdc39e1cdb3e84e98358d8
                                                            • Instruction Fuzzy Hash: 0A11E0B5D003498FDB24CFAAD844BDEFBF4EB88314F14842AD929A7210D379A545CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01879120 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0187C625
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: c948c76eabad65fad863aeb27cb48c86a84e22e86a43198659e1bfafe549fbf7
                                                            • Instruction ID: 3cc65ff54b9c09983e3314b0a3b8181a6ddf53122b85bf40ab5f6f8944a57bc6
                                                            • Opcode Fuzzy Hash: c948c76eabad65fad863aeb27cb48c86a84e22e86a43198659e1bfafe549fbf7
                                                            • Instruction Fuzzy Hash: A711F5B58003499FDB20CF9AD485BDEBBF8FB48310F10841AE918A7240C375A944CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0187C5C0 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0187C625
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: c8569d4bea1dda73b8334353f1851e6afa19d40f07e5e2e6cb0158cc0321cc29
                                                            • Instruction ID: e6ca28146204c8664d734793f4e22050a8b475e4a2a55aa1654f9a029377f0bc
                                                            • Opcode Fuzzy Hash: c8569d4bea1dda73b8334353f1851e6afa19d40f07e5e2e6cb0158cc0321cc29
                                                            • Instruction Fuzzy Hash: F311D6B5800249DFDB20CF99D585BEEFBF4EB48310F24881AD558A7650C375A545CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F9120 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: O};5
                                                            • API String ID: 0-3558557551
                                                            • Opcode ID: 450872015af4b0f4e1f66684deb6885c2881f07babdf4899c8ccb84fc0146355
                                                            • Instruction ID: 5beee56e7b7cea4eaf48c546e84d5a878d7497942493f0030650fb6f84646f4b
                                                            • Opcode Fuzzy Hash: 450872015af4b0f4e1f66684deb6885c2881f07babdf4899c8ccb84fc0146355
                                                            • Instruction Fuzzy Hash: 49418EB0A14609DFCB48CFA9D5859AEBBB5FF8A200F60D4A9C444E7318D7349A60CB14
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F9130 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: O};5
                                                            • API String ID: 0-3558557551
                                                            • Opcode ID: 62e756e0283b19d7d7fff4b60cb3571a0873019cf8efbd91e9475ab94d5847c4
                                                            • Instruction ID: 046fe0746714b805765766cf3e2b4ee23aa70eca88e74551a445b13b64d05d35
                                                            • Opcode Fuzzy Hash: 62e756e0283b19d7d7fff4b60cb3571a0873019cf8efbd91e9475ab94d5847c4
                                                            • Instruction Fuzzy Hash: 36416DB0A1460ADFCB48CF99D5859AEBBB5FB8D340F60D4A9C045E7328D734AA60CB14
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F5270 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: H+R
                                                            • API String ID: 0-1892171737
                                                            • Opcode ID: f5a83427cbb673bd2cfdacada7b97f12cdbbc103ab930ae6c79517f03186c101
                                                            • Instruction ID: e047aad821c21882ec7b122ef7e2ffe7598604126a286631d6d1511e15326057
                                                            • Opcode Fuzzy Hash: f5a83427cbb673bd2cfdacada7b97f12cdbbc103ab930ae6c79517f03186c101
                                                            • Instruction Fuzzy Hash: 973117B4E0420A8FCB44CFA9C8809AEFBF2AF89300F64856AC515E7355D3389A51CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F5280 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: H+R
                                                            • API String ID: 0-1892171737
                                                            • Opcode ID: 928f9dfa9b3257fecabefafc9b91971a044a36ae83e3e5dedf7f4c3f669d1b88
                                                            • Instruction ID: 0750c021cfdaff11670067d1e3e1d9e0ebf8aa9d39dbb42dd9330a886ee1d6e6
                                                            • Opcode Fuzzy Hash: 928f9dfa9b3257fecabefafc9b91971a044a36ae83e3e5dedf7f4c3f669d1b88
                                                            • Instruction Fuzzy Hash: A831D5B4E102099FCB44CFA9C9819AEBBF2AB89300F50C56AC919E7314D774AA51CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FDFB8 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: u=B
                                                            • API String ID: 0-1598102443
                                                            • Opcode ID: 530567884c07775c93ecc41041d05be9cb86540be6d67cbbbf20526ad9ddcb4d
                                                            • Instruction ID: 676b9ef686b4e07960b0a9bca9f2fa3e7bdd55711a7836345e9d95270f022291
                                                            • Opcode Fuzzy Hash: 530567884c07775c93ecc41041d05be9cb86540be6d67cbbbf20526ad9ddcb4d
                                                            • Instruction Fuzzy Hash: 81D012322001099E4B40EFA9F840D5677DCBB747003008422E708C7024E622F535DB62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F043F Relevance: .6, Instructions: 575COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8bbccfc3331cfc7a2245c607f140144c53f758705c74e7046a159b13e587b6d4
                                                            • Instruction ID: 2e3c60914a54e912628549b19d84b527d2b8b04e83c8d7e3885f98c38ae68835
                                                            • Opcode Fuzzy Hash: 8bbccfc3331cfc7a2245c607f140144c53f758705c74e7046a159b13e587b6d4
                                                            • Instruction Fuzzy Hash: F11217B0B053449FE7029B68C8657AD7BB1AF56314F14809BE152EB3D3EB788C44CB96
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F04C0 Relevance: .5, Instructions: 534COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 54b02e47a9e98bda4896ce0a3213686923e249c5622342f844d3ab43288db70f
                                                            • Instruction ID: 9502a0ee348e50b90270e7a6a472406e23ebb84cb7dd032eb925e80214f9f9a3
                                                            • Opcode Fuzzy Hash: 54b02e47a9e98bda4896ce0a3213686923e249c5622342f844d3ab43288db70f
                                                            • Instruction Fuzzy Hash: B01228B0B053449FEB129B78C8647AD7BB1AF5A314F14809BD152EB3D3EA788C44CB95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F0600 Relevance: .5, Instructions: 453COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eafa0a7ae26817264b68ecd5af700ce1ea3d72363b2f1dd44c82c27bd0d4ddbb
                                                            • Instruction ID: f46bddc4cbbcdf7386ae3f941a87f874de9a710e77dbf5dc3a0b31110765f764
                                                            • Opcode Fuzzy Hash: eafa0a7ae26817264b68ecd5af700ce1ea3d72363b2f1dd44c82c27bd0d4ddbb
                                                            • Instruction Fuzzy Hash: D6F1B5B0B10209DFEB149B65C8557BE77B2FB99754F108029E602EB3C6EA798C41CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F0910 Relevance: .2, Instructions: 217COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 34ee90f67e76256c871a76f756b4f374ec7460196218ab1c4416503fdf61b033
                                                            • Instruction ID: faf1b8495f7149d5dec1598bd00d23eff36a846ccfc71186faedac6a47168386
                                                            • Opcode Fuzzy Hash: 34ee90f67e76256c871a76f756b4f374ec7460196218ab1c4416503fdf61b033
                                                            • Instruction Fuzzy Hash: 2C81B3B0B00208DFEB149F65D8597BD77B2BF99755F108069E602EB386EBB58C40CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FD3B1 Relevance: .2, Instructions: 196COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 457de9e69c3bce20bf264601f9db813c07e3fa0037f5ca35160d5310c8461c30
                                                            • Instruction ID: f6b662fce7c382c64ddf2ef7e50de15103d7cd1a3e5ecaf687147e46d1a9733b
                                                            • Opcode Fuzzy Hash: 457de9e69c3bce20bf264601f9db813c07e3fa0037f5ca35160d5310c8461c30
                                                            • Instruction Fuzzy Hash: B071A470B002199FDB04CB99E864BBE7BB2FF95305F14806AE755DB381DB748941CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F09C1 Relevance: .2, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cf3d451f84a45d552353380688a432917cc52dd5025766849b6ec36756075678
                                                            • Instruction ID: ff9dd5bf60c33cc0db959ef5bce3fadbda849fca5e553a4ba92f6248de9060e2
                                                            • Opcode Fuzzy Hash: cf3d451f84a45d552353380688a432917cc52dd5025766849b6ec36756075678
                                                            • Instruction Fuzzy Hash: 7E61B5B0B00308DFEB14DB65C8557AD77B2BF98755F10C069E602EB386DAB58D41CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FBCD0 Relevance: .2, Instructions: 179COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a13afae42a2c8cc66be396debd60dcf9a1247cd3dcbbb6f344274ae3ca5a6c76
                                                            • Instruction ID: c3478c23bcd9e9ec20ae360ec69ee382f3cb3a31ba7bc7a5d83efc7029fdc5df
                                                            • Opcode Fuzzy Hash: a13afae42a2c8cc66be396debd60dcf9a1247cd3dcbbb6f344274ae3ca5a6c76
                                                            • Instruction Fuzzy Hash: AF7118B5A00619DFCB14DFA9C854A9DBBF1FF48314F108169EA09AB361DB70AD45CF80
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FD4AE Relevance: .2, Instructions: 172COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e60ae5ef82d62ea67208cd6771276ea4fb28527ad95bc0eb8d34c40db500eead
                                                            • Instruction ID: c6f1a99db450c4d8a1c1356a5e69d644cbce11ce3ec898d857f8bcc7ab08930b
                                                            • Opcode Fuzzy Hash: e60ae5ef82d62ea67208cd6771276ea4fb28527ad95bc0eb8d34c40db500eead
                                                            • Instruction Fuzzy Hash: 9661A370B002199FEB04CBA9E425BBE77B2BF85305F24C066E755DB385DB748941CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F3ADC Relevance: .2, Instructions: 160COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f2f9e3eb24e9a15a71ea09b4ef5ed82334e2d074bc7d691a3913ee4625a96e32
                                                            • Instruction ID: c1075396f6a589b447487cb84757172a3c0fb7a5e9c52b218089baa579221902
                                                            • Opcode Fuzzy Hash: f2f9e3eb24e9a15a71ea09b4ef5ed82334e2d074bc7d691a3913ee4625a96e32
                                                            • Instruction Fuzzy Hash: AB51D2B1B002068FCB15DB79C8489AEBBF6FFC8320B148529E519DB391DB34DD058B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F32A7 Relevance: .2, Instructions: 155COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0fbf919baa0249bdd9c8c890cc40b12906f8c24068140910ba36c4ccb1594fc4
                                                            • Instruction ID: 335b4d4fe014ab4844eff57cb9f8ca44014e5235991466ed88060c2a9c82341c
                                                            • Opcode Fuzzy Hash: 0fbf919baa0249bdd9c8c890cc40b12906f8c24068140910ba36c4ccb1594fc4
                                                            • Instruction Fuzzy Hash: C351E5F0A1451ACBD710CF69CC403BEB7B2FB56316F04862AE666DBA91D738D981CB11
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FB468 Relevance: .1, Instructions: 135COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6952fdc58eafb583dfe8e71d4242c4bf73f8a22c2de51ee9f15379dbc4906bfd
                                                            • Instruction ID: 5b42d4b53543010123bbd5f00ef83bf10ff306d545f02a9a74a02e73bd38bab4
                                                            • Opcode Fuzzy Hash: 6952fdc58eafb583dfe8e71d4242c4bf73f8a22c2de51ee9f15379dbc4906bfd
                                                            • Instruction Fuzzy Hash: DE310BF17003099B9715EB7DCDA096FBBA9EFA5250B14892AEB15C3201DF30D9458BB3
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F8FC8 Relevance: .1, Instructions: 126COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7cfeb81e9c620f1762838c27b33eb8b2aa3da12959d4cac2ae0de4be75f68f6d
                                                            • Instruction ID: 0279c7dc34cd21f8206dc58b39dca0352e37cfd475159063b8d7e8860029459a
                                                            • Opcode Fuzzy Hash: 7cfeb81e9c620f1762838c27b33eb8b2aa3da12959d4cac2ae0de4be75f68f6d
                                                            • Instruction Fuzzy Hash: 9D41BEB89097848FC71ADF69D480948BFB0BF8A211F0A80D6C480DB3B3DA349995CB52
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FB474 Relevance: .1, Instructions: 123COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ac02449773906c4ac3500eca1bba72dfe5c083247c2df0116a9c7112e8d3b5ea
                                                            • Instruction ID: b7d213221615f0834518b032ee3acb9c2dd781238e3cf620e6fd979465d32336
                                                            • Opcode Fuzzy Hash: ac02449773906c4ac3500eca1bba72dfe5c083247c2df0116a9c7112e8d3b5ea
                                                            • Instruction Fuzzy Hash: 14416FB0B002599FDB14EFADC8546AFBBE6FF98240B104429D605E7341DF349E058BA6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F92B1 Relevance: .1, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e217dac59823b06cc4f8e4836a5f82441cdcdab80d29af14e93790359389e3d6
                                                            • Instruction ID: a460205b4f1fd7a8222f9d54b76a06c63b6adfdf5e1a4adae81abe75ed706c44
                                                            • Opcode Fuzzy Hash: e217dac59823b06cc4f8e4836a5f82441cdcdab80d29af14e93790359389e3d6
                                                            • Instruction Fuzzy Hash: 04419AB4E0020ADFDB05CF95D881AEEBBB2FB89310F109429D515BB354D7749A51CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FCB08 Relevance: .1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a97118079a961a9c39d994ec684110f4f52fe278f1b88964a47006c2a6fbc7c8
                                                            • Instruction ID: 4bd6408e03f078f449d1751eef580bf242786af0be652ad3540f661c018bbc8b
                                                            • Opcode Fuzzy Hash: a97118079a961a9c39d994ec684110f4f52fe278f1b88964a47006c2a6fbc7c8
                                                            • Instruction Fuzzy Hash: FB3189B6A04349AFDF11CFA9D844ADEBFF5EB48320F00842AE508E7211C734A945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FBF30 Relevance: .1, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fdbebee1806ae7cff42802463283755295e68767c7a1fe8b3aaa78d283941d4c
                                                            • Instruction ID: ba482c4c4d75ce2ebfe64cb04e824583cd64838e86700424efdfb59e2526ce0d
                                                            • Opcode Fuzzy Hash: fdbebee1806ae7cff42802463283755295e68767c7a1fe8b3aaa78d283941d4c
                                                            • Instruction Fuzzy Hash: 214117B1D0074A9FCB10DFAAC4446EEFBF4EF99310F10862AD558B3200E774A685CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FE618 Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 70cb362a9bfb0e9e059dac4d626d413cbb44407c38e99f36db6b4853f99e97d8
                                                            • Instruction ID: 1b06224749505c20ad2a76c4ec538eb694c02f5d911d67d44b7c1ef45bd1f31c
                                                            • Opcode Fuzzy Hash: 70cb362a9bfb0e9e059dac4d626d413cbb44407c38e99f36db6b4853f99e97d8
                                                            • Instruction Fuzzy Hash: B131F6747093499FD3158E258C19B357BA2BB86708F29C0BAE11ACF6E3DB798801CB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FB43C Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d4535677b95040e3fadb919cdc24e8edef4ec2c8dc3d7f69f97f7275e52b2d9c
                                                            • Instruction ID: fe1509114d95c9ff6a98aaf274ec5dc858fe5c57b1efe3b9659cd2a71607e7d7
                                                            • Opcode Fuzzy Hash: d4535677b95040e3fadb919cdc24e8edef4ec2c8dc3d7f69f97f7275e52b2d9c
                                                            • Instruction Fuzzy Hash: AB3167B1A00349AFDB14DFA9D884ADEBFF5EB48310F00842AE908E7210D735A944CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FE788 Relevance: .1, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0a84900913d70b5087ec0430f6850fbc1857f230617e4f1e8f082a0aeab38ca8
                                                            • Instruction ID: e3484a5bb96a754ae5e2b1b76d9c496d00264c091c41bb001c25578b6a93f2c7
                                                            • Opcode Fuzzy Hash: 0a84900913d70b5087ec0430f6850fbc1857f230617e4f1e8f082a0aeab38ca8
                                                            • Instruction Fuzzy Hash: 0B31D2B4E3865ADBD7209F69C80027AB7B2FF96718F048226E735C26A0D334D950CB61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F0D28 Relevance: .1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f7b0595b358593076b7c6430cd5bd440a2d9bbeda9fac1e527b55c75a5015671
                                                            • Instruction ID: 7aabdada392361c41774186e43fd52e72626aaa04c421bcebf0482163ba1a7e9
                                                            • Opcode Fuzzy Hash: f7b0595b358593076b7c6430cd5bd440a2d9bbeda9fac1e527b55c75a5015671
                                                            • Instruction Fuzzy Hash: 0C213AB1A14218CFD714DE68D4483BAB7A1EB62319F044737E6B5C7292C628E540C621
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FB4D8 Relevance: .1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dc70084ce0d550c07a6db2fcf81596c7dcbb3d912a6236eb76e84365ab0baf82
                                                            • Instruction ID: 70d838981362d9b318546953521d6be940e0516149f3062ef72f0444dfc5e8da
                                                            • Opcode Fuzzy Hash: dc70084ce0d550c07a6db2fcf81596c7dcbb3d912a6236eb76e84365ab0baf82
                                                            • Instruction Fuzzy Hash: 212105B1A093914FD703EB7C9C505AF7FB6EFCA250705856AD0A4CB282DB34CD0987A2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FB6BC Relevance: .1, Instructions: 80COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a3f48abb87d0c676f0f1872bc801388f0923770529377e5c757ba5eaf339f127
                                                            • Instruction ID: db8dddecb1bd29f1c02cc8edfa4bd1e994b73a72a7505ee0a27efcee0fb0379c
                                                            • Opcode Fuzzy Hash: a3f48abb87d0c676f0f1872bc801388f0923770529377e5c757ba5eaf339f127
                                                            • Instruction Fuzzy Hash: BB3108B0D053599FDB20DFA9C9847DEBFF1EB49314F24802AD504AB291C7795845CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F3457 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f2064c6478eb9d9c09a5c517b7847e4d23bb7b4777381c8cb84f7d7456f5a244
                                                            • Instruction ID: 0bc37bb0f4e73906937090390d9edc987890f92a829cf08840f809136c602837
                                                            • Opcode Fuzzy Hash: f2064c6478eb9d9c09a5c517b7847e4d23bb7b4777381c8cb84f7d7456f5a244
                                                            • Instruction Fuzzy Hash: 27314BF1915255CBC3019F28C80037ABBA1EBB6309F28817AD675CB9C3D739C841C792
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 013ED528 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333314215.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_13ed000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f73ad78654f9d5e2aec680b0903837e0e88e8bb110ed85cef1dab905ab93a95d
                                                            • Instruction ID: bbce705fa18ba07492cced7b68e0b388c4cbe070e7123276d3ae2f5c046a1efd
                                                            • Opcode Fuzzy Hash: f73ad78654f9d5e2aec680b0903837e0e88e8bb110ed85cef1dab905ab93a95d
                                                            • Instruction Fuzzy Hash: CC210371500344DFDB16DF94D9C8B26BFA5FB8832CF208569E90A0B2D6C336D456CAA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 013FD36C Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333388303.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_13fd000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7200ddb348ea2af889bb1a763b7b6c80db0e5ee34859d500b04266cf15855220
                                                            • Instruction ID: ca1b7c9b663c4b94fa2a217e13d704d4946197a872685f684c568af215720f45
                                                            • Opcode Fuzzy Hash: 7200ddb348ea2af889bb1a763b7b6c80db0e5ee34859d500b04266cf15855220
                                                            • Instruction Fuzzy Hash: E4213471500304DFDB05DF94D5C8B16BB65FB88318F20C5AEEA094B296C73AE846CA62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 013FD1B4 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333388303.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_13fd000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bdd30b190b970cb92e96ac2935b7180f31f53d102d106620e675f681141fac6f
                                                            • Instruction ID: ecece4ebc4c881ded8b88ed6a3ba3392f059680692ab6a99d549a6de228ef79f
                                                            • Opcode Fuzzy Hash: bdd30b190b970cb92e96ac2935b7180f31f53d102d106620e675f681141fac6f
                                                            • Instruction Fuzzy Hash: 1A212679504304EFDB05DF94D5C8F26BB65FB84328F20C5ADEA094B652C33AD846CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FCA60 Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 09ff68841fb7ffc9fc2c8f3cce95207e79e7202ebd079076320d54b76c9d7be6
                                                            • Instruction ID: 0fa3eab3506e5a3aa7120460bf318cc24d046e83ee21f123abff7c8d0505d0ed
                                                            • Opcode Fuzzy Hash: 09ff68841fb7ffc9fc2c8f3cce95207e79e7202ebd079076320d54b76c9d7be6
                                                            • Instruction Fuzzy Hash: EA1108B0A093489FDB06DB748C119AD7BF5DF12100B1444EAED08C7293E9309E0597A3
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F3B3C Relevance: .1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ed69dab1d1cc8964f82d04c8639a2dcf1d5d659e08f19751041c7be7542c787e
                                                            • Instruction ID: 30e9e3bb6b45c260a896b927ca24946efd5fa6734b252d70d74efc3a86e92d5b
                                                            • Opcode Fuzzy Hash: ed69dab1d1cc8964f82d04c8639a2dcf1d5d659e08f19751041c7be7542c787e
                                                            • Instruction Fuzzy Hash: A831E0B0D01218DFDB20DFAAC584B9EBFF5AB48314F20802AE508BB240C7B95845CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F9058 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aa54177b3aa45c1bd696053af5477f0d7e91b5e1da8d4d60c22636b493b3de44
                                                            • Instruction ID: a70a6fcce9949f665835a636f67355022746527f7151496b5d7a51403475e81b
                                                            • Opcode Fuzzy Hash: aa54177b3aa45c1bd696053af5477f0d7e91b5e1da8d4d60c22636b493b3de44
                                                            • Instruction Fuzzy Hash: D0219FB4A00A08DFCB48CF5AE085999BBF1FF8C320F5280D9D4489B265DB31A9A4CB41
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FB030 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 77378f0a8e96a355949e121cb8d682e8f1b3b8e5c4b0b3fa9636eafa1c692b1f
                                                            • Instruction ID: 038f60a2f5b3e9d8664d4f292cd331c35355e1386b31d28ee89bb8719e4538a3
                                                            • Opcode Fuzzy Hash: 77378f0a8e96a355949e121cb8d682e8f1b3b8e5c4b0b3fa9636eafa1c692b1f
                                                            • Instruction Fuzzy Hash: E6112EB1B0020A8FCB54EBB9D8116EFBAF6BFD8310B60406AC615E7340EB359D41CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FCE31 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 81f8d298d09e4b3c4fb42f3dad469c02ab16bb26a3e73644b6606c520d0a8eb7
                                                            • Instruction ID: 9a3a060f289d08506fdcdf658d9d2c75cbd05ce9ee4bef5b526634e9393094a7
                                                            • Opcode Fuzzy Hash: 81f8d298d09e4b3c4fb42f3dad469c02ab16bb26a3e73644b6606c520d0a8eb7
                                                            • Instruction Fuzzy Hash: CE01C4B1A0025A5F8B11EE6DDC405AFBFB5EEA4150714442BDA14D7202D6309A058BB3
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FB44C Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4ce936c6363d657cf6df8561790dcba6d0f487ff3c1836e440db67f658be8aa1
                                                            • Instruction ID: c95b26269e8012d6968092eaf4cb36fcf485b893bf8c94526756943e845f4615
                                                            • Opcode Fuzzy Hash: 4ce936c6363d657cf6df8561790dcba6d0f487ff3c1836e440db67f658be8aa1
                                                            • Instruction Fuzzy Hash: A021C4B590434D9FCB10CF9AD584BDEBBF4EB48320F108419E919A7350C375A955CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 013ED523 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333314215.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_13ed000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1166f709330a6c50fb0ccab333658baa4cf0de4601631cd9e1789cef95a599a7
                                                            • Instruction ID: 1a00b0b107c7f62021a91c131b0b265f4c0a842b659d3594e6508fd742372d8c
                                                            • Opcode Fuzzy Hash: 1166f709330a6c50fb0ccab333658baa4cf0de4601631cd9e1789cef95a599a7
                                                            • Instruction Fuzzy Hash: F911B176504280CFCB16CF54D9C4B16BFB1FB84328F2485A9D8490B697C336D45ACBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 013FD1AF Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333388303.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_13fd000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction ID: 9c78ee3f08aea1582717362337a66152df346b43eaf92c82d0941dde7922d02e
                                                            • Opcode Fuzzy Hash: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction Fuzzy Hash: 64119D79504280DFDB06CF54D5C4B15BFA1FB84328F24C6AED9494B656C33AD44ACBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 013FD367 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333388303.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_13fd000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction ID: 811dded61e687e6e3cc31f4c0c72a89edc8a88e7bdb270bfc336962d902dc011
                                                            • Opcode Fuzzy Hash: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction Fuzzy Hash: 6A11BB75504280CFCB06CF54D5C8B15BFA1FB88218F24C6ADD9494B656C33AE44ACB62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FB7CD Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 39657753430b97e0d2523affd674375865bfe83a576c06e7a5c9a21aadc20e4c
                                                            • Instruction ID: 8a0e3bee4f1067b7cb8edd962bfa91a4aa6aead0c4a446e8675765c6b55f8f00
                                                            • Opcode Fuzzy Hash: 39657753430b97e0d2523affd674375865bfe83a576c06e7a5c9a21aadc20e4c
                                                            • Instruction Fuzzy Hash: A1114CB1915209DFDB11CFAAC8847D9BFB1EB893A4F24C169D528AB290C7718945CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FBF21 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b2c95152b399f17a2dc07627de829b5ec078a72002fa233a8a9c577a71eec221
                                                            • Instruction ID: e89d95349777c67ee765c359b3b92ef506d76c25951b5d2e9b4048012b9edf3d
                                                            • Opcode Fuzzy Hash: b2c95152b399f17a2dc07627de829b5ec078a72002fa233a8a9c577a71eec221
                                                            • Instruction Fuzzy Hash: 6D117C72D1075B9ECB01EFB9C8004EAFBB0FE99310B10872AD558B7501E730A6C98BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FB458 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 08104fb2f312ae0b44428501143fe87a1361f2b7116b24491b8c0015f0c730c3
                                                            • Instruction ID: 3a61368d24a0bf85eb42f168448ad8dc5ab8a9df06ccb7ff9893e9ec3a859dcb
                                                            • Opcode Fuzzy Hash: 08104fb2f312ae0b44428501143fe87a1361f2b7116b24491b8c0015f0c730c3
                                                            • Instruction Fuzzy Hash: 8301D4B0A093489FEB05EFBC881425D7FB2AF92210F1485EE8405DB292DB316E19C766
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 013ED745 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333314215.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_13ed000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0846ee48a50246bf018f64294a4d132ffca3b96ebdca363a75329955aa5e7b7b
                                                            • Instruction ID: ea9d7093160823bcc2fc2306ca693f45397b1c635f01e82d94a8e0aeb11a0165
                                                            • Opcode Fuzzy Hash: 0846ee48a50246bf018f64294a4d132ffca3b96ebdca363a75329955aa5e7b7b
                                                            • Instruction Fuzzy Hash: 99012B310443A49EF7218F55CD88B66BFECDF41268F04C51AED190A2C2D3799841CAB6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FB7D8 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 95c945a4840ee01cbd6ee57958e7ea8d2f99970a807538bc4efdedd69dfe3e35
                                                            • Instruction ID: ee73da12dcbedb0e84f599de78ae94d0fa7c67d5e3e4c34fe06e5f9462dffbc7
                                                            • Opcode Fuzzy Hash: 95c945a4840ee01cbd6ee57958e7ea8d2f99970a807538bc4efdedd69dfe3e35
                                                            • Instruction Fuzzy Hash: 1C01DEB1911209DFDB14CFAAC44479ABEF5EB89360F24C169D518AB290C7744944CB94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FDB01 Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c2e0716ad6152e2823651c49acfbc4dfb834afd3d2fb637ae57a10ab0f4062fd
                                                            • Instruction ID: 7353b7bb3592b7e28cfa1fb55a2d624c0579a33d8e25f3cf698af3c1c67ea6bf
                                                            • Opcode Fuzzy Hash: c2e0716ad6152e2823651c49acfbc4dfb834afd3d2fb637ae57a10ab0f4062fd
                                                            • Instruction Fuzzy Hash: 3D016DF0E4421AAFDB14CF698C41AEEBFB4BB09364F504569E210DB282D73085418BE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F7078 Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9d1bd08d9fb4dccba68395866b1eb79196b0bd4ef6129136e7ed5287cdbaf53f
                                                            • Instruction ID: ffd5db4bba56a5a7c388ab0992a1f15cc00f4fd8300be928640b3820d211d18e
                                                            • Opcode Fuzzy Hash: 9d1bd08d9fb4dccba68395866b1eb79196b0bd4ef6129136e7ed5287cdbaf53f
                                                            • Instruction Fuzzy Hash: DF011E75A01248AFDB05DFB8C554A9DBFF1AF49210F09C1D6E448DB361D6349A50CF41
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 013ED744 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333314215.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_13ed000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ffef1d292cd394aa79a2814bfd7b2bd98b0065250403d1d7884969591f360b01
                                                            • Instruction ID: ebfae13d9e0a509729267cd4dc608d61bce9ec07c1d369183abf6b29b9d385a2
                                                            • Opcode Fuzzy Hash: ffef1d292cd394aa79a2814bfd7b2bd98b0065250403d1d7884969591f360b01
                                                            • Instruction Fuzzy Hash: A1F062714053949EE7218F19D988B62FFD8EB41638F18C45AED484A2C6C2799845CAB1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F7088 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6277c77ea70d0e56a84a49d12984e36ad952c33d67b00fa991fbcdfc9e4963a0
                                                            • Instruction ID: 1c7d706a97ae64fe64f36d46f073609846cf7b55e6f0e739a4be4e4caef52464
                                                            • Opcode Fuzzy Hash: 6277c77ea70d0e56a84a49d12984e36ad952c33d67b00fa991fbcdfc9e4963a0
                                                            • Instruction Fuzzy Hash: 9D01B674E00208AFDB04DFA9C588A9DBBF1EF48300F15C09999489B361D634D950CF40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FDB10 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9db7cb6ea1fc0afcb7e1eabfba00e701c361d148052fc4a9b81eedf305cab3f9
                                                            • Instruction ID: 7048d0b0ecd946aae98c8de871d247992a535163c19c8deaa08e373c0dd2684c
                                                            • Opcode Fuzzy Hash: 9db7cb6ea1fc0afcb7e1eabfba00e701c361d148052fc4a9b81eedf305cab3f9
                                                            • Instruction Fuzzy Hash: 00F0DAF0E0430AAFDB44DFA9C855AAEBBF4AB48314F1045A9D618E7300D7749541CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FDAA8 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 109d31ed403dd06e8d90a790adbf39300f08f349a50f3c0ddfac1889244f5bd3
                                                            • Instruction ID: babad2a4e365e7988184d3c7b44c9a22169681bd5f17ef621387b6bf98c4322e
                                                            • Opcode Fuzzy Hash: 109d31ed403dd06e8d90a790adbf39300f08f349a50f3c0ddfac1889244f5bd3
                                                            • Instruction Fuzzy Hash: B9F0A0B1A4A2299FD740DF6988046DEBBF0FF09200F1085AAC104D7351E77085058FD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F1A88 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7ec84db454f85d0fca1235ef6e97eb715e8ea140181736eca899f98a4e11d907
                                                            • Instruction ID: 22c82f6e5e727f57efd4919516d3635dd22ac25ab67c2caddce117cd26723926
                                                            • Opcode Fuzzy Hash: 7ec84db454f85d0fca1235ef6e97eb715e8ea140181736eca899f98a4e11d907
                                                            • Instruction Fuzzy Hash: 34E0DFB0B1930CCFFB318B6684197233AA4F7C0A00F4880889502E72D1EB288800CB22
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F6757 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 69e6b29861a915d9263c3befeb8df39a8adf858a9e3f8318ed05e201ee2377c8
                                                            • Instruction ID: 78743497f6d10132bb9a25393cbad6018ab06af69599b06279b49c0c0850f22a
                                                            • Opcode Fuzzy Hash: 69e6b29861a915d9263c3befeb8df39a8adf858a9e3f8318ed05e201ee2377c8
                                                            • Instruction Fuzzy Hash: A7E06578A112088FDB50CF88C58088DBBB1FF89340F25C194E405AB228D730EA80CF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FDAB8 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cd37b53cf01788c3c2ad2c0633f2f2f0a58074eb6d758e22b8c2c9b1517ddb3c
                                                            • Instruction ID: 3efdbaab3d3245f17ddd930fffb4466f51fed9404b34ca07014013b553815e38
                                                            • Opcode Fuzzy Hash: cd37b53cf01788c3c2ad2c0633f2f2f0a58074eb6d758e22b8c2c9b1517ddb3c
                                                            • Instruction Fuzzy Hash: 4EE046B0E04209DFC740EFBAC908A5EBBF0BF08200F10C4A9C118E7311E7B486008F90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F609C Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8c37385c6af178382c6fa81a6830803b77c5c4b2b013533f367b8a9d360f56e5
                                                            • Instruction ID: fcbbbbf6b2de8839a907e603a8d1906eba0de6138ea5a30c3d7966affcb91c29
                                                            • Opcode Fuzzy Hash: 8c37385c6af178382c6fa81a6830803b77c5c4b2b013533f367b8a9d360f56e5
                                                            • Instruction Fuzzy Hash: AEE046B0616348CFCB18CBA0C0418987B72FF99389B205099E002EA668C739D8A1CF01
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F6024 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 77413a363c2efb57ac2c3d7a85ecc4ab641dd1bd9311a4d288f0706b53593c48
                                                            • Instruction ID: 01b08e3b72b530eb05afe5a8b6a3f34046aaaa5f69be9786154166fe79cfbba0
                                                            • Opcode Fuzzy Hash: 77413a363c2efb57ac2c3d7a85ecc4ab641dd1bd9311a4d288f0706b53593c48
                                                            • Instruction Fuzzy Hash: 37E08C70511314CFCB54DFA0C445589BB70FF48380B1440A9D816DF66CC33A8991CF10
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F6563 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a4caa35ffa10e69d743c042b1900f188a8b24cec53d95b5a4d5aacc248fd72e8
                                                            • Instruction ID: 8e3fea2c0ab92aa8ce1fe95e9b4bf6f208de459cc37c6a83aa3e1248c2a57b47
                                                            • Opcode Fuzzy Hash: a4caa35ffa10e69d743c042b1900f188a8b24cec53d95b5a4d5aacc248fd72e8
                                                            • Instruction Fuzzy Hash: D2E0C2B0C6226DDFCB68CF65CA846DDBBB0AB1D340F104889C286B7254E6301AA4CF08
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F33F8 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: af01b82d976ca1c27c254e48bea664a5b2a8176495f0eaa201eb7cd82007ac2f
                                                            • Instruction ID: 619c604ee293b96e27bb42bedd13871dda99f81118b89ee92253c4e745e32efc
                                                            • Opcode Fuzzy Hash: af01b82d976ca1c27c254e48bea664a5b2a8176495f0eaa201eb7cd82007ac2f
                                                            • Instruction Fuzzy Hash: 29D0A7E2200284AFE7439374AC043093F75BBF9300F9880ADC2428B2AADA2D94158F11
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F3C68 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cc7cf6d206546df0545019f1f0f221bdf7b2c3bb99324a1929856f33e123f252
                                                            • Instruction ID: 26663c8e02a4370947477965d48f826d4feebd70bb3cce95e711962540625c9d
                                                            • Opcode Fuzzy Hash: cc7cf6d206546df0545019f1f0f221bdf7b2c3bb99324a1929856f33e123f252
                                                            • Instruction Fuzzy Hash: D0C080B15503489FC700DFB5940975E77ACD71B161F004558DD08C3140DA754560C6D6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F42D5 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 188763b4a6118344e34a87288d595c479e001ecf8e3b4c672efc9a9cd36e9426
                                                            • Instruction ID: d968bbbdfb16024710e9a4d38f730a78088b430aebc3eb854def26f3384ad821
                                                            • Opcode Fuzzy Hash: 188763b4a6118344e34a87288d595c479e001ecf8e3b4c672efc9a9cd36e9426
                                                            • Instruction Fuzzy Hash: 9DD01274A121198BCB94DF24DC84B8CB7B6EB88200F10D595D00993120DA745E858F04
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FAFF8 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 175d9af8651a371cc63c1f5702af7afd3834c5c440cb2a2091f5c147987f2713
                                                            • Instruction ID: c801c2a5c2c282a7af5b64fb8f3469c760bd25221880343818631858d58bb661
                                                            • Opcode Fuzzy Hash: 175d9af8651a371cc63c1f5702af7afd3834c5c440cb2a2091f5c147987f2713
                                                            • Instruction Fuzzy Hash: 51C012B900C000DEC701EB24C580F497FA5BFA6240F0AC4AAD248CA877D6269828EF93
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F3ABB Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fc2095b1182579a111f044cabffd8241429b47cd1a03fcfeaa2d660c5ce86fbf
                                                            • Instruction ID: 390879679dad547727c18c07ee4a69129c7e919da065fc641513f1d8ab2eb7e8
                                                            • Opcode Fuzzy Hash: fc2095b1182579a111f044cabffd8241429b47cd1a03fcfeaa2d660c5ce86fbf
                                                            • Instruction Fuzzy Hash: 3FC08CBA002204AE8601E710C4C0D597AA0FBA9380B40C826A244C20209621C51DDB03
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FCAE0 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3bfd8785c48a17e77634dc072f9bf8322ec51dd432f513ce6912255325628d3a
                                                            • Instruction ID: bc527f6ba634b2c05fe8c741720b40624e405db5450f5fa354bfd7ff0d60251d
                                                            • Opcode Fuzzy Hash: 3bfd8785c48a17e77634dc072f9bf8322ec51dd432f513ce6912255325628d3a
                                                            • Instruction Fuzzy Hash: 3DC012A50093C49BCA02DA648811AA13F205E73200B0A80C7AA88CA0A3C8245838E767
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 078FE1B8 Relevance: 5.3, Strings: 4, Instructions: 259COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: T+-q$[V~*$[V~*$]\`
                                                            • API String ID: 0-1849991408
                                                            • Opcode ID: 74e7d29793f61b3bdfd997fe5f7d6aa09439a3b13fc425ebda05c7203a42ee65
                                                            • Instruction ID: 1d68b9fd51cac46dd8450156157bedc4eacc37947a9b3ac7053a2003c349ca3e
                                                            • Opcode Fuzzy Hash: 74e7d29793f61b3bdfd997fe5f7d6aa09439a3b13fc425ebda05c7203a42ee65
                                                            • Instruction Fuzzy Hash: C0B1E9B0E156199BCB04CFAAD98099EFBF2FF99300F14D52AD519FB264E334A9018F54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FE1A8 Relevance: 4.0, Strings: 3, Instructions: 270COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: T+-q$[V~*$]\`
                                                            • API String ID: 0-3978741314
                                                            • Opcode ID: 5bc16c1852521fdfd9d168024e54b976b06b4c7777a0784d4aa71110a7686769
                                                            • Instruction ID: 922d4a793e297bf1e174132ec382747c7154984e26e576aa06708472f1f12076
                                                            • Opcode Fuzzy Hash: 5bc16c1852521fdfd9d168024e54b976b06b4c7777a0784d4aa71110a7686769
                                                            • Instruction Fuzzy Hash: 40B1F8B0E156199FCB04CFAAD98099EFBF2BF99300F14D52AD519FB264E730A9018F54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F3C91 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0
                                                            • API String ID: 0-4108050209
                                                            • Opcode ID: 5cb8061f84d5913ab40f734556471b77a229fd4b611927dfb8e0b6e687280d95
                                                            • Instruction ID: da52b808473a33068a50e71a120a3e062faa7b20e056bba0ee782f0f5c295345
                                                            • Opcode Fuzzy Hash: 5cb8061f84d5913ab40f734556471b77a229fd4b611927dfb8e0b6e687280d95
                                                            • Instruction Fuzzy Hash: 7E31EDB1E056189FEB18CFABD8506DEFBB3AFC9210F14C17AD508A7264DB344A458F51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01875867 Relevance: .3, Instructions: 320COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1d9997e11d8460dcef0bd9b4ba5f18d7f819aaf7c991c6cbd2aa4eb61b439389
                                                            • Instruction ID: a035b097952ad435c6079a4d81d018fe410b726360275e774d233b5113554b36
                                                            • Opcode Fuzzy Hash: 1d9997e11d8460dcef0bd9b4ba5f18d7f819aaf7c991c6cbd2aa4eb61b439389
                                                            • Instruction Fuzzy Hash: F1E11B74E006598FDB14DFA8C584AAEFBB2FF89304F248169D514AB356D730AE41CFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01875008 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4e6be1a08f485ad156416d75d515b6e21f6ec838693689bc43be5c429a1b2b44
                                                            • Instruction ID: f5222876160eadfc270c7ac32ac02a2e5a651137a0564c5043a3688e76fd7844
                                                            • Opcode Fuzzy Hash: 4e6be1a08f485ad156416d75d515b6e21f6ec838693689bc43be5c429a1b2b44
                                                            • Instruction Fuzzy Hash: 59E12874E006598FDB14DFA8C584AAEFBB2FF89304F248169D404AB355CB30AE41CFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01874BD0 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0623c85ddc1b2949ecf0481e9d07572bb76b0499696b37280070ab43f21805e9
                                                            • Instruction ID: 583a6892f2cff9a9aaca69e7212daf3d688ac5583c27245542f2c0780619da0b
                                                            • Opcode Fuzzy Hash: 0623c85ddc1b2949ecf0481e9d07572bb76b0499696b37280070ab43f21805e9
                                                            • Instruction Fuzzy Hash: B2E11674E006598FDB14DFA8C584AAEFBB2FF89304F248169D514AB355D730AE41CF64
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 018774E8 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: afd5a296ee28194cdf220a7a6d79d3842c4ca2652c8c73a8daef7d01a74def8f
                                                            • Instruction ID: fd6a0a86ae3df0cdf910dbc119ef47fbb5245cb742237524b1cf6bff9ce80cf8
                                                            • Opcode Fuzzy Hash: afd5a296ee28194cdf220a7a6d79d3842c4ca2652c8c73a8daef7d01a74def8f
                                                            • Instruction Fuzzy Hash: E1E11874E006598FDB14DFA8C584AAEFBB2FF89304F248169D514AB355D730AE41CFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01875440 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1334294542.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1870000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cf7e903b4fa0f5f835a7ec4bc7255fc91789cc10c3800a988e78546edc0b6b61
                                                            • Instruction ID: 00789fe8aed7f9d97659d1b46f00d7cc285c126c7cc71bd9a07842ad157fa7b5
                                                            • Opcode Fuzzy Hash: cf7e903b4fa0f5f835a7ec4bc7255fc91789cc10c3800a988e78546edc0b6b61
                                                            • Instruction Fuzzy Hash: 22E12774E006598FDB14DFA8C584AAEFBB2FF89304F248169D415AB356DB30AE41CF64
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FC090 Relevance: .3, Instructions: 268COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3663f0cf7c99d24ef95385405e8b8e9032a9cd19adefde3138b474db828f9b81
                                                            • Instruction ID: 11b772d76cf23665afaa92680c7f7f8d60bf79ed1e52a540f44389f3e1edf4cd
                                                            • Opcode Fuzzy Hash: 3663f0cf7c99d24ef95385405e8b8e9032a9cd19adefde3138b474db828f9b81
                                                            • Instruction Fuzzy Hash: 62D1F73592075A8ACB11EFA8D854A9DB7B1FFDA300F10C79AD14937650EB74AAC4CF81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0164DAFC Relevance: .3, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1333977812.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1640000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e554bb6e06db6b616ff5bce6afb9ecce91ce7ab09c0b54ae9cb5973828fead50
                                                            • Instruction ID: fa24b7e0a4006358b49e005c2ad53940c64c58751bf5e2c75966fbb6f6f93581
                                                            • Opcode Fuzzy Hash: e554bb6e06db6b616ff5bce6afb9ecce91ce7ab09c0b54ae9cb5973828fead50
                                                            • Instruction Fuzzy Hash: E9A16D32E0021ACFCF15DFB8C84459EBBB2FF95300B1585AAE905AB265DB31E956CB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FC0A0 Relevance: .3, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1a50b34c069dcdb4b527dbaf73a9b57cea53645ec64a0782f1fb972a4eacc377
                                                            • Instruction ID: b563680298946405f7ac65f0b437c0347882af2fe83ce5e7fc7fb329e8f627a9
                                                            • Opcode Fuzzy Hash: 1a50b34c069dcdb4b527dbaf73a9b57cea53645ec64a0782f1fb972a4eacc377
                                                            • Instruction Fuzzy Hash: 0CD1F63592075A8ACB11EFA8D854A9DB7B1FFDA300F10C79AD14937650EB74AAC4CF81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F7840 Relevance: .2, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7be9d2ff05baa451290e45cb80fb9d62fd853033736b220fb5b14bacf86b5e3b
                                                            • Instruction ID: f085e757b2c7144a52be209de9c012afc2191b67b1e4f4777a6ae730b99f5d40
                                                            • Opcode Fuzzy Hash: 7be9d2ff05baa451290e45cb80fb9d62fd853033736b220fb5b14bacf86b5e3b
                                                            • Instruction Fuzzy Hash: AD81E374E20219CFDB44CFA9C9849AEBBF2FF89210F249559D515EB320D334AA42CF94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F7832 Relevance: .2, Instructions: 182COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e472b522e75aedc56db5111a01b5fa4b0bf78d74aa339a0cf91a9df1dd78619e
                                                            • Instruction ID: 4ca2319476ed75ec04191958c2ae603243e33e0a9f96181eed65aebf7d8d5f31
                                                            • Opcode Fuzzy Hash: e472b522e75aedc56db5111a01b5fa4b0bf78d74aa339a0cf91a9df1dd78619e
                                                            • Instruction Fuzzy Hash: EF81E474E25219CFDB44CFA9C98499EBBF2FF89210F24955AD515EB320D330AA42CF94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F54F0 Relevance: .2, Instructions: 177COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4ce7b4d7d7a14cbf828dfd54e2136d7b82fad1f87305008e0e669ba0fd51c4fc
                                                            • Instruction ID: 54562b808911d51cd00684cdddcfb73b8b5254191ecf3e81db1c26cb84285f13
                                                            • Opcode Fuzzy Hash: 4ce7b4d7d7a14cbf828dfd54e2136d7b82fad1f87305008e0e669ba0fd51c4fc
                                                            • Instruction Fuzzy Hash: 2A7112B4E1520AABCB04CF99D4819AEFBB2FF99310F10852AE511EB354D3349A51CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F8CA0 Relevance: .2, Instructions: 160COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3009ff0fa5364b96dfb90700427a1e079eced502252660103937909f38aefd24
                                                            • Instruction ID: fc7cd1c7258339b40444478cfa9ab3cd87835facd7e889daea24084564592948
                                                            • Opcode Fuzzy Hash: 3009ff0fa5364b96dfb90700427a1e079eced502252660103937909f38aefd24
                                                            • Instruction Fuzzy Hash: 66619EB0926A0ADFCB48CF51E5865A9BFB1FBC9350F20D499C086D7158DB3887B5CB48
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F86E8 Relevance: .2, Instructions: 158COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0c057f5f93f195e9b377ea5f23dd3fced4782c5487da64d3468e1e1e8689bb1a
                                                            • Instruction ID: 01ff862173ff5816b416b0ce8693656e17796fc9e1a6dc6fe6ad212cbf52eb16
                                                            • Opcode Fuzzy Hash: 0c057f5f93f195e9b377ea5f23dd3fced4782c5487da64d3468e1e1e8689bb1a
                                                            • Instruction Fuzzy Hash: 026116B4E1420ADFDB04CFAAC5816AEFBB2BF59300F14845AD525F7240D3349A91CF95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078FA978 Relevance: .1, Instructions: 142COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5d58119cad21a99c61c1b4e6ea98bfdc7de52dc77a5ffe10dfc42eacc31cd6ea
                                                            • Instruction ID: 81bd8eface6a6e2fadf426a1f95eb3c1248dbdcb68a54bd1b18533b21d7aab96
                                                            • Opcode Fuzzy Hash: 5d58119cad21a99c61c1b4e6ea98bfdc7de52dc77a5ffe10dfc42eacc31cd6ea
                                                            • Instruction Fuzzy Hash: 3C5159B4E1120ADFCF08CFA6D8856AEFBF2BF9A210F20D42AD515E3254D7345A018F95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F8A58 Relevance: .1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6ed2cc8ca352867afbe66fde766e1f43626e856a2b01409419a027d455fa6d22
                                                            • Instruction ID: b27b37a9a74290c020f6fc238399b14a78e2b8f31a70b8ced8d14cd4c40d0bd8
                                                            • Opcode Fuzzy Hash: 6ed2cc8ca352867afbe66fde766e1f43626e856a2b01409419a027d455fa6d22
                                                            • Instruction Fuzzy Hash: 8941F3B0E0520A9FDB08CFAAC8815AEFBF2FF99300F24D56AC515E7254D7349A418F95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 078F8A68 Relevance: .1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1349196703.00000000078F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_78f0000_BARSYL SHIPPING Co (VIETNAM).jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 645206e9f4d1a8547e10e97845cf036a1c638fb922d27c8a09ec6ac92d98e108
                                                            • Instruction ID: ff93996f8120848e08bc6c7ec6ddfe2503d736bb468503973c7a2cd05f3305da
                                                            • Opcode Fuzzy Hash: 645206e9f4d1a8547e10e97845cf036a1c638fb922d27c8a09ec6ac92d98e108
                                                            • Instruction Fuzzy Hash: A541D1B0E0520A9FDB08CFAAC4815AEFBB2FF89300F24D46AC915E7250D7349A418F95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:10.5%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:1.6%
                                                            Total number of Nodes:187
                                                            Total number of Limit Nodes:27
                                                            execution_graph 40658 11b0848 40660 11b084e 40658->40660 40659 11b091b 40660->40659 40662 11b1392 40660->40662 40664 11b139b 40662->40664 40663 11b14b0 40663->40660 40664->40663 40668 6759d11 40664->40668 40674 6759d20 40664->40674 40680 11b8348 40664->40680 40669 6759d20 40668->40669 40670 6759d6d 40669->40670 40685 6759d80 40669->40685 40689 6759d70 40669->40689 40693 6759e02 40669->40693 40670->40664 40675 6759d28 40674->40675 40676 6759d6d 40675->40676 40677 6759d70 SetWindowsHookExA 40675->40677 40678 6759d80 SetWindowsHookExA 40675->40678 40679 6759e02 SetWindowsHookExA 40675->40679 40676->40664 40677->40675 40678->40675 40679->40675 40681 11b8352 40680->40681 40682 11b836c 40681->40682 40701 676fa68 40681->40701 40706 676fa58 40681->40706 40682->40664 40687 6759d9d 40685->40687 40686 6759e00 40686->40669 40687->40686 40697 6759100 40687->40697 40692 6759d9d 40689->40692 40690 6759e00 40690->40669 40691 6759100 SetWindowsHookExA 40691->40692 40692->40690 40692->40691 40694 6759dbd 40693->40694 40695 6759100 SetWindowsHookExA 40694->40695 40696 6759e00 40694->40696 40695->40694 40696->40669 40699 6759f88 SetWindowsHookExA 40697->40699 40700 675a012 40699->40700 40700->40687 40703 676fa7d 40701->40703 40702 676fc92 40702->40682 40703->40702 40704 676fcb8 GlobalMemoryStatusEx GlobalMemoryStatusEx 40703->40704 40705 676fca8 GlobalMemoryStatusEx GlobalMemoryStatusEx 40703->40705 40704->40703 40705->40703 40707 676fa68 40706->40707 40708 676fc92 40707->40708 40709 676fcb8 GlobalMemoryStatusEx GlobalMemoryStatusEx 40707->40709 40710 676fca8 GlobalMemoryStatusEx GlobalMemoryStatusEx 40707->40710 40708->40682 40709->40707 40710->40707 40638 6757b70 40639 6757b78 40638->40639 40641 6757b9b 40639->40641 40642 6757234 40639->40642 40643 6757bb0 KiUserCallbackDispatcher 40642->40643 40645 6757c1e 40643->40645 40645->40639 40646 6751950 40647 6751992 40646->40647 40648 6751998 GetModuleHandleW 40646->40648 40647->40648 40649 67519c5 40648->40649 40711 fed044 40712 fed05c 40711->40712 40713 fed0b6 40712->40713 40722 67575ad 40712->40722 40730 6752ba3 40712->40730 40734 6757590 40712->40734 40742 67575d0 40712->40742 40750 6752bb0 40712->40750 40754 67575b1 40712->40754 40762 67575b5 40712->40762 40770 6750a2c 40712->40770 40725 67575af 40722->40725 40723 6757651 40790 67571e0 40723->40790 40725->40723 40727 6757641 40725->40727 40726 675764f 40778 6757778 40727->40778 40784 6757768 40727->40784 40731 6752bac 40730->40731 40732 6750a2c 2 API calls 40731->40732 40733 6752bf7 40732->40733 40733->40713 40735 6757595 40734->40735 40736 6757651 40735->40736 40738 6757641 40735->40738 40737 67571e0 2 API calls 40736->40737 40739 675764f 40737->40739 40740 6757778 2 API calls 40738->40740 40741 6757768 2 API calls 40738->40741 40740->40739 40741->40739 40743 67575af 40742->40743 40743->40742 40744 6757651 40743->40744 40746 6757641 40743->40746 40745 67571e0 2 API calls 40744->40745 40747 675764f 40745->40747 40748 6757778 2 API calls 40746->40748 40749 6757768 2 API calls 40746->40749 40747->40747 40748->40747 40749->40747 40751 6752bd6 40750->40751 40752 6750a2c 2 API calls 40751->40752 40753 6752bf7 40752->40753 40753->40713 40755 67575af 40754->40755 40756 6757651 40755->40756 40758 6757641 40755->40758 40757 67571e0 2 API calls 40756->40757 40759 675764f 40757->40759 40760 6757778 2 API calls 40758->40760 40761 6757768 2 API calls 40758->40761 40759->40759 40760->40759 40761->40759 40764 67575af 40762->40764 40763 6757651 40765 67571e0 2 API calls 40763->40765 40764->40763 40766 6757641 40764->40766 40767 675764f 40765->40767 40768 6757778 2 API calls 40766->40768 40769 6757768 2 API calls 40766->40769 40767->40767 40768->40767 40769->40767 40773 6750a37 40770->40773 40771 6757651 40772 67571e0 2 API calls 40771->40772 40775 675764f 40772->40775 40773->40771 40774 6757641 40773->40774 40776 6757778 2 API calls 40774->40776 40777 6757768 2 API calls 40774->40777 40775->40775 40776->40775 40777->40775 40780 6757786 40778->40780 40779 67571e0 2 API calls 40779->40780 40780->40779 40781 6757862 40780->40781 40797 6757c40 40780->40797 40802 6757c50 40780->40802 40781->40726 40786 6757786 40784->40786 40785 67571e0 2 API calls 40785->40786 40786->40785 40787 6757862 40786->40787 40788 6757c50 OleGetClipboard 40786->40788 40789 6757c40 OleGetClipboard 40786->40789 40787->40726 40788->40786 40789->40786 40791 67571eb 40790->40791 40792 6757964 40791->40792 40793 67578ba 40791->40793 40795 6750a2c OleGetClipboard 40792->40795 40794 6757912 CallWindowProcW 40793->40794 40796 67578c1 40793->40796 40794->40796 40795->40796 40796->40726 40798 6757c46 40797->40798 40799 6757c36 40798->40799 40807 6757df7 40798->40807 40813 6757e08 40798->40813 40799->40780 40803 6757c6f 40802->40803 40804 6757d38 40803->40804 40805 6757df7 OleGetClipboard 40803->40805 40806 6757e08 OleGetClipboard 40803->40806 40804->40780 40805->40803 40806->40803 40809 6757e08 40807->40809 40808 6757e24 40808->40798 40809->40808 40819 6757e41 40809->40819 40830 6757e50 40809->40830 40810 6757e39 40810->40798 40815 6757e10 40813->40815 40814 6757e24 40814->40798 40815->40814 40817 6757e41 OleGetClipboard 40815->40817 40818 6757e50 OleGetClipboard 40815->40818 40816 6757e39 40816->40798 40817->40816 40818->40816 40820 6757e62 40819->40820 40821 6757e7d 40820->40821 40824 6757ec1 40820->40824 40826 6757e41 OleGetClipboard 40821->40826 40827 6757e50 OleGetClipboard 40821->40827 40822 6757e83 40822->40810 40823 6757f5f 40823->40810 40825 6757f4b 40824->40825 40841 6758118 40824->40841 40845 6758108 40824->40845 40825->40810 40826->40822 40827->40822 40831 6757e62 40830->40831 40832 6757e7d 40831->40832 40835 6757ec1 40831->40835 40839 6757e41 OleGetClipboard 40832->40839 40840 6757e50 OleGetClipboard 40832->40840 40833 6757e83 40833->40810 40834 6757f5f 40834->40810 40836 6757f4b 40835->40836 40837 6758118 OleGetClipboard 40835->40837 40838 6758108 OleGetClipboard 40835->40838 40836->40810 40837->40834 40838->40834 40839->40833 40840->40833 40843 675812d 40841->40843 40844 6758153 40843->40844 40849 6757580 40843->40849 40844->40823 40847 675812d 40845->40847 40846 6757580 OleGetClipboard 40846->40847 40847->40846 40848 6758153 40847->40848 40848->40823 40850 67581c0 OleGetClipboard 40849->40850 40852 675825a 40850->40852 40650 11b8170 40651 11b81b6 DeleteFileW 40650->40651 40653 11b81ef 40651->40653 40654 67529f8 40655 6752a60 CreateWindowExW 40654->40655 40657 6752b1c 40655->40657 40853 6758028 40854 6758033 40853->40854 40855 6758043 40854->40855 40857 675746c 40854->40857 40858 6758078 OleInitialize 40857->40858 40859 67580dc 40858->40859 40859->40855 40860 67565e8 DuplicateHandle 40861 675667e 40860->40861

                                                            Executed Functions

                                                            Function 067655E0 Relevance: 1.8, Strings: 1, Instructions: 589COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 711 67655e0-67655fd 712 67655ff-6765602 711->712 713 6765604-6765614 712->713 714 6765619-676561c 712->714 713->714 715 676561e-676562c 714->715 716 676563b-676563e 714->716 720 6765633-6765636 715->720 717 6765640-6765644 716->717 718 676564f-6765652 716->718 721 676579c-67657a9 717->721 722 676564a 717->722 723 6765654-6765657 718->723 724 676565e-6765661 718->724 720->716 722->718 723->715 725 6765659 723->725 726 6765663-6765675 724->726 727 676567a-676567d 724->727 725->724 726->727 728 67656a3-67656a6 727->728 729 676567f-676569e 727->729 728->723 730 67656a8-67656ab 728->730 729->728 732 67656ad-67656b3 730->732 733 67656ba-67656bd 730->733 735 67656b5 732->735 736 676571c-676571d 732->736 737 67656d5-67656d8 733->737 738 67656bf-67656d0 733->738 735->733 740 6765722-6765725 736->740 741 67656f5-67656f8 737->741 742 67656da-67656f0 737->742 738->737 743 6765727-676572d 740->743 744 6765754-6765757 740->744 746 67656fa-67656fd 741->746 747 6765768-676576e 741->747 742->741 750 676572f-676573a 743->750 751 67657aa-67657d3 743->751 752 6765763-6765766 744->752 753 6765759-6765762 744->753 748 67656ff-6765705 746->748 749 676570a-676570d 746->749 747->743 755 6765770 747->755 748->749 756 6765717-676571a 749->756 757 676570f-6765714 749->757 750->751 758 676573c-6765749 750->758 768 67657dd-67657e0 751->768 752->747 759 6765775-6765778 752->759 755->759 756->736 756->740 757->756 758->751 762 676574b-676574f 758->762 760 6765780-6765783 759->760 761 676577a-676577b 759->761 764 6765785-6765787 760->764 765 676578a-676578c 760->765 761->760 762->744 764->765 766 6765793-6765796 765->766 767 676578e 765->767 766->712 766->721 767->766 769 6765802-6765805 768->769 770 67657e2-67657e6 768->770 771 6765807-676580e 769->771 772 6765819-676581c 769->772 773 67658ce-676590c 770->773 774 67657ec-67657f4 770->774 775 67658c6-67658cd 771->775 776 6765814 771->776 777 6765834-6765837 772->777 778 676581e-676582f 772->778 787 676590e-6765911 773->787 774->773 779 67657fa-67657fd 774->779 776->772 780 6765859-676585c 777->780 781 6765839-676583d 777->781 778->777 779->769 785 676585e-6765868 780->785 786 676586d-6765870 780->786 781->773 784 6765843-676584b 781->784 784->773 790 6765851-6765854 784->790 785->786 791 6765872-6765879 786->791 792 676587a-676587d 786->792 788 6765913-676591a 787->788 789 676591f-6765922 787->789 788->789 795 6765924-6765937 789->795 796 676593a-676593d 789->796 790->780 793 6765897-676589a 792->793 794 676587f-6765883 792->794 799 67658b4-67658b6 793->799 800 676589c-67658a0 793->800 794->773 798 6765885-676588d 794->798 801 67659e3-6765b77 796->801 802 6765943-6765946 796->802 798->773 803 676588f-6765892 798->803 808 67658bd-67658c0 799->808 809 67658b8 799->809 800->773 805 67658a2-67658aa 800->805 860 6765cad-6765cc0 801->860 861 6765b7d-6765b84 801->861 806 6765950-6765953 802->806 807 6765948-676594d 802->807 803->793 805->773 811 67658ac-67658af 805->811 812 6765955-6765966 806->812 813 676596d-6765970 806->813 807->806 808->768 808->775 809->808 811->799 820 67659a0-67659b1 812->820 822 6765968 812->822 814 6765972-6765979 813->814 815 676597e-6765981 813->815 814->815 816 6765983-6765994 815->816 817 676599b-676599e 815->817 816->795 826 6765996 816->826 817->820 821 67659b8-67659bb 817->821 820->814 831 67659b3 820->831 821->801 825 67659bd-67659c0 821->825 822->813 828 67659c2-67659d3 825->828 829 67659da-67659dd 825->829 826->817 828->814 839 67659d5 828->839 829->801 830 6765cc3-6765cc6 829->830 833 6765ce4-6765ce6 830->833 834 6765cc8-6765cd9 830->834 831->821 836 6765ced-6765cf0 833->836 837 6765ce8 833->837 834->814 842 6765cdf 834->842 836->787 840 6765cf6-6765cff 836->840 837->836 839->829 842->833 862 6765b8a-6765bad 861->862 863 6765c38-6765c3f 861->863 872 6765bb5-6765bbd 862->872 863->860 864 6765c41-6765c74 863->864 876 6765c76 864->876 877 6765c79-6765ca6 864->877 874 6765bc2-6765c03 872->874 875 6765bbf 872->875 885 6765c05-6765c16 874->885 886 6765c1b-6765c2c 874->886 875->874 876->877 877->840 885->840 886->840
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $
                                                            • API String ID: 0-3993045852
                                                            • Opcode ID: f8395ab140ae6e7c8737e33244e7f899894d088ef7d8ee296171c7cf7c4cdf8d
                                                            • Instruction ID: a95b3ade7d106d727a1859cf09cef74bbb49a8b9b6bf3298becdba8002ecd563
                                                            • Opcode Fuzzy Hash: f8395ab140ae6e7c8737e33244e7f899894d088ef7d8ee296171c7cf7c4cdf8d
                                                            • Instruction Fuzzy Hash: 7322E431E002099FEF64CBA9C4806BEBBB2FF85310F24856AE945AB354DB35DC45DB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06759100 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetWindowsHookExA.USER32(0000000D,00000000,?,?,?,?,?,?,?,?,?,06759DF0,00000000,00000000), ref: 0675A003
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: HookWindows
                                                            • String ID:
                                                            • API String ID: 2559412058-0
                                                            • Opcode ID: 683075e42e2e1b7491c00cf15ac05e73cf7c7f761294c974d4c8b576bcb1aa1c
                                                            • Instruction ID: aa1eefedcd26817a830b7d193efb9156ee3c65d5ccb3a8b4b2002c210b30b2dc
                                                            • Opcode Fuzzy Hash: 683075e42e2e1b7491c00cf15ac05e73cf7c7f761294c974d4c8b576bcb1aa1c
                                                            • Instruction Fuzzy Hash: 82213471D002489FDB64CF9AC844BEEBBF5FB88310F10852AE818A7250D778A945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06766618 Relevance: .8, Instructions: 811COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a35c61cfbce5787433668f674f534e238a633f81d4d0fc7219dda43c18dd2ab1
                                                            • Instruction ID: fdd5f00b1cc4122e7be236c37abac71215fa7218639a70f58cdedf64a290c7fa
                                                            • Opcode Fuzzy Hash: a35c61cfbce5787433668f674f534e238a633f81d4d0fc7219dda43c18dd2ab1
                                                            • Instruction Fuzzy Hash: CA62BD34B002049FDB54DB69D594BADBBB2FF88304F648469E806EB391DB35EC42CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067634A0 Relevance: .5, Instructions: 545COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 64ef5683e9d39ae15816b0db1241c85ecb9c0f1274f9a58e5fc46705d87f8a08
                                                            • Instruction ID: fae0edf451da4f7bbf353c43b125cef6c5c865a8690285c0f984b56df1585e03
                                                            • Opcode Fuzzy Hash: 64ef5683e9d39ae15816b0db1241c85ecb9c0f1274f9a58e5fc46705d87f8a08
                                                            • Instruction Fuzzy Hash: FA323F31E10619CFCB14EF79C8946ADB7B2BFC9310F10D65AE40AA7254EB70A985CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06767DA0 Relevance: .5, Instructions: 470COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 98bcc4bcc7273704a37ff1391b8a10bbaee7a9bffd4fbbbcb9c49c53ec724afc
                                                            • Instruction ID: 3008f7808213deec573701caa5fae73b71fc87eddc742b1e4e3d03547e3d44b9
                                                            • Opcode Fuzzy Hash: 98bcc4bcc7273704a37ff1391b8a10bbaee7a9bffd4fbbbcb9c49c53ec724afc
                                                            • Instruction Fuzzy Hash: AE02BF30B102099FDB18DB79D894B6EB7B2FF84300F148929E805AB355DB35EC86CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06764BA0 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 6764ba0-6764bc4 1 6764bc6-6764bc9 0->1 2 6764bea-6764bed 1->2 3 6764bcb-6764be5 1->3 4 6764bf3-6764ceb 2->4 5 67652cc-67652ce 2->5 3->2 23 6764cf1-6764d39 4->23 24 6764d6e-6764d75 4->24 6 67652d5-67652d8 5->6 7 67652d0 5->7 6->1 9 67652de-67652eb 6->9 7->6 45 6764d3e call 6765453 23->45 46 6764d3e call 6765460 23->46 25 6764d7b-6764deb 24->25 26 6764df9-6764e02 24->26 43 6764df6 25->43 44 6764ded 25->44 26->9 37 6764d44-6764d60 40 6764d62 37->40 41 6764d6b 37->41 40->41 41->24 43->26 44->43 45->37 46->37
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: fq$XPq$\Oq
                                                            • API String ID: 0-132346853
                                                            • Opcode ID: 2b0fe64c795bc668eddc70b61035e160d0a9966421de118a92611991bb61ade9
                                                            • Instruction ID: 90cb2592544976f701a2b4fec551b533cf495222460a6654c76d6681cbceece6
                                                            • Opcode Fuzzy Hash: 2b0fe64c795bc668eddc70b61035e160d0a9966421de118a92611991bb61ade9
                                                            • Instruction Fuzzy Hash: 25618430F002189FEF549BA9C8557AEBBF6FF88300F24842AE506AB395DF754C459B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06764B90 Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 664 6764b90-6764bc4 665 6764bc6-6764bc9 664->665 666 6764bea-6764bed 665->666 667 6764bcb-6764be5 665->667 668 6764bf3-6764ceb 666->668 669 67652cc-67652ce 666->669 667->666 687 6764cf1-6764d39 668->687 688 6764d6e-6764d75 668->688 670 67652d5-67652d8 669->670 671 67652d0 669->671 670->665 673 67652de-67652eb 670->673 671->670 709 6764d3e call 6765453 687->709 710 6764d3e call 6765460 687->710 689 6764d7b-6764deb 688->689 690 6764df9-6764e02 688->690 707 6764df6 689->707 708 6764ded 689->708 690->673 701 6764d44-6764d60 704 6764d62 701->704 705 6764d6b 701->705 704->705 705->688 707->690 708->707 709->701 710->701
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: fq$XPq
                                                            • API String ID: 0-3167736908
                                                            • Opcode ID: 2b9151111a5565d8222b44d6dd07a1300128437f60dcefdec183689d0473abc6
                                                            • Instruction ID: 8a4e71e57aaf701006f18fefe39ea5defc061154b25fb36b1570ba1fc4aa1e5e
                                                            • Opcode Fuzzy Hash: 2b9151111a5565d8222b44d6dd07a1300128437f60dcefdec183689d0473abc6
                                                            • Instruction Fuzzy Hash: 4B518030F002089FDB549FA5C8557AEBBF6EF88700F24C42AE506AB395DE758C459B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067529F3 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1021 67529f3-6752a5e 1023 6752a60-6752a66 1021->1023 1024 6752a69-6752a70 1021->1024 1023->1024 1025 6752a72-6752a78 1024->1025 1026 6752a7b-6752ab3 1024->1026 1025->1026 1027 6752abb-6752b1a CreateWindowExW 1026->1027 1028 6752b23-6752b5b 1027->1028 1029 6752b1c-6752b22 1027->1029 1033 6752b5d-6752b60 1028->1033 1034 6752b68 1028->1034 1029->1028 1033->1034 1035 6752b69 1034->1035 1035->1035
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06752B0A
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: f158d712d46ce57f61c2db3df5fdc002926f66c6f5d5358ebf8c6be52525764c
                                                            • Instruction ID: 8e41905f2f48616ce2874c633be37c3042ca858420c5c11c7ffd000bca2f52fa
                                                            • Opcode Fuzzy Hash: f158d712d46ce57f61c2db3df5fdc002926f66c6f5d5358ebf8c6be52525764c
                                                            • Instruction Fuzzy Hash: 5451B2B1D00349DFDB14CF9AC884ADEBBB5BF48310F25822AE818AB211D7759945CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067529F8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1036 67529f8-6752a5e 1037 6752a60-6752a66 1036->1037 1038 6752a69-6752a70 1036->1038 1037->1038 1039 6752a72-6752a78 1038->1039 1040 6752a7b-6752b1a CreateWindowExW 1038->1040 1039->1040 1042 6752b23-6752b5b 1040->1042 1043 6752b1c-6752b22 1040->1043 1047 6752b5d-6752b60 1042->1047 1048 6752b68 1042->1048 1043->1042 1047->1048 1049 6752b69 1048->1049 1049->1049
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06752B0A
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: bd8a85b84ee79232051d4d8f859e49e3fb639c854cc01c64ec5dc925dd1a7c58
                                                            • Instruction ID: b397c3c3db5c029c34624fbe75291fa79447177d3bc8db97723e109525aa0cc4
                                                            • Opcode Fuzzy Hash: bd8a85b84ee79232051d4d8f859e49e3fb639c854cc01c64ec5dc925dd1a7c58
                                                            • Instruction Fuzzy Hash: 8D41B2B1D00349DFDB14CF9AC884ADEBBB5FF48310F25822AE819AB211D775A945CF94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067571E0 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1050 67571e0-67578b4 1053 6757964-6757984 call 6750a2c 1050->1053 1054 67578ba-67578bf 1050->1054 1061 6757987-6757994 1053->1061 1055 67578c1-67578f8 1054->1055 1056 6757912-675794a CallWindowProcW 1054->1056 1063 6757901-6757910 1055->1063 1064 67578fa-6757900 1055->1064 1058 6757953-6757962 1056->1058 1059 675794c-6757952 1056->1059 1058->1061 1059->1058 1063->1061 1064->1063
                                                            APIs
                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 06757939
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: CallProcWindow
                                                            • String ID:
                                                            • API String ID: 2714655100-0
                                                            • Opcode ID: f033f7066425926e95106f8ca5ebee11366939b40e29db37d061c39616c8e462
                                                            • Instruction ID: 59153610497f44b40869fafee3dd0b8c65d386f178f67f90b433a74a17eff659
                                                            • Opcode Fuzzy Hash: f033f7066425926e95106f8ca5ebee11366939b40e29db37d061c39616c8e462
                                                            • Instruction Fuzzy Hash: 10411AB4900349DFDB54CF99C888AAABBF5FF88314F25C499D919A7321D375A841CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06759110 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1067 6759110-6759128 1070 6759106-6759fd2 1067->1070 1071 675912a-6759140 1067->1071 1076 6759fd4-6759fdc 1070->1076 1077 6759fde-675a010 SetWindowsHookExA 1070->1077 1080 67590d2 1071->1080 1081 6759142-6759147 1071->1081 1076->1077 1078 675a012-675a018 1077->1078 1079 675a019-675a039 1077->1079 1078->1079 1080->1070
                                                            APIs
                                                            • SetWindowsHookExA.USER32(0000000D,00000000,?,?,?,?,?,?,?,?,?,06759DF0,00000000,00000000), ref: 0675A003
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: HookWindows
                                                            • String ID:
                                                            • API String ID: 2559412058-0
                                                            • Opcode ID: 992ea93239368efdb5509387d35d3938a712e35ac1bbc1a423df58a2aaa54c67
                                                            • Instruction ID: 3e44c1778b697fadd1f51fe0badeb59c54d6709d15ac831fb370368fcdb92d00
                                                            • Opcode Fuzzy Hash: 992ea93239368efdb5509387d35d3938a712e35ac1bbc1a423df58a2aaa54c67
                                                            • Instruction Fuzzy Hash: 7B31A130C093988FDB51DFA9C8507DEBFF0AF49320F15849AD494A7291D7789848CBA6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067581B5 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1199 67581b5-6758210 1201 675821a-6758258 OleGetClipboard 1199->1201 1202 6758261-67582af 1201->1202 1203 675825a-6758260 1201->1203 1208 67582b1-67582b5 1202->1208 1209 67582bf 1202->1209 1203->1202 1208->1209 1210 67582b7 1208->1210 1211 67582c0 1209->1211 1210->1209 1211->1211
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: Clipboard
                                                            • String ID:
                                                            • API String ID: 220874293-0
                                                            • Opcode ID: 203500e076fb47477f0f9ab2ffe1ec48c5130740767ff6df33205917e4fdb078
                                                            • Instruction ID: c70287f067558ae93ba3062da02779c619fcf63470d49008c59dba9152002221
                                                            • Opcode Fuzzy Hash: 203500e076fb47477f0f9ab2ffe1ec48c5130740767ff6df33205917e4fdb078
                                                            • Instruction Fuzzy Hash: 113101B0D01658DFEB24CF99C884BDEBBF5AF49314F248059E804AB390DBB5A845CB61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06757580 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1186 6757580-6758258 OleGetClipboard 1189 6758261-67582af 1186->1189 1190 675825a-6758260 1186->1190 1195 67582b1-67582b5 1189->1195 1196 67582bf 1189->1196 1190->1189 1195->1196 1197 67582b7 1195->1197 1198 67582c0 1196->1198 1197->1196 1198->1198
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: Clipboard
                                                            • String ID:
                                                            • API String ID: 220874293-0
                                                            • Opcode ID: b545a2547b0362341a90e842b072d911f38621775c79b4f2c40f1684d567cea4
                                                            • Instruction ID: 435a52bb23aaf5ed7a3543c59fd4d723acc6794394e0e7351bc88bab2b8ac0fa
                                                            • Opcode Fuzzy Hash: b545a2547b0362341a90e842b072d911f38621775c79b4f2c40f1684d567cea4
                                                            • Instruction Fuzzy Hash: CE3102B0D01618DFEB64CF99C884B9DBBF5AF48304F248059E804AB390DBB5A845CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06759F83 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1212 6759f83-6759f84 1213 6759f86-6759fd2 1212->1213 1214 6759f62-6759f69 1212->1214 1219 6759fd4-6759fdc 1213->1219 1220 6759fde-675a010 SetWindowsHookExA 1213->1220 1215 6759f70-6759f77 1214->1215 1216 6759f6b 1214->1216 1216->1215 1219->1220 1221 675a012-675a018 1220->1221 1222 675a019-675a039 1220->1222 1221->1222
                                                            APIs
                                                            • SetWindowsHookExA.USER32(0000000D,00000000,?,?,?,?,?,?,?,?,?,06759DF0,00000000,00000000), ref: 0675A003
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: HookWindows
                                                            • String ID:
                                                            • API String ID: 2559412058-0
                                                            • Opcode ID: 7ab1560a00cad8fc4f6e0b1095549cbc4ae9321db09245c34e7e1d52f561797b
                                                            • Instruction ID: 20eaee999f19180138182490cccca535dfd547edf2cae04f624fddb0e3b26b97
                                                            • Opcode Fuzzy Hash: 7ab1560a00cad8fc4f6e0b1095549cbc4ae9321db09245c34e7e1d52f561797b
                                                            • Instruction Fuzzy Hash: B8213375D002489FDB20CF9AD844BEEFBF4EB88310F10856AE858A3290C7746945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067565E0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1226 67565e0-67565e7 1227 67565e8-675667c DuplicateHandle 1226->1227 1228 6756685-67566a2 1227->1228 1229 675667e-6756684 1227->1229 1229->1228
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0675666F
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: e67dec993849151e37bd53a4f9473a299a8ac8e11c12f46b3c6d51413f7abf78
                                                            • Instruction ID: b5b474500199d4699ad0c1c11a05030831b957c51723a5803b86de4ef58367a6
                                                            • Opcode Fuzzy Hash: e67dec993849151e37bd53a4f9473a299a8ac8e11c12f46b3c6d51413f7abf78
                                                            • Instruction Fuzzy Hash: F621E5B59003489FDB10CFAAD884ADEBBF9EB48310F14851AE954A3310D778A950CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067565E8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0675666F
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: b6151754037f139426e2cf5c21f9d6597983303dd0caa0d68d78f22d3e61e124
                                                            • Instruction ID: db356616cacbaeda95c81c1f8be265e21059e26f0e393f34208f75de7a77158f
                                                            • Opcode Fuzzy Hash: b6151754037f139426e2cf5c21f9d6597983303dd0caa0d68d78f22d3e61e124
                                                            • Instruction Fuzzy Hash: E221C4B5D003489FDB10CFAAD984ADEFBF5EB48310F14851AE918A3350D778A954CF65
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B8169 Relevance: 1.6, APIs: 1, Instructions: 61fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteFileW.KERNELBASE(00000000), ref: 011B81E0
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1373814793.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_11b0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: DeleteFile
                                                            • String ID:
                                                            • API String ID: 4033686569-0
                                                            • Opcode ID: b24504fddd0ba05cfaaa25e85a9d41afd00d608cddd81adda3ea595e92eb95ed
                                                            • Instruction ID: 02f2f4fd8c9461253fc450b464e0011235fa73f7dfc03c3216d864240545168a
                                                            • Opcode Fuzzy Hash: b24504fddd0ba05cfaaa25e85a9d41afd00d608cddd81adda3ea595e92eb95ed
                                                            • Instruction Fuzzy Hash: 4E2127B1C0065A9FDB24CF9AD4457EEFBB4FF48720F11862AD818A7240D738A941CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B8170 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteFileW.KERNELBASE(00000000), ref: 011B81E0
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1373814793.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_11b0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: DeleteFile
                                                            • String ID:
                                                            • API String ID: 4033686569-0
                                                            • Opcode ID: d05226132b556fdcfe48a004c57b20eccd64c95941360690731b0bac216a013a
                                                            • Instruction ID: 5e2e5d6a5ffcc87ad3c954270f2cb5dbca8e92ec369b5281085168f5e83c0469
                                                            • Opcode Fuzzy Hash: d05226132b556fdcfe48a004c57b20eccd64c95941360690731b0bac216a013a
                                                            • Instruction Fuzzy Hash: 601136B1C0065A9FDB24CF9AC8447DEFBB4FF48720F10822AD818A7240D738A940CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BF0EB Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GlobalMemoryStatusEx.KERNELBASE ref: 011BF157
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1373814793.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_11b0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: GlobalMemoryStatus
                                                            • String ID:
                                                            • API String ID: 1890195054-0
                                                            • Opcode ID: c5db2eef716f398105e425259652e3da1d25013b1b24db5baa0e2c82a8c1a153
                                                            • Instruction ID: cee1bd0eced2081dc621a757c53f92d616840d8fd0455dce675abb525dab96ef
                                                            • Opcode Fuzzy Hash: c5db2eef716f398105e425259652e3da1d25013b1b24db5baa0e2c82a8c1a153
                                                            • Instruction Fuzzy Hash: E71114B1C006599BDB10CF9AC845BDEFBF4EF48310F14852AD818B7240D778A945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BF0F0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GlobalMemoryStatusEx.KERNELBASE ref: 011BF157
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1373814793.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_11b0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: GlobalMemoryStatus
                                                            • String ID:
                                                            • API String ID: 1890195054-0
                                                            • Opcode ID: 2e36236e73084a22456997ba9f25ba7b7591a1587c7db63c03f336e27f14354c
                                                            • Instruction ID: 75fb1e2f120c59ef5740971c2313dee00cdf76269ddfb136c22801c389f9f5c1
                                                            • Opcode Fuzzy Hash: 2e36236e73084a22456997ba9f25ba7b7591a1587c7db63c03f336e27f14354c
                                                            • Instruction Fuzzy Hash: 671123B1C0065A9BDB10CF9AC844BDEFBF4EF48320F14862AD818B7240D778A941CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0675194B Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 067519B6
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 739d707d1295a07605ea323b3fd667fcd3568d051c773b89797674ad759b8921
                                                            • Instruction ID: 732a168f7f76f24b3ca680a50055a0692272dc6430558b80220d2fc20a596b1a
                                                            • Opcode Fuzzy Hash: 739d707d1295a07605ea323b3fd667fcd3568d051c773b89797674ad759b8921
                                                            • Instruction Fuzzy Hash: BE1102B5C006498FDB20CF9AC844BDEFBF8EB89224F11855AD868B7350C379A545CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06751950 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 067519B6
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 47626754f9b951c3ca94936686ae8b1231fced6d0efb13f618567d030902886b
                                                            • Instruction ID: 6f86d17fb1bfbeab13c6c7761a9cb149f5f18e5e90ee25af334a2efa47e88a97
                                                            • Opcode Fuzzy Hash: 47626754f9b951c3ca94936686ae8b1231fced6d0efb13f618567d030902886b
                                                            • Instruction Fuzzy Hash: A411E0B5C006498FDB20CF9AC844BDEFBF4EB88214F11856AD869A7310D379A545CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0675746C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • OleInitialize.OLE32(00000000), ref: 067580CD
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: Initialize
                                                            • String ID:
                                                            • API String ID: 2538663250-0
                                                            • Opcode ID: 5ea8253a8aecbeb640d68c11be989a93418f6cb13cac162feacfd24e8ded5263
                                                            • Instruction ID: beb2fa1bfddb4e39af7fa3b1716d63c35ce74142ab74216bfdc92fad3e2e2515
                                                            • Opcode Fuzzy Hash: 5ea8253a8aecbeb640d68c11be989a93418f6cb13cac162feacfd24e8ded5263
                                                            • Instruction Fuzzy Hash: AD1115B59007588FDB20DF9AD445BDEFBF4EB48210F10855AD918A7300D7B9A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06757234 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,06757B85), ref: 06757C0F
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: CallbackDispatcherUser
                                                            • String ID:
                                                            • API String ID: 2492992576-0
                                                            • Opcode ID: 0cbd2728ab6b874d4b3bd55f8aa78f2eb868ccfc8bb6c9181dd863ebcf9eb4e2
                                                            • Instruction ID: 23ea1435069dc275c9f1a9f0d7e3dddff8b84ecbb7bcc491aa61c14f86eb221f
                                                            • Opcode Fuzzy Hash: 0cbd2728ab6b874d4b3bd55f8aa78f2eb868ccfc8bb6c9181dd863ebcf9eb4e2
                                                            • Instruction Fuzzy Hash: C91133B0C00248CFDB20DF9AD884BDEFBF8EB48310F208459D919A3200D379A940CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06758071 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • OleInitialize.OLE32(00000000), ref: 067580CD
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: Initialize
                                                            • String ID:
                                                            • API String ID: 2538663250-0
                                                            • Opcode ID: 43a99da9837ab5fbacee1a72d331bf11896ff0b6e718a89769061602db9f9bd9
                                                            • Instruction ID: fa3c8be9441b4392b92def793d0b3758258a6ee94a52c3b1586bac3795f206e6
                                                            • Opcode Fuzzy Hash: 43a99da9837ab5fbacee1a72d331bf11896ff0b6e718a89769061602db9f9bd9
                                                            • Instruction Fuzzy Hash: 9C1103B5C003488FDB20DFAAD845BDEFBF4EB48320F10855AD558A3200C779A584CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06757BA8 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,06757B85), ref: 06757C0F
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382806936.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6750000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: CallbackDispatcherUser
                                                            • String ID:
                                                            • API String ID: 2492992576-0
                                                            • Opcode ID: ec412a9015302efd8e84a49c720657c093d995e843e9228c9bce20dabe1077ef
                                                            • Instruction ID: 14a910290e20fc1a5e93e70674926e6156ae2921dc3b6e3744100aca603c920c
                                                            • Opcode Fuzzy Hash: ec412a9015302efd8e84a49c720657c093d995e843e9228c9bce20dabe1077ef
                                                            • Instruction Fuzzy Hash: 1A1136B18003488FDB20CF9AD844BDEFBF8EB48314F20845AD858A3340D378A544CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06764A89 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: \Oq
                                                            • API String ID: 0-643489707
                                                            • Opcode ID: b0e49a02d7d7af407e4ab4aa1e9bfbb22d2a0416ef0568c44e9be8353c39a209
                                                            • Instruction ID: da2373982a0204d1e66e5389dd80e45009aa5223d5ee3d74b4655a5ab4112db5
                                                            • Opcode Fuzzy Hash: b0e49a02d7d7af407e4ab4aa1e9bfbb22d2a0416ef0568c44e9be8353c39a209
                                                            • Instruction Fuzzy Hash: 25F0DA30A24119EBDB14DF95E8597AEBBB6FF44704F24412AF402A7294CFB45D05DB84
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676CF70 Relevance: .8, Instructions: 799COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 76d6439470fcbe479c80472694157988d3c34be8f11f80bd70f1e029fdff8d7a
                                                            • Instruction ID: 53d339ab90f4b10b59ce25b0f8e5f51f5940b59fcb928a13b9e0bf8b9dea85fa
                                                            • Opcode Fuzzy Hash: 76d6439470fcbe479c80472694157988d3c34be8f11f80bd70f1e029fdff8d7a
                                                            • Instruction Fuzzy Hash: A8625E30B102098FCB25EF69D5A0A5EB7F2FF84304B248A29D4559B355DBB5EC46CB81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676C1A8 Relevance: .6, Instructions: 637COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 857b37e69122ca008386a219c6e2bb2ffa93f792cbee8c94c3dc22c8842a24f1
                                                            • Instruction ID: 60f85a874b7e9dc22372f33987e03d9633d3900c1bf5b950b0e599c1f8a65bc2
                                                            • Opcode Fuzzy Hash: 857b37e69122ca008386a219c6e2bb2ffa93f792cbee8c94c3dc22c8842a24f1
                                                            • Instruction Fuzzy Hash: 4332A134B002099FDB55DF69D894BAEBBB2FB88310F208529E945EB355DB34EC41CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676B42C Relevance: .6, Instructions: 553COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7266ec0e1323feb6cfe66d1001f4872927a603d3d1bec38bf075bb9b681d6d3f
                                                            • Instruction ID: 909ea83d7567390323c9b3c2bb815842efe15048e9ddbb77e5dc1c0884b42171
                                                            • Opcode Fuzzy Hash: 7266ec0e1323feb6cfe66d1001f4872927a603d3d1bec38bf075bb9b681d6d3f
                                                            • Instruction Fuzzy Hash: C3126F70E102098FEF64DB6AD4947BDB7B6EB46710F248826F805EB391DA34DC918B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676ACF0 Relevance: .4, Instructions: 389COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2c494144bf88fb78da4258646344b5945fd93d5e9d8b9b77bd4807901ccb1652
                                                            • Instruction ID: ab4509d5569c35508f7a712716bde61479e7a1d20797153e6099cbd5f3d0ed72
                                                            • Opcode Fuzzy Hash: 2c494144bf88fb78da4258646344b5945fd93d5e9d8b9b77bd4807901ccb1652
                                                            • Instruction Fuzzy Hash: 68E18330E102099FDB69DF69D4906AEB7B2FF85300F20852AE806EB345DB74DC46CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06769170 Relevance: .2, Instructions: 230COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 791a39a16a40c04b346eaf3f298bcb49d2ba93e26b470dc93e35651ea53adb48
                                                            • Instruction ID: 1bd823daef4c0e980163f87ef5d197f13fa448d67827801752d9129eac72a95f
                                                            • Opcode Fuzzy Hash: 791a39a16a40c04b346eaf3f298bcb49d2ba93e26b470dc93e35651ea53adb48
                                                            • Instruction Fuzzy Hash: E4917134F5020A9FDB68DB79D8607AE77B7BF88300F108869D909AB344EE74DD518B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06766218 Relevance: .2, Instructions: 229COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 75f7d5f1bc8ab236d53c15358f2e3f2d581322c80411da384669713b368ff6a9
                                                            • Instruction ID: 3192e70d4cfdd366deeff4f1e977c92a51973a4be677f52b9d86b947503116a8
                                                            • Opcode Fuzzy Hash: 75f7d5f1bc8ab236d53c15358f2e3f2d581322c80411da384669713b368ff6a9
                                                            • Instruction Fuzzy Hash: 2761D671F001104FDF55DA7EC84066EBADBAFD4610B654439E80AEB365DEB5DD0287C2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067642D8 Relevance: .2, Instructions: 221COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 44e34556812230d5dcec2fe2a8b05f84795eea12733e53d458a9a15969f16006
                                                            • Instruction ID: 33c1eaa25234f96fe5f034cd35f076f181222c39d51a844701f0a50f0af18ebf
                                                            • Opcode Fuzzy Hash: 44e34556812230d5dcec2fe2a8b05f84795eea12733e53d458a9a15969f16006
                                                            • Instruction Fuzzy Hash: EB811C34B002099FDF54DF79C46466E7BE2BF89300F108929E809EB349DE74DC868B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067642E8 Relevance: .2, Instructions: 218COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c062cd7a090a66a3fed03665faee955260d9fcb83777a2c88373c06cdd706d03
                                                            • Instruction ID: 168bb4bde6897fbd2347bd5a8b6516b7ffdc7ee11376c5ba0b36447a3607a8ed
                                                            • Opcode Fuzzy Hash: c062cd7a090a66a3fed03665faee955260d9fcb83777a2c88373c06cdd706d03
                                                            • Instruction Fuzzy Hash: E5811B34B002099FDF54DF79D46466E7BE2BF89300F108829E90AEB349DE75DC968B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067645F4 Relevance: .2, Instructions: 214COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4ca0f151d4d15c634510eff65b15bf725a2ff2765d1fc17e2db0c14703f620b7
                                                            • Instruction ID: 1a63ef6335e3a9b3279ad03d1fa8b112de332baf49506371cf9feddbab11aa57
                                                            • Opcode Fuzzy Hash: 4ca0f151d4d15c634510eff65b15bf725a2ff2765d1fc17e2db0c14703f620b7
                                                            • Instruction Fuzzy Hash: C6911D30E106198FDF60DF69C890B9DB7B1FF85304F20C599E549AB285EB70AA85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06764608 Relevance: .2, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fb4c09d64cd08cc4bd4a5fb79d983f14fc48d7674252fb5488320f3ec36933c5
                                                            • Instruction ID: d033e6c0ef899b1f7a5087e96ab57c8bcdc3c060bce60a5a7ad2682218b8f703
                                                            • Opcode Fuzzy Hash: fb4c09d64cd08cc4bd4a5fb79d983f14fc48d7674252fb5488320f3ec36933c5
                                                            • Instruction Fuzzy Hash: 42911D30E106198BDF60DF69C890B9DB7B1FF89300F20C599E549AB385EB70A985CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676EF38 Relevance: .2, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9986666a9e45c0a9e8caf022e05c98a772d12bf3ed08cf5e29b1008fc91f36e3
                                                            • Instruction ID: 846f1f43b3c502242920674ddd8cdb7ebb0491c34aef966c3cbe67d72026ead5
                                                            • Opcode Fuzzy Hash: 9986666a9e45c0a9e8caf022e05c98a772d12bf3ed08cf5e29b1008fc91f36e3
                                                            • Instruction Fuzzy Hash: 8F714E74A002089FDB54DBA9D994AAEBBF6FF88300F148429E415EB355DB34EC46CB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676EF48 Relevance: .2, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 25bd038b77bc4cb8c14093875d265cd9f39b70d10b714ba72b01d0e83d92fb8d
                                                            • Instruction ID: 79a42ac7072b69d560a237a2e3782936965ee44dd5d0f247dc39c6ec80186577
                                                            • Opcode Fuzzy Hash: 25bd038b77bc4cb8c14093875d265cd9f39b70d10b714ba72b01d0e83d92fb8d
                                                            • Instruction Fuzzy Hash: 0C715E70A002089FDB54DFA9D994AAEBBF6FF84300F24842AE415EB355DB34ED46CB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676FCB8 Relevance: .2, Instructions: 171COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d1492f9b8886edcab6da64111bdc929d64faefb0bb500b854daa33832dfb4df9
                                                            • Instruction ID: ae9fbf0ea0e4730a9ad83f5eb48185a167d45281eaf442cff1447545d276baaa
                                                            • Opcode Fuzzy Hash: d1492f9b8886edcab6da64111bdc929d64faefb0bb500b854daa33832dfb4df9
                                                            • Instruction Fuzzy Hash: E951D031E002099FDB14AB79F8646ADBBB3FF85310F20886AE506D7251DF399855CB80
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676FA58 Relevance: .2, Instructions: 168COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8e2bf12cfc85d8a08e1da6cc2e569cbe5ea0f5061fba3878057234965264bb83
                                                            • Instruction ID: db3b457b95e25c6a11900dcf1b96b8cc4b1c6b36acb8b36cfe9379d0cb61594b
                                                            • Opcode Fuzzy Hash: 8e2bf12cfc85d8a08e1da6cc2e569cbe5ea0f5061fba3878057234965264bb83
                                                            • Instruction Fuzzy Hash: DE51D670B202088FEF605679E86477F356BE789750F10452AF80BC7795DABDCC8147A2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676FA68 Relevance: .2, Instructions: 163COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 77547878776ba2df20bc13bf62e7e6aa37d36dbaebe9e96d77037c31a6f483f6
                                                            • Instruction ID: c96855bda4e14b65534d0d3340d2796f4db66791694e08b955e8a6abb0ea1b51
                                                            • Opcode Fuzzy Hash: 77547878776ba2df20bc13bf62e7e6aa37d36dbaebe9e96d77037c31a6f483f6
                                                            • Instruction Fuzzy Hash: 1151C470B202088FEF605679E8A477F356BE789750F20452AF80BC7795DABDCC8147A2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06769161 Relevance: .2, Instructions: 156COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5976f12b668b99ff9cb85a359efe064b0bcc580bbef5719eeb0f589c1b967f4b
                                                            • Instruction ID: dfdd2b5ea1f4a44a962cb87492f037e279daa77052d8d129ea67ae00fbc1dfaa
                                                            • Opcode Fuzzy Hash: 5976f12b668b99ff9cb85a359efe064b0bcc580bbef5719eeb0f589c1b967f4b
                                                            • Instruction Fuzzy Hash: 80515034B401099FDB54DB79D860B6E77F6BB88340F108869D909E7384EE34DC518BA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067655D0 Relevance: .1, Instructions: 133COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a76c32f9428771b4fef3434e3fd37e12920213e7a04374b518c3db9827ab5a8d
                                                            • Instruction ID: 2da49816fa89a198e2521f1510f29a2e278bf02d681eb8e034e800aeff3eb1ad
                                                            • Opcode Fuzzy Hash: a76c32f9428771b4fef3434e3fd37e12920213e7a04374b518c3db9827ab5a8d
                                                            • Instruction Fuzzy Hash: 68418174E102058FEF70CFAAC480B7EBBB2EB45310F24C829E955DB291D635D842DB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06765460 Relevance: .1, Instructions: 126COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 029849c81e715d9b8b4884ecb6d82be0ca9c19f64db1392e36b48beaadefd10b
                                                            • Instruction ID: 2980ecc5ce3f31c33cd1270ac113f6ecf5a297902e7283aeba069f5974e9e947
                                                            • Opcode Fuzzy Hash: 029849c81e715d9b8b4884ecb6d82be0ca9c19f64db1392e36b48beaadefd10b
                                                            • Instruction Fuzzy Hash: 89414F31E006098FEF70CEAAD884ABEF7F3EB84210F10492AE556D7641D331E9959B90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676DAF8 Relevance: .1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eaad9e68b6b1e38b141d007d999b1f4870fbb3478737b108457e8bffe65b7ef8
                                                            • Instruction ID: dd166472e35d3744cf63547ec8cf5a0d85dcd3aa597a5f101604eca43111966f
                                                            • Opcode Fuzzy Hash: eaad9e68b6b1e38b141d007d999b1f4870fbb3478737b108457e8bffe65b7ef8
                                                            • Instruction Fuzzy Hash: 84417070F10209DFDB64DF66C8547AEBBB6BF85240F248529E816E7344EF749845CB81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676DAE5 Relevance: .1, Instructions: 113COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cf85af257997e80879d3c2d8dcf9bf9afad5acd4f663cce91b458d2b80f81f8f
                                                            • Instruction ID: 8173c5f8ff3da2a63cb5ba26ce8a17e0b30ccc6a446331909d042fb7771a6511
                                                            • Opcode Fuzzy Hash: cf85af257997e80879d3c2d8dcf9bf9afad5acd4f663cce91b458d2b80f81f8f
                                                            • Instruction Fuzzy Hash: 6D41AE30F20209DFDB25DF66D8846AEBBB6FF85300F14852AE806E7345EB749846CB41
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067621BD Relevance: .1, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aec2f66fbfd4c89ee0e2824a1f44bc5b6fa564965fbf706a6347bbd29390fbce
                                                            • Instruction ID: 50fcd9987b547d5174da8b288bff0ce0970c00460a4a443ed5b56aabfa7c96ab
                                                            • Opcode Fuzzy Hash: aec2f66fbfd4c89ee0e2824a1f44bc5b6fa564965fbf706a6347bbd29390fbce
                                                            • Instruction Fuzzy Hash: 69311230B002059FCB999B35C85877E7BA3BF85300B148529E806DB392DF39CD41CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067621D0 Relevance: .1, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8f5c1aef3b9284ea14080716dd9732bccd013b05fd8502cf279d475083cbc489
                                                            • Instruction ID: 69b6272b96151f85936a9fedfab9dc7232e919122897293ccb1214903049d4bd
                                                            • Opcode Fuzzy Hash: 8f5c1aef3b9284ea14080716dd9732bccd013b05fd8502cf279d475083cbc489
                                                            • Instruction Fuzzy Hash: 0031E130B102049FDB99AB75C85877E3AA7BF89640F144429E816DB396DF39CD41C7A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06762080 Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6fc75567d73a57a634f64872966e0dddc283630a887a25d752b64e211187a111
                                                            • Instruction ID: bde87872b28bef4f1c20f0b80682eeed2b94e445b754e0096a78a55bf1a09446
                                                            • Opcode Fuzzy Hash: 6fc75567d73a57a634f64872966e0dddc283630a887a25d752b64e211187a111
                                                            • Instruction Fuzzy Hash: AE31AE34E142059BCF59CF69D895AAEBBF2FF89300F108929E816E7741DB31AD42CB40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06762090 Relevance: .1, Instructions: 91COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a79e0c227c32cb9ed1c1fa375cf99e5796a56fbcc9d78f2964bacfe2d0888d7f
                                                            • Instruction ID: a92d5db2da9ca9e7a6b67ea3f3f9dd8a74faa8c8f42164f77f9193d47b9bad05
                                                            • Opcode Fuzzy Hash: a79e0c227c32cb9ed1c1fa375cf99e5796a56fbcc9d78f2964bacfe2d0888d7f
                                                            • Instruction Fuzzy Hash: 6A317E34E102099BCF59CF69D895AAEBBF2BF89300F108919E916E7351DB71ED42CB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06763EF0 Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a05adfc1756d1337337a5465dfaed68de7db8db8b4168aa01a194ed77b3bd4d1
                                                            • Instruction ID: 3ea18195aced79c5656bae0c4bde9bbce95a7efadc5663c56108c109c5a534a3
                                                            • Opcode Fuzzy Hash: a05adfc1756d1337337a5465dfaed68de7db8db8b4168aa01a194ed77b3bd4d1
                                                            • Instruction Fuzzy Hash: 27215A75E012199FDB40DF6AD890AEEBBF1BB48310F108465E905E7350E731D841CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06763EE1 Relevance: .1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 22807c5eee0d5b60530387aac317f4a6edd19ecce288427a5c3b2e6e3cf24584
                                                            • Instruction ID: e7490ba2801e9d22a04aa94c91fc9dd4de4fc95a68ff88412cd5c726ef8e7970
                                                            • Opcode Fuzzy Hash: 22807c5eee0d5b60530387aac317f4a6edd19ecce288427a5c3b2e6e3cf24584
                                                            • Instruction Fuzzy Hash: EE217775E002099FDB01DFB9D894AAEBBB1BB88310F00846AF904EB394E730D851CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676A328 Relevance: .1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6afdbe1d39df18cdcb72d83579ffcdf6c63635ef62ebf2be6b432588b7e1ab44
                                                            • Instruction ID: 1eb6acd2cda96d2e1e563d822cf228ba5bfb6e6a30888b20ade63b6993850f4e
                                                            • Opcode Fuzzy Hash: 6afdbe1d39df18cdcb72d83579ffcdf6c63635ef62ebf2be6b432588b7e1ab44
                                                            • Instruction Fuzzy Hash: 6E218171B102145FDB61DA7ED85176E77E6FB89320F10883AF90ADB350EB25DC428B81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06766D30 Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3584d0dc2c3083f92fa3a858a78f8a27e29ba54a524b1dfe009e334d67fd5dea
                                                            • Instruction ID: fc3c4f5154870ef27d747dd6f74b242459bd05fefda4791ecfff67404572c0ac
                                                            • Opcode Fuzzy Hash: 3584d0dc2c3083f92fa3a858a78f8a27e29ba54a524b1dfe009e334d67fd5dea
                                                            • Instruction Fuzzy Hash: B321D130B101089FCF58DB69E964AAEBBB3EB84350F248439E905EB341DB319C518BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00FED044 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1372123399.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_fed000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c40d334573de7f5209513eab9614a45039067ad70ce84151a9482da969af51f5
                                                            • Instruction ID: ac93c06c2b65151acc47d16ead23ba7a038033797544beb09462ea218a0917d5
                                                            • Opcode Fuzzy Hash: c40d334573de7f5209513eab9614a45039067ad70ce84151a9482da969af51f5
                                                            • Instruction Fuzzy Hash: 15214971504384DFDB14DF10C9C0B16BB65FB84324F24C56DE9490B696C73AD847EB62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06766D40 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e171b12209b05ce68b0ddbd9d85501dda65e9aaf5d9ea95d1d485d5fc0fe9bff
                                                            • Instruction ID: 45307de6e50242e5861497d322734e1ffd19fd5e101e3557d83f009ca0254fe6
                                                            • Opcode Fuzzy Hash: e171b12209b05ce68b0ddbd9d85501dda65e9aaf5d9ea95d1d485d5fc0fe9bff
                                                            • Instruction Fuzzy Hash: 5D21A230B101189FDF58DA6AE964AAEBBB7EB84350F208429E905DB345DB32DC518BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06763491 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bd5efe59edb0e3824910f158bbb8fe92958b072ba6f9e41f9b8d56987b2b4c30
                                                            • Instruction ID: f7374a6f56765db481643d63d1b533654c7f6276f6c63be49b4d8ee57af797fb
                                                            • Opcode Fuzzy Hash: bd5efe59edb0e3824910f158bbb8fe92958b072ba6f9e41f9b8d56987b2b4c30
                                                            • Instruction Fuzzy Hash: BB217571E002248FCF54DB79D8406EDBBF5EF89310F14956AE516E7241EA35C981CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06765453 Relevance: .1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d567e76120d1e395a906f5093ae93196d5b356dca1a74eb1c2e5662a4480141a
                                                            • Instruction ID: 24a193a6a6fe9d5d56b2bf0e2f3ce2aed0726e128860102b452c2adf729c69ee
                                                            • Opcode Fuzzy Hash: d567e76120d1e395a906f5093ae93196d5b356dca1a74eb1c2e5662a4480141a
                                                            • Instruction Fuzzy Hash: 48117F71A007059BDB20CFE9D9C5AAFFBF3BB44200F108929E55597640D771A8458B90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06764000 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ee520f9f3170163ddfc3573d7467d62d8b9c1a57ac58b7f33231ad9591ebe02d
                                                            • Instruction ID: d257201c2f8beb073b7c9caff8ab75c5b82cd0d12bd61f2dced0a3a86e0069cf
                                                            • Opcode Fuzzy Hash: ee520f9f3170163ddfc3573d7467d62d8b9c1a57ac58b7f33231ad9591ebe02d
                                                            • Instruction Fuzzy Hash: 3D118E35B101289FCB64DA69D8246BF77EBBBC8311B00C979E906E7344EE66DC0287D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06764237 Relevance: .1, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9ef37caad481a08f8ec727ae5fff5dd4689aa74253f4184d931a1a213ce49dbd
                                                            • Instruction ID: 25a8a0772baf403d9059cfdf049033433e6e6f19333801837b8d2b717dbbe16c
                                                            • Opcode Fuzzy Hash: 9ef37caad481a08f8ec727ae5fff5dd4689aa74253f4184d931a1a213ce49dbd
                                                            • Instruction Fuzzy Hash: A001F135B101100FDB61DABD9810B3BABD6EBC9720F24C83AF40EC7348DA65CC424791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06763CBB Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa06321e645b356853379941c4980487d3dfe950e4c6e598e285b4f9efe3d46e
                                                            • Instruction ID: 7b4e57d6ecf1f7f0f982de1955449541f1c32c9197c3dedf54eef3cc2a61425c
                                                            • Opcode Fuzzy Hash: fa06321e645b356853379941c4980487d3dfe950e4c6e598e285b4f9efe3d46e
                                                            • Instruction Fuzzy Hash: 3321D3B5D01259AFDB10DF9AD885BDEFBB4FB49310F10852AE918A7301C378A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00FED03F Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1372123399.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_fed000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction ID: b1b7916d77aec8e649d91aea1ac5ee64810cc7e5fc99360efb6729936438bac3
                                                            • Opcode Fuzzy Hash: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction Fuzzy Hash: E311DD75904284CFDB15CF10C9C4B15BFA2FB84324F28C6AAD8494B696C33AD84ADF62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06763CC0 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f64834edf106101dbb08424255e0dd47609615e19d78981f7375ae05fc517410
                                                            • Instruction ID: 0070b93d5f4649c6741b5129e33c41da986fb9289c7e113dc2a7912cc6236bc5
                                                            • Opcode Fuzzy Hash: f64834edf106101dbb08424255e0dd47609615e19d78981f7375ae05fc517410
                                                            • Instruction Fuzzy Hash: 9C11D3B5D01259AFDB10CF9AD884BDEFBB4FB49310F10812AE918A7200C378A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676F1B9 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 759fc4d123ed7ed85e355c90397d0dd3a0a562a322bbbc9d3858a51267d267b0
                                                            • Instruction ID: b4928591b557a913587a7caced4d1d174e4cdfdfc62c9d8f13ffe60374665d37
                                                            • Opcode Fuzzy Hash: 759fc4d123ed7ed85e355c90397d0dd3a0a562a322bbbc9d3858a51267d267b0
                                                            • Instruction Fuzzy Hash: 4801D435B101940BDF66D6BDA855B3E7BD6EBC9214F14883AF90AC7341DA59CC438B81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06764248 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1cb8878f13d501f707c08f671f83366097061d22fd49cf7a6edc029b6b5b50f2
                                                            • Instruction ID: b533f41c02ab2b1f3c058aa3666b52ae84d223091676ad567ad458f9470e403e
                                                            • Opcode Fuzzy Hash: 1cb8878f13d501f707c08f671f83366097061d22fd49cf7a6edc029b6b5b50f2
                                                            • Instruction Fuzzy Hash: AC014B35B101100FDBA5DABE9815B2EA6DAEBC9720F20C829F50AC7388DA65DC424791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06763FF1 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dc4f4d3c1a3004982dc669ae2e5e831826b3a4044e9cac45b04d2c833716feff
                                                            • Instruction ID: b7869e8cc96813f067c99513f06d8787aac96c6c9f70ef155dd983f9b6434588
                                                            • Opcode Fuzzy Hash: dc4f4d3c1a3004982dc669ae2e5e831826b3a4044e9cac45b04d2c833716feff
                                                            • Instruction Fuzzy Hash: 2701D436B201244BDB659A6998246BF77E7ABD8311F00847AE546D7344EE21C81283D2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676F1C8 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d8e24d34067958efc747fc8dc64d65642387216eafa896b5eda53698459ea3c8
                                                            • Instruction ID: d747e187c96d16f873988f02b3d549f9a6853cf30976e402e72b809fdd31394d
                                                            • Opcode Fuzzy Hash: d8e24d34067958efc747fc8dc64d65642387216eafa896b5eda53698459ea3c8
                                                            • Instruction Fuzzy Hash: 18016D35B101500BDB65D57DE855B3E66D7EBC9664F10883AF50AC7340DE69DC438B81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676A338 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ffe8c00ca089be642a0aacdbb49e8ce4092dd504f95358ca756a61dfc59ec365
                                                            • Instruction ID: 44a61325485cbe1992d8bfdd441d54485ea6861810d5554fed7efc178f6593f8
                                                            • Opcode Fuzzy Hash: ffe8c00ca089be642a0aacdbb49e8ce4092dd504f95358ca756a61dfc59ec365
                                                            • Instruction Fuzzy Hash: D101A430B101141FDB65EA7ED865B2E77D6EB89720F108839F50AD7350EE25EC4247C1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676FCA8 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d3dab3e9c57ac1bd40384eab42ee47c99a956020c1e264d4542f26ea6ef061a2
                                                            • Instruction ID: 7cd9aa5151b036f55ee9d12f168e3a4f189196a97b1b23a4ba6f9a592f8018b5
                                                            • Opcode Fuzzy Hash: d3dab3e9c57ac1bd40384eab42ee47c99a956020c1e264d4542f26ea6ef061a2
                                                            • Instruction Fuzzy Hash: C0F05932F112149FCF589AB9F8556AE7BB2EBC9120F20447AE90AD7340DA34AC0187E0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676C7F0 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ed1cd4650e5114a7467bc4253400b45d8a831d5ae5a2505f6235e360aba48c04
                                                            • Instruction ID: 5b22dde465a26f90f694458e22bcf82e64624e25f03ad6a98f2171850b33779a
                                                            • Opcode Fuzzy Hash: ed1cd4650e5114a7467bc4253400b45d8a831d5ae5a2505f6235e360aba48c04
                                                            • Instruction Fuzzy Hash: E9F02436A2022496CF259AAAE85099E7735E784328F00852AED20F7284DB719900C7C0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0676C800 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c4e039a18a56116d525ac28c99feb53d3d8c3e1751e25497d59dca448e34cd5c
                                                            • Instruction ID: 597637157b45d48338ef92345da1135c899ce77cd1d0e354b4657c42b0c2d5d6
                                                            • Opcode Fuzzy Hash: c4e039a18a56116d525ac28c99feb53d3d8c3e1751e25497d59dca448e34cd5c
                                                            • Instruction Fuzzy Hash: 40F0A032E20228ABDF69996AE8549ABB379E784358F108429ED11E7644DB71AC00CBC0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067682E7 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 050bcbea5ca94ecfe64d7a4df3120537df3c21b6c3125e92332f12f54c0a8ac0
                                                            • Instruction ID: 28e9f9ba850cb75c957b57b2cd30809c2dc1e83219a04d609d1e48ad0699689f
                                                            • Opcode Fuzzy Hash: 050bcbea5ca94ecfe64d7a4df3120537df3c21b6c3125e92332f12f54c0a8ac0
                                                            • Instruction Fuzzy Hash: 5AF08C35E10108DFEF699EB7EA542BCBBB1EB44351F988461FC01E7150D3349986CBA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06766499 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dea45c058b7b5e694c30ff34c355b6bc782616fc3cf1c6f824c57e6f0d88d159
                                                            • Instruction ID: c5430cd66f204ed9ab8a27578743247656874c5f8396770bc931c0a6a60c0779
                                                            • Opcode Fuzzy Hash: dea45c058b7b5e694c30ff34c355b6bc782616fc3cf1c6f824c57e6f0d88d159
                                                            • Instruction Fuzzy Hash: 43E04871D150049BDF90CFA5C7867AA7764EF01304F2049A5DC18CB745E276DA158BC1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 067664A8 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1382938975.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_6760000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aa7df43069f4203da05d250a6f0a659b630bf7d5debaeb635d7f36b9fe4fc970
                                                            • Instruction ID: dac633b800079d84aa6a087702b952372cdb0e4f18a0c7eac931efe7141b7089
                                                            • Opcode Fuzzy Hash: aa7df43069f4203da05d250a6f0a659b630bf7d5debaeb635d7f36b9fe4fc970
                                                            • Instruction Fuzzy Hash: 8DE01271E15108ABDF90DEB6DA5576A7BADD701214F6088A5EC08C7341E2B6DF058BC1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:11.6%
                                                            Dynamic/Decrypted Code Coverage:99.2%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:367
                                                            Total number of Limit Nodes:13
                                                            execution_graph 45395 f5d1b4 45396 f5d1cc 45395->45396 45397 f5d226 45396->45397 45402 52f1f78 45396->45402 45407 52f2cf8 45396->45407 45412 52f2ce8 45396->45412 45417 52f1f88 45396->45417 45403 52f1f87 45402->45403 45405 52f2ce8 2 API calls 45403->45405 45406 52f2cf8 2 API calls 45403->45406 45404 52f1fcf 45404->45397 45405->45404 45406->45404 45409 52f2d25 45407->45409 45408 52f2d57 45409->45408 45422 52f2e70 45409->45422 45427 52f2e80 45409->45427 45414 52f2cf8 45412->45414 45413 52f2d57 45414->45413 45415 52f2e70 2 API calls 45414->45415 45416 52f2e80 2 API calls 45414->45416 45415->45413 45416->45413 45418 52f1fae 45417->45418 45420 52f2ce8 2 API calls 45418->45420 45421 52f2cf8 2 API calls 45418->45421 45419 52f1fcf 45419->45397 45420->45419 45421->45419 45423 52f2e80 45422->45423 45432 52f2f28 45423->45432 45436 52f2f38 45423->45436 45424 52f2f20 45424->45408 45429 52f2e94 45427->45429 45428 52f2f20 45428->45408 45430 52f2f28 2 API calls 45429->45430 45431 52f2f38 2 API calls 45429->45431 45430->45428 45431->45428 45433 52f2f38 45432->45433 45434 52f2f49 45433->45434 45439 52f44f1 45433->45439 45434->45424 45437 52f2f49 45436->45437 45438 52f44f1 2 API calls 45436->45438 45437->45424 45438->45437 45443 52f4520 45439->45443 45447 52f4510 45439->45447 45440 52f450a 45440->45434 45444 52f4562 45443->45444 45446 52f4569 45443->45446 45445 52f45ba CallWindowProcW 45444->45445 45444->45446 45445->45446 45446->45440 45448 52f4520 45447->45448 45449 52f45ba CallWindowProcW 45448->45449 45450 52f4569 45448->45450 45449->45450 45450->45440 45222 52f7a29 45226 52f7a37 45222->45226 45223 52f7d3a 45225 52f7d72 45223->45225 45227 52f7d43 45223->45227 45224 52f7d6a 45230 51c73b4 2 API calls 45224->45230 45240 51c8868 45224->45240 45228 52f7d73 45225->45228 45233 51c8868 2 API calls 45225->45233 45234 51c73b4 2 API calls 45225->45234 45226->45223 45226->45224 45226->45227 45227->45228 45231 51c8868 2 API calls 45227->45231 45235 51c73b4 45227->45235 45230->45225 45231->45228 45233->45228 45234->45228 45237 51c73bf 45235->45237 45236 51c8b69 45236->45228 45237->45236 45245 51cd2b8 45237->45245 45250 51cd2a8 45237->45250 45241 51c88a3 45240->45241 45242 51c8b69 45241->45242 45243 51cd2b8 2 API calls 45241->45243 45244 51cd2a8 2 API calls 45241->45244 45242->45225 45243->45242 45244->45242 45246 51cd2d9 45245->45246 45247 51cd2fd 45246->45247 45255 51cd468 45246->45255 45259 51cd462 45246->45259 45247->45236 45251 51cd2b6 45250->45251 45252 51cd2fd 45251->45252 45253 51cd468 2 API calls 45251->45253 45254 51cd462 2 API calls 45251->45254 45252->45236 45253->45252 45254->45252 45258 51cd475 45255->45258 45256 51cd4af 45256->45247 45258->45256 45263 51cc020 45258->45263 45260 51cd475 45259->45260 45261 51cd4af 45260->45261 45262 51cc020 2 API calls 45260->45262 45261->45247 45262->45261 45264 51cc02b 45263->45264 45266 51ce1c8 45264->45266 45267 51cd81c 45264->45267 45266->45266 45268 51cd827 45267->45268 45269 51c73b4 2 API calls 45268->45269 45270 51ce237 45269->45270 45274 52f0040 45270->45274 45280 52f0006 45270->45280 45271 51ce271 45271->45266 45276 52f0071 45274->45276 45277 52f0171 45274->45277 45275 52f007d 45275->45271 45276->45275 45285 52f0e88 45276->45285 45290 52f0e98 45276->45290 45277->45271 45282 52f0016 45280->45282 45281 52f007d 45281->45271 45282->45281 45283 52f0e88 2 API calls 45282->45283 45284 52f0e98 2 API calls 45282->45284 45283->45281 45284->45281 45286 52f0ec3 45285->45286 45287 52f0f72 45286->45287 45295 52f1d71 45286->45295 45299 52f1d80 45286->45299 45291 52f0ec3 45290->45291 45292 52f0f72 45291->45292 45293 52f1d71 2 API calls 45291->45293 45294 52f1d80 2 API calls 45291->45294 45293->45292 45294->45292 45303 52f1dc4 45295->45303 45307 52f1dd0 45295->45307 45300 52f1db5 45299->45300 45301 52f1dc4 CreateWindowExW 45299->45301 45302 52f1dd0 CreateWindowExW 45299->45302 45300->45287 45301->45300 45302->45300 45304 52f1dd0 CreateWindowExW 45303->45304 45306 52f1ef4 45304->45306 45308 52f1e38 CreateWindowExW 45307->45308 45310 52f1ef4 45308->45310 45310->45310 45484 2d2833b 45485 2d2829c 45484->45485 45486 2d282ac 45484->45486 45485->45486 45490 2d2a578 45485->45490 45507 2d2a588 45485->45507 45524 2d2a5ee 45485->45524 45491 2d2a5a2 45490->45491 45492 2d2a5aa 45491->45492 45542 2d2af8a 45491->45542 45547 2d2b0ea 45491->45547 45552 2d2ad0a 45491->45552 45557 2d2af07 45491->45557 45562 2d2acbe 45491->45562 45566 2d2abb9 45491->45566 45571 2d2ab39 45491->45571 45576 2d2aa38 45491->45576 45580 2d2ad9b 45491->45580 45584 2d2aff4 45491->45584 45589 2d2afd0 45491->45589 45594 2d2b153 45491->45594 45598 2d2aa8d 45491->45598 45603 2d2aaef 45491->45603 45492->45486 45508 2d2a5a2 45507->45508 45509 2d2b153 2 API calls 45508->45509 45510 2d2afd0 2 API calls 45508->45510 45511 2d2a5aa 45508->45511 45512 2d2aff4 2 API calls 45508->45512 45513 2d2ad9b 2 API calls 45508->45513 45514 2d2aa38 2 API calls 45508->45514 45515 2d2ab39 2 API calls 45508->45515 45516 2d2abb9 2 API calls 45508->45516 45517 2d2acbe 2 API calls 45508->45517 45518 2d2af07 2 API calls 45508->45518 45519 2d2ad0a 2 API calls 45508->45519 45520 2d2b0ea 2 API calls 45508->45520 45521 2d2af8a 2 API calls 45508->45521 45522 2d2aaef 2 API calls 45508->45522 45523 2d2aa8d 2 API calls 45508->45523 45509->45511 45510->45511 45511->45486 45512->45511 45513->45511 45514->45511 45515->45511 45516->45511 45517->45511 45518->45511 45519->45511 45520->45511 45521->45511 45522->45511 45523->45511 45525 2d2a57c 45524->45525 45527 2d2a5f1 45524->45527 45526 2d2a5aa 45525->45526 45528 2d2b153 2 API calls 45525->45528 45529 2d2afd0 2 API calls 45525->45529 45530 2d2aff4 2 API calls 45525->45530 45531 2d2ad9b 2 API calls 45525->45531 45532 2d2aa38 2 API calls 45525->45532 45533 2d2ab39 2 API calls 45525->45533 45534 2d2abb9 2 API calls 45525->45534 45535 2d2acbe 2 API calls 45525->45535 45536 2d2af07 2 API calls 45525->45536 45537 2d2ad0a 2 API calls 45525->45537 45538 2d2b0ea 2 API calls 45525->45538 45539 2d2af8a 2 API calls 45525->45539 45540 2d2aaef 2 API calls 45525->45540 45541 2d2aa8d 2 API calls 45525->45541 45526->45486 45527->45486 45528->45526 45529->45526 45530->45526 45531->45526 45532->45526 45533->45526 45534->45526 45535->45526 45536->45526 45537->45526 45538->45526 45539->45526 45540->45526 45541->45526 45543 2d2aa99 45542->45543 45607 2d27920 45543->45607 45611 2d27918 45543->45611 45544 2d2b28d 45548 2d2b3ee 45547->45548 45615 2d27410 45548->45615 45619 2d2740a 45548->45619 45549 2d2b409 45553 2d2ad2b 45552->45553 45623 2d2b780 45553->45623 45628 2d2b770 45553->45628 45554 2d2ad3e 45554->45492 45558 2d2af0d 45557->45558 45641 2d279e0 45558->45641 45645 2d279da 45558->45645 45559 2d2af3f 45559->45492 45564 2d279e0 WriteProcessMemory 45562->45564 45565 2d279da WriteProcessMemory 45562->45565 45563 2d2ace2 45563->45492 45564->45563 45565->45563 45567 2d2aa99 45566->45567 45569 2d27920 VirtualAllocEx 45567->45569 45570 2d27918 VirtualAllocEx 45567->45570 45568 2d2b28d 45569->45568 45570->45568 45572 2d2ab46 45571->45572 45574 2d2b780 2 API calls 45572->45574 45575 2d2b770 2 API calls 45572->45575 45573 2d2ad3e 45573->45492 45574->45573 45575->45573 45649 2d27c68 45576->45649 45653 2d27c5c 45576->45653 45577 2d2aa6e 45657 2d27ad0 45580->45657 45661 2d27ac9 45580->45661 45581 2d2add7 45585 2d2af1e 45584->45585 45586 2d2af3f 45584->45586 45587 2d279e0 WriteProcessMemory 45585->45587 45588 2d279da WriteProcessMemory 45585->45588 45586->45492 45587->45586 45588->45586 45590 2d2aa99 45589->45590 45592 2d27920 VirtualAllocEx 45590->45592 45593 2d27918 VirtualAllocEx 45590->45593 45591 2d2b28d 45592->45591 45593->45591 45596 2d27410 Wow64SetThreadContext 45594->45596 45597 2d2740a Wow64SetThreadContext 45594->45597 45595 2d2b16d 45596->45595 45597->45595 45599 2d2aa99 45598->45599 45601 2d27920 VirtualAllocEx 45599->45601 45602 2d27918 VirtualAllocEx 45599->45602 45600 2d2b28d 45601->45600 45602->45600 45605 2d279e0 WriteProcessMemory 45603->45605 45606 2d279da WriteProcessMemory 45603->45606 45604 2d2ab1d 45604->45492 45605->45604 45606->45604 45608 2d27960 VirtualAllocEx 45607->45608 45610 2d2799d 45608->45610 45610->45544 45612 2d27960 VirtualAllocEx 45611->45612 45614 2d2799d 45612->45614 45614->45544 45616 2d27455 Wow64SetThreadContext 45615->45616 45618 2d2749d 45616->45618 45618->45549 45620 2d27455 Wow64SetThreadContext 45619->45620 45622 2d2749d 45620->45622 45622->45549 45624 2d2b795 45623->45624 45633 2d27360 45624->45633 45637 2d2735a 45624->45637 45625 2d2b7a8 45625->45554 45629 2d2b795 45628->45629 45631 2d27360 ResumeThread 45629->45631 45632 2d2735a ResumeThread 45629->45632 45630 2d2b7a8 45630->45554 45631->45630 45632->45630 45634 2d273a0 ResumeThread 45633->45634 45636 2d273d1 45634->45636 45636->45625 45638 2d27360 ResumeThread 45637->45638 45640 2d273d1 45638->45640 45640->45625 45642 2d27a28 WriteProcessMemory 45641->45642 45644 2d27a7f 45642->45644 45644->45559 45646 2d279e0 WriteProcessMemory 45645->45646 45648 2d27a7f 45646->45648 45648->45559 45650 2d27cf1 45649->45650 45650->45650 45651 2d27e56 CreateProcessA 45650->45651 45652 2d27eb3 45651->45652 45652->45652 45654 2d27c68 CreateProcessA 45653->45654 45656 2d27eb3 45654->45656 45656->45656 45658 2d27b1b ReadProcessMemory 45657->45658 45660 2d27b5f 45658->45660 45660->45581 45662 2d27ad0 ReadProcessMemory 45661->45662 45664 2d27b5f 45662->45664 45664->45581 45311 51cb210 45312 51cb21f 45311->45312 45314 51cb2f9 45311->45314 45315 51cb302 45314->45315 45316 51cb2b2 45314->45316 45317 51cb33c 45315->45317 45323 51cb5a0 45315->45323 45327 51cb591 45315->45327 45316->45312 45317->45312 45318 51cb334 45318->45317 45319 51cb540 GetModuleHandleW 45318->45319 45320 51cb56d 45319->45320 45320->45312 45324 51cb5b4 45323->45324 45326 51cb5d9 45324->45326 45331 51ca690 45324->45331 45326->45318 45328 51cb5b4 45327->45328 45329 51ca690 LoadLibraryExW 45328->45329 45330 51cb5d9 45328->45330 45329->45330 45330->45318 45332 51cb760 LoadLibraryExW 45331->45332 45334 51cb7d9 45332->45334 45334->45326 45362 51c7832 45363 51c78b9 45362->45363 45365 51c783a 45362->45365 45364 51c78ba 45363->45364 45367 51c7384 2 API calls 45363->45367 45374 51c78f7 45363->45374 45378 51c7906 45363->45378 45370 51c7384 45365->45370 45367->45364 45371 51c738f 45370->45371 45372 51c73b4 2 API calls 45371->45372 45373 51c79ad 45372->45373 45373->45364 45375 51c78fb 45374->45375 45375->45364 45376 51c73b4 2 API calls 45375->45376 45377 51c79ad 45376->45377 45377->45364 45379 51c791f 45378->45379 45380 51c73b4 2 API calls 45379->45380 45381 51c79ad 45380->45381 45381->45364 45477 2d2b808 45478 2d2b993 45477->45478 45480 2d2b82e 45477->45480 45480->45478 45481 2d28eb4 45480->45481 45482 2d2ba88 PostMessageW 45481->45482 45483 2d2baf4 45482->45483 45483->45480 45335 51cd580 45336 51cd5c6 45335->45336 45337 51cd6b3 45336->45337 45340 51cdb58 45336->45340 45343 51cdb68 45336->45343 45346 51cd7bc 45340->45346 45344 51cdb96 45343->45344 45345 51cd7bc DuplicateHandle 45343->45345 45344->45337 45345->45344 45347 51cdbd0 DuplicateHandle 45346->45347 45348 51cdb96 45347->45348 45348->45337 45665 51c49e0 45666 51c49e9 45665->45666 45667 51c49ef 45666->45667 45671 51c4ad8 45666->45671 45676 51c4434 45667->45676 45669 51c4a0a 45672 51c4afd 45671->45672 45680 51c4ff0 45672->45680 45684 51c4fe1 45672->45684 45677 51c443f 45676->45677 45692 51c7304 45677->45692 45679 51c773d 45679->45669 45682 51c5017 45680->45682 45681 51c50f4 45681->45681 45682->45681 45688 51c4c5c 45682->45688 45685 51c4fef 45684->45685 45686 51c50f4 45685->45686 45687 51c4c5c CreateActCtxA 45685->45687 45687->45686 45689 51c6080 CreateActCtxA 45688->45689 45691 51c6143 45689->45691 45693 51c730f 45692->45693 45696 51c7354 45693->45696 45695 51c77dd 45695->45679 45697 51c735f 45696->45697 45698 51c7384 2 API calls 45697->45698 45699 51c78ba 45698->45699 45699->45695 45349 52f7131 45354 52f713b 45349->45354 45350 52f7d3a 45352 52f7d72 45350->45352 45353 52f7d43 45350->45353 45351 52f7d6a 45360 51c8868 2 API calls 45351->45360 45361 51c73b4 2 API calls 45351->45361 45355 52f7d73 45352->45355 45356 51c8868 2 API calls 45352->45356 45357 51c73b4 2 API calls 45352->45357 45353->45355 45358 51c8868 2 API calls 45353->45358 45359 51c73b4 2 API calls 45353->45359 45354->45350 45354->45351 45354->45353 45356->45355 45357->45355 45358->45355 45359->45355 45360->45352 45361->45352 45700 52f7050 45701 52f705a 45700->45701 45702 52f6bc0 2 API calls 45701->45702 45703 52f7063 45702->45703 45704 52f6fd0 45703->45704 45707 52f7cb9 45703->45707 45718 52f6bc0 45704->45718 45705 52f7d6a 45712 51c8868 2 API calls 45705->45712 45713 51c73b4 2 API calls 45705->45713 45706 52f7d72 45711 52f7d73 45706->45711 45716 51c8868 2 API calls 45706->45716 45717 51c73b4 2 API calls 45706->45717 45707->45705 45708 52f7d43 45707->45708 45709 52f7d3a 45707->45709 45708->45711 45714 51c8868 2 API calls 45708->45714 45715 51c73b4 2 API calls 45708->45715 45709->45706 45709->45708 45712->45706 45713->45706 45714->45711 45715->45711 45716->45711 45717->45711 45719 52f6bcb 45718->45719 45721 51c8868 2 API calls 45719->45721 45722 51c73b4 2 API calls 45719->45722 45720 52f7d73 45720->45704 45721->45720 45722->45720

                                                            Executed Functions

                                                            Function 089A5028 Relevance: 3.9, Strings: 3, Instructions: 157COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 156 89a5028-89a5059 157 89a505b 156->157 158 89a5060-89a5085 156->158 157->158 159 89a508c-89a5098 158->159 160 89a5087 158->160 161 89a509b 159->161 160->159 162 89a50a2-89a50be 161->162 163 89a50c0 162->163 164 89a50c7-89a50c8 162->164 163->161 163->164 165 89a523a-89a523e 163->165 166 89a51aa-89a51c1 163->166 167 89a515a-89a5161 163->167 168 89a51fb-89a51fe 163->168 169 89a521e-89a5235 163->169 170 89a50cd-89a50ee 163->170 171 89a511d-89a513b 163->171 172 89a50f0-89a50f4 163->172 173 89a5140-89a5155 163->173 174 89a51c6-89a51d0 163->174 164->165 166->162 175 89a5168-89a51a5 167->175 176 89a5163 167->176 185 89a5201 call 89a5280 168->185 186 89a5201 call 89a5270 168->186 169->162 170->162 171->162 179 89a50f6-89a5105 172->179 180 89a5107-89a510e 172->180 173->162 177 89a51d2 174->177 178 89a51d7-89a51f6 174->178 175->162 176->175 177->178 178->162 182 89a5115-89a511b 179->182 180->182 182->162 183 89a5207-89a5219 183->162 185->183 186->183
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 7Z/t$RWIK$[[bb
                                                            • API String ID: 0-1157992699
                                                            • Opcode ID: 8fa6c9047fdd19139ee50dde83eca725b4904f0227fd6ccbb5c27c79d3a05689
                                                            • Instruction ID: f183259df1f769d6a972d233f2434ccc789476ec8d56415b3ea1b49393ea7875
                                                            • Opcode Fuzzy Hash: 8fa6c9047fdd19139ee50dde83eca725b4904f0227fd6ccbb5c27c79d3a05689
                                                            • Instruction Fuzzy Hash: DA512970E0421ACFCB08DFAAC5815AEFFF2EF89311F15D46AE519A7254D7348A428F94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A5038 Relevance: 3.9, Strings: 3, Instructions: 155COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 187 89a5038-89a5059 188 89a505b 187->188 189 89a5060-89a5085 187->189 188->189 190 89a508c-89a5098 189->190 191 89a5087 189->191 192 89a509b 190->192 191->190 193 89a50a2-89a50be 192->193 194 89a50c0 193->194 195 89a50c7-89a50c8 193->195 194->192 194->195 196 89a523a-89a523e 194->196 197 89a51aa-89a51c1 194->197 198 89a515a-89a5161 194->198 199 89a51fb-89a51fe 194->199 200 89a521e-89a5235 194->200 201 89a50cd-89a50ee 194->201 202 89a511d-89a513b 194->202 203 89a50f0-89a50f4 194->203 204 89a5140-89a5155 194->204 205 89a51c6-89a51d0 194->205 195->196 197->193 206 89a5168-89a51a5 198->206 207 89a5163 198->207 216 89a5201 call 89a5280 199->216 217 89a5201 call 89a5270 199->217 200->193 201->193 202->193 210 89a50f6-89a5105 203->210 211 89a5107-89a510e 203->211 204->193 208 89a51d2 205->208 209 89a51d7-89a51f6 205->209 206->193 207->206 208->209 209->193 213 89a5115-89a511b 210->213 211->213 213->193 214 89a5207-89a5219 214->193 216->214 217->214
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 7Z/t$RWIK$[[bb
                                                            • API String ID: 0-1157992699
                                                            • Opcode ID: 81c7821dba02c725985c18fab4916eb37fc633c495eba2b879053c04737d8f08
                                                            • Instruction ID: d07f9deb65fc55b806ce2c317f6b55035db3e18bc62f8b5e74b04e49cd8ea9a0
                                                            • Opcode Fuzzy Hash: 81c7821dba02c725985c18fab4916eb37fc633c495eba2b879053c04737d8f08
                                                            • Instruction Fuzzy Hash: 41511870E0421ACFCB08DFAAC5805AEFBF2FF88301F15D42AD51AA7254D7349A418F94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A6860 Relevance: 1.6, Strings: 1, Instructions: 341COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 491 89a6860-89a6975 516 89a697c-89a69b8 491->516 517 89a6977 491->517 587 89a69ba call 89a6f90 516->587 588 89a69ba call 89a6f81 516->588 517->516 519 89a69c0 520 89a69c7-89a69e3 519->520 521 89a69ec-89a69ed 520->521 522 89a69e5 520->522 535 89a6d7c-89a6d8f 521->535 537 89a69f2-89a6a09 521->537 522->519 523 89a6b1a-89a6b26 522->523 524 89a6c18-89a6c2c 522->524 525 89a6d14-89a6d2b 522->525 526 89a6a0b-89a6a0f 522->526 527 89a6ac9-89a6ad5 522->527 528 89a6bce-89a6bd2 522->528 529 89a6b4e-89a6b60 522->529 530 89a6c8f-89a6caf 522->530 531 89a6b8f-89a6baf 522->531 532 89a6d4c-89a6d50 522->532 533 89a6a38-89a6a44 522->533 534 89a6bfe-89a6c13 522->534 522->535 536 89a6cfd-89a6d0f 522->536 522->537 538 89a6d30-89a6d47 522->538 539 89a6c31-89a6c3d 522->539 540 89a6bb4-89a6bc9 522->540 541 89a6cb4-89a6cc0 522->541 542 89a6ceb-89a6cf8 522->542 543 89a6a6f-89a6a78 522->543 544 89a6aa4-89a6ac4 522->544 545 89a6c65-89a6c71 522->545 546 89a6b65-89a6b71 522->546 547 89a6b28 523->547 548 89a6b2d-89a6b49 523->548 524->520 525->520 551 89a6a22-89a6a29 526->551 552 89a6a11-89a6a20 526->552 563 89a6adc-89a6af2 527->563 564 89a6ad7 527->564 561 89a6bd4-89a6be3 528->561 562 89a6be5-89a6bec 528->562 529->520 530->520 531->520 557 89a6d52-89a6d61 532->557 558 89a6d63-89a6d6a 532->558 555 89a6a4b-89a6a6a 533->555 556 89a6a46 533->556 534->520 536->520 537->520 538->520 565 89a6c3f 539->565 566 89a6c44 539->566 540->520 549 89a6cc2 541->549 550 89a6cc7-89a6ce6 541->550 542->520 559 89a6a7a-89a6a89 543->559 560 89a6a8b-89a6a92 543->560 544->520 567 89a6c78-89a6c8a 545->567 568 89a6c73 545->568 553 89a6b78-89a6b8a 546->553 554 89a6b73 546->554 547->548 548->520 549->550 550->520 572 89a6a30-89a6a36 551->572 552->572 553->520 554->553 555->520 556->555 573 89a6d71-89a6d77 557->573 558->573 574 89a6a99-89a6a9f 559->574 560->574 570 89a6bf3-89a6bf9 561->570 562->570 584 89a6af9-89a6b15 563->584 585 89a6af4 563->585 564->563 565->566 583 89a6c4e-89a6c60 566->583 567->520 568->567 570->520 572->520 573->520 574->520 583->520 584->520 585->584 587->519 588->519
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: tIh
                                                            • API String ID: 0-443931868
                                                            • Opcode ID: 6092cc38d5352c69c8303f847583a76b7a2029e1f438deaa7f4f3061cc29afd3
                                                            • Instruction ID: 7891034c836bb9b95071873001439efed8307a4184f72d3b12e3467508244584
                                                            • Opcode Fuzzy Hash: 6092cc38d5352c69c8303f847583a76b7a2029e1f438deaa7f4f3061cc29afd3
                                                            • Instruction Fuzzy Hash: 8BE1687491420ADFDB45EFA5C4808AEFBB2FFD9301B58C856D411AB254CB34EA86CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A6950 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: tIh
                                                            • API String ID: 0-443931868
                                                            • Opcode ID: f969e9f9380200f6c466048d2873b2ebb80a4b9ecb12fd52a36f31801c7317a4
                                                            • Instruction ID: 0bea3a1578313b32327bd33ddc331ab64158e9e884bc995ccc2eff7e5581fae3
                                                            • Opcode Fuzzy Hash: f969e9f9380200f6c466048d2873b2ebb80a4b9ecb12fd52a36f31801c7317a4
                                                            • Instruction Fuzzy Hash: 4FD137B0E1520ADFCB45DF99C4848AEFBB2FF99301B14D919D411AB254D734EA42CF94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A4718 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: )"
                                                            • API String ID: 0-4237191880
                                                            • Opcode ID: f27ca94d9a71d39fb6846399b5b1bb2127ceab0fc0e5ef1faef3aa27a3c47139
                                                            • Instruction ID: e5af857c2acdd9fe1aca26a0ded774d3abfc4911a7015fe2b2d1044a30ca9f5f
                                                            • Opcode Fuzzy Hash: f27ca94d9a71d39fb6846399b5b1bb2127ceab0fc0e5ef1faef3aa27a3c47139
                                                            • Instruction Fuzzy Hash: 68A10474E00248CFDB04DFEAD88469DBBB2FF88301F24952AD825BB354DB759946CB94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A47B0 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: )"
                                                            • API String ID: 0-4237191880
                                                            • Opcode ID: bbc924ea242b8e5abd6b2ce6eb4290ed202a102f18da4670a5e78459dbac1fd1
                                                            • Instruction ID: 6d0a6230a747e4289227489fe52c95bb82b8090ffaaad434b6321114cbf13dc4
                                                            • Opcode Fuzzy Hash: bbc924ea242b8e5abd6b2ce6eb4290ed202a102f18da4670a5e78459dbac1fd1
                                                            • Instruction Fuzzy Hash: B881D174E002098FDB08CFAAD984AAEFBB2FF88301F24952AD415BB354D7749946CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A96D0 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: V
                                                            • API String ID: 0-1342839628
                                                            • Opcode ID: bc0ceb671db33bd0c8f9f460df4d9cf7cf07920b2580d2ed26ec09d4b4b9fc09
                                                            • Instruction ID: 9dd9e09b093e0f7db67c9646adbe4f78718845c2166d7c00c1989c6edca8ebd6
                                                            • Opcode Fuzzy Hash: bc0ceb671db33bd0c8f9f460df4d9cf7cf07920b2580d2ed26ec09d4b4b9fc09
                                                            • Instruction Fuzzy Hash: B4810374E05219DFCF04DFA9C9809AEFBB1FB88301F14995AD811A7354D7389A52CFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A92A8 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: O};5
                                                            • API String ID: 0-3558557551
                                                            • Opcode ID: b704e79e8f8464f5e17e416e805dbf24c23f1612fa434ba986c083b6b6124623
                                                            • Instruction ID: 1e1d118a45b833216d52008441824a76854fad310fb9f6f9dcf8cc36e35726aa
                                                            • Opcode Fuzzy Hash: b704e79e8f8464f5e17e416e805dbf24c23f1612fa434ba986c083b6b6124623
                                                            • Instruction Fuzzy Hash: 36718A70E1420ADFCB44CF95D9859AEFFB2FF89301F2498AAD815AB354D7309A51CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A99F8 Relevance: .2, Instructions: 231COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e2c02e00b09b33b5408b75aeadab8b21c02f70070682903dc22dce49f0ba4919
                                                            • Instruction ID: 6f6819f0c2d81131cc45082dbb94cf2f188d117eb885d73c1a2518c5a2b5475a
                                                            • Opcode Fuzzy Hash: e2c02e00b09b33b5408b75aeadab8b21c02f70070682903dc22dce49f0ba4919
                                                            • Instruction Fuzzy Hash: 1B913674D05208EFCB08DFE5D58099DFBB6FB89301F24A82AE42ABB224D7309945CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A99E9 Relevance: .2, Instructions: 226COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7c6b2d9e486747d6732ab2be3c07beb8f799390e9da49c26bc24b44d752eeb60
                                                            • Instruction ID: 841fefdb873466659b5eff88ae0d8ea6920a9c60201e80d3248a23db90db317a
                                                            • Opcode Fuzzy Hash: 7c6b2d9e486747d6732ab2be3c07beb8f799390e9da49c26bc24b44d752eeb60
                                                            • Instruction Fuzzy Hash: 0A912674E15209EFCB08DFE9D58099DFBB2BB89301F24A82AE416BB224D7349945CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A96E0 Relevance: .2, Instructions: 204COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: df5a4b4484b2dc1922b2058b51af6933bd101dadc895eb82678ea5f6f74907dd
                                                            • Instruction ID: cf6dcfc22d4540bb382358b4c705893c0cf1f96bba8832c48380413d91d80bec
                                                            • Opcode Fuzzy Hash: df5a4b4484b2dc1922b2058b51af6933bd101dadc895eb82678ea5f6f74907dd
                                                            • Instruction Fuzzy Hash: B481FF74E05219DFCF04DFA9C9809AEFBB1FB89201F14995AD821B7354D7349A42CFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A5AA0 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 478a843e6080fea0b1c7bf7cc69da1897550c276e9624a582aa4fe2cff11746f
                                                            • Instruction ID: 768b09c885484a8430a54c2410b1caf937004d2d1917ad48e8b98c98caf314ed
                                                            • Opcode Fuzzy Hash: 478a843e6080fea0b1c7bf7cc69da1897550c276e9624a582aa4fe2cff11746f
                                                            • Instruction Fuzzy Hash: 7921E9B1E006188BEB18CF9BD9402DEFBF7EFC9311F14C16AD509A6258DB705A46CE90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A5A91 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f82d1195564de64cc39671b71e1dc6f29f7255109099cac9b67ca5b111ba68db
                                                            • Instruction ID: 897d5b8ff964b0d1c9e9dbf5820b2044fd213705e1e52921ce638282b19d5398
                                                            • Opcode Fuzzy Hash: f82d1195564de64cc39671b71e1dc6f29f7255109099cac9b67ca5b111ba68db
                                                            • Instruction Fuzzy Hash: CF21ECB1E006588BEB19CFABC9442DEBFF7AFC9310F18C17A9409A6258DB745945CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A1F80 Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 89a1f80 1 89a1f85-89a1f88 0->1 2 89a1f9a-89a1f9e 1->2 3 89a1f8a 1->3 15 89a1fa0-89a1fa9 2->15 16 89a1fc1 2->16 3->2 4 89a224a-89a224f 3->4 5 89a231a-89a232e 3->5 6 89a2118-89a211c 3->6 7 89a22cc-89a22f6 3->7 8 89a2203-89a220b 3->8 9 89a2053-89a205d 3->9 10 89a2210-89a2223 3->10 11 89a2331-89a233a 3->11 12 89a2167-89a217a 3->12 13 89a2254-89a226a 3->13 14 89a2074-89a2078 3->14 4->1 17 89a211e-89a2127 6->17 18 89a213f 6->18 91 89a22f8 7->91 92 89a2302-89a230c 7->92 8->1 19 89a233d-89a243a 9->19 20 89a2063-89a206f 9->20 43 89a2243-89a2248 10->43 44 89a2225-89a222c 10->44 12->19 46 89a2180-89a2188 12->46 51 89a226c-89a227e 13->51 52 89a2280 13->52 21 89a207a-89a2083 14->21 22 89a209b 14->22 23 89a1fab-89a1fae 15->23 24 89a1fb0-89a1fbd 15->24 25 89a1fc4-89a1fc6 16->25 27 89a2129-89a212c 17->27 28 89a212e-89a213b 17->28 29 89a2142-89a2162 18->29 125 89a245c-89a2468 19->125 20->1 32 89a208a-89a2097 21->32 33 89a2085-89a2088 21->33 36 89a209e-89a20a2 22->36 35 89a1fbf 23->35 24->35 38 89a1fc8-89a1fce 25->38 39 89a1fde-89a1ffb 25->39 42 89a213d 27->42 28->42 29->1 45 89a2099 32->45 33->45 35->25 49 89a20b8 36->49 50 89a20a4-89a20b6 36->50 40 89a1fd2-89a1fdc 38->40 41 89a1fd0 38->41 68 89a201e 39->68 69 89a1ffd-89a2006 39->69 40->39 41->39 42->29 60 89a223e 43->60 44->19 59 89a2232-89a2239 44->59 45->36 62 89a218a-89a2193 46->62 63 89a21ab 46->63 53 89a20bb-89a20bf 49->53 50->53 54 89a2283-89a2290 51->54 52->54 64 89a20e0 53->64 65 89a20c1-89a20ca 53->65 85 89a22a8-89a22b5 54->85 86 89a2292-89a2298 54->86 59->60 60->1 70 89a219a-89a21a7 62->70 71 89a2195-89a2198 62->71 66 89a21ae-89a21b0 63->66 78 89a20e3-89a2104 64->78 73 89a20cc-89a20cf 65->73 74 89a20d1-89a20d4 65->74 76 89a21ce 66->76 77 89a21b2-89a21b8 66->77 81 89a2021-89a2048 68->81 79 89a2008-89a200b 69->79 80 89a200d-89a201a 69->80 83 89a21a9 70->83 71->83 84 89a20de 73->84 74->84 89 89a21d0-89a21d2 76->89 87 89a21ba-89a21bc 77->87 88 89a21be-89a21ca 77->88 78->19 108 89a210a-89a2113 78->108 90 89a201c 79->90 80->90 112 89a2050 81->112 83->66 84->78 85->19 98 89a22bb-89a22c7 85->98 95 89a229a 86->95 96 89a229c-89a229e 86->96 97 89a21cc 87->97 88->97 100 89a21ec-89a21fe 89->100 101 89a21d4-89a21da 89->101 90->81 104 89a22fd 91->104 92->19 105 89a230e-89a2318 92->105 95->85 96->85 97->89 98->1 100->1 109 89a21de-89a21ea 101->109 110 89a21dc 101->110 104->1 105->104 108->1 109->100 110->100 112->9 126 89a253a-89a253f 125->126 127 89a246e-89a247a 125->127 128 89a243c-89a243f 127->128 129 89a2448-89a245a 128->129 130 89a2441 128->130 129->128 130->125 130->129 132 89a250a-89a250c 130->132 133 89a249b-89a24a2 130->133 134 89a247c-89a248b 130->134 135 89a24cd-89a24d1 130->135 136 89a24f2 130->136 137 89a2530-89a2535 130->137 138 89a24d6-89a24df 130->138 139 89a24b6-89a24bd 130->139 140 89a24e4-89a24ed 130->140 141 89a24f5-89a24fc 130->141 145 89a250e-89a2514 132->145 146 89a2526-89a252f 132->146 133->126 142 89a24a8-89a24b4 133->142 148 89a248d 134->148 149 89a2494 134->149 135->128 136->141 137->128 138->128 139->126 143 89a24bf-89a24cb 139->143 140->128 141->126 144 89a24fe-89a2505 141->144 150 89a2499 142->150 143->150 144->128 153 89a2518-89a2524 145->153 154 89a2516 145->154 148->133 148->139 148->150 149->150 150->128 153->146 154->146
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: fq$ fq$ fq
                                                            • API String ID: 0-2888945447
                                                            • Opcode ID: 0db87224df6c067ad86993a03a065657181a425d846be143e1caca85fc9ddac3
                                                            • Instruction ID: 52a7dee428b0c005efacb41c13c3bbef10e7cf8327f3483a415455d981a1ca1a
                                                            • Opcode Fuzzy Hash: 0db87224df6c067ad86993a03a065657181a425d846be143e1caca85fc9ddac3
                                                            • Instruction Fuzzy Hash: 98F1D731A04258DFDB14ABE4D8907ADB7B5FF84302F55885AE413AB385DB349C86CBD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A6F90 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 218 89a6f90-89a6fae 219 89a6fb0 218->219 220 89a6fb5-89a6fba 218->220 219->220 232 89a6fbd call 89a7088 220->232 233 89a6fbd call 89a7078 220->233 221 89a6fc3 222 89a6fca-89a6fe6 221->222 223 89a6fe8 222->223 224 89a6fef-89a6ff0 222->224 223->221 223->224 225 89a705d-89a7061 223->225 226 89a6ff2-89a7006 223->226 227 89a7036-89a7058 223->227 224->225 229 89a7008-89a7017 226->229 230 89a7019-89a7020 226->230 227->222 231 89a7027-89a7034 229->231 230->231 231->222 232->221 233->221
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 3H5$3H5
                                                            • API String ID: 0-2752242361
                                                            • Opcode ID: 0dc0799965615d48cb82af92d5215536807f6f30b87fe1c3630f6e31f46ddac0
                                                            • Instruction ID: 785268e55195056f2c1d9f54adcd3db2beaee09064eeef246eb9f17bac433174
                                                            • Opcode Fuzzy Hash: 0dc0799965615d48cb82af92d5215536807f6f30b87fe1c3630f6e31f46ddac0
                                                            • Instruction Fuzzy Hash: 142139B0E10209EFCB44DFA9C580AAEFBF1FF99300F14C56AC549A7250E7309A45CB81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D27C5C Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 234 2d27c5c-2d27cfd 237 2d27d36-2d27d56 234->237 238 2d27cff-2d27d09 234->238 243 2d27d58-2d27d62 237->243 244 2d27d8f-2d27dbe 237->244 238->237 239 2d27d0b-2d27d0d 238->239 241 2d27d30-2d27d33 239->241 242 2d27d0f-2d27d19 239->242 241->237 245 2d27d1b 242->245 246 2d27d1d-2d27d2c 242->246 243->244 247 2d27d64-2d27d66 243->247 254 2d27dc0-2d27dca 244->254 255 2d27df7-2d27eb1 CreateProcessA 244->255 245->246 246->246 248 2d27d2e 246->248 249 2d27d68-2d27d72 247->249 250 2d27d89-2d27d8c 247->250 248->241 252 2d27d76-2d27d85 249->252 253 2d27d74 249->253 250->244 252->252 256 2d27d87 252->256 253->252 254->255 257 2d27dcc-2d27dce 254->257 266 2d27eb3-2d27eb9 255->266 267 2d27eba-2d27f40 255->267 256->250 258 2d27dd0-2d27dda 257->258 259 2d27df1-2d27df4 257->259 261 2d27dde-2d27ded 258->261 262 2d27ddc 258->262 259->255 261->261 263 2d27def 261->263 262->261 263->259 266->267 277 2d27f42-2d27f46 267->277 278 2d27f50-2d27f54 267->278 277->278 279 2d27f48 277->279 280 2d27f56-2d27f5a 278->280 281 2d27f64-2d27f68 278->281 279->278 280->281 282 2d27f5c 280->282 283 2d27f6a-2d27f6e 281->283 284 2d27f78-2d27f7c 281->284 282->281 283->284 285 2d27f70 283->285 286 2d27f8e-2d27f95 284->286 287 2d27f7e-2d27f84 284->287 285->284 288 2d27f97-2d27fa6 286->288 289 2d27fac 286->289 287->286 288->289 291 2d27fad 289->291 291->291
                                                            APIs
                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02D27E9E
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: CreateProcess
                                                            • String ID:
                                                            • API String ID: 963392458-0
                                                            • Opcode ID: 3781eca814e6ab5dc2981cd60f5195843b29a20f4991da3b0a82fd1869be2b28
                                                            • Instruction ID: 1e875f0587e5e5f32148c3f6a62ace188b4c8014af1cb7246796f8a9f029fbbd
                                                            • Opcode Fuzzy Hash: 3781eca814e6ab5dc2981cd60f5195843b29a20f4991da3b0a82fd1869be2b28
                                                            • Instruction Fuzzy Hash: 1CA14A71D00669CFEB20CF69C841BEDBBB2FB58318F1485A9D809A7380DB759985CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D27C68 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 292 2d27c68-2d27cfd 294 2d27d36-2d27d56 292->294 295 2d27cff-2d27d09 292->295 300 2d27d58-2d27d62 294->300 301 2d27d8f-2d27dbe 294->301 295->294 296 2d27d0b-2d27d0d 295->296 298 2d27d30-2d27d33 296->298 299 2d27d0f-2d27d19 296->299 298->294 302 2d27d1b 299->302 303 2d27d1d-2d27d2c 299->303 300->301 304 2d27d64-2d27d66 300->304 311 2d27dc0-2d27dca 301->311 312 2d27df7-2d27eb1 CreateProcessA 301->312 302->303 303->303 305 2d27d2e 303->305 306 2d27d68-2d27d72 304->306 307 2d27d89-2d27d8c 304->307 305->298 309 2d27d76-2d27d85 306->309 310 2d27d74 306->310 307->301 309->309 313 2d27d87 309->313 310->309 311->312 314 2d27dcc-2d27dce 311->314 323 2d27eb3-2d27eb9 312->323 324 2d27eba-2d27f40 312->324 313->307 315 2d27dd0-2d27dda 314->315 316 2d27df1-2d27df4 314->316 318 2d27dde-2d27ded 315->318 319 2d27ddc 315->319 316->312 318->318 320 2d27def 318->320 319->318 320->316 323->324 334 2d27f42-2d27f46 324->334 335 2d27f50-2d27f54 324->335 334->335 336 2d27f48 334->336 337 2d27f56-2d27f5a 335->337 338 2d27f64-2d27f68 335->338 336->335 337->338 339 2d27f5c 337->339 340 2d27f6a-2d27f6e 338->340 341 2d27f78-2d27f7c 338->341 339->338 340->341 342 2d27f70 340->342 343 2d27f8e-2d27f95 341->343 344 2d27f7e-2d27f84 341->344 342->341 345 2d27f97-2d27fa6 343->345 346 2d27fac 343->346 344->343 345->346 348 2d27fad 346->348 348->348
                                                            APIs
                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02D27E9E
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: CreateProcess
                                                            • String ID:
                                                            • API String ID: 963392458-0
                                                            • Opcode ID: 868d71ec7e1a0fca2a9b491e129e127160b144d381822a6bf107eb992a14c7fc
                                                            • Instruction ID: b86316329dc908fed8ad47562e0dc3cfd4938b193a285c481421652d83ab429f
                                                            • Opcode Fuzzy Hash: 868d71ec7e1a0fca2a9b491e129e127160b144d381822a6bf107eb992a14c7fc
                                                            • Instruction Fuzzy Hash: 7C914B71D00669CFEB20CF69C8417EDBBB2FB58318F1485A9D809A7380DB759985CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 051CB2F9 Relevance: 1.7, APIs: 1, Instructions: 223COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 349 51cb2f9-51cb300 350 51cb2b2-51cb2d5 349->350 351 51cb302-51cb317 349->351 364 51cb2e4-51cb2ec 350->364 365 51cb2d7-51cb2e2 350->365 352 51cb319-51cb326 call 51ca62c 351->352 353 51cb343-51cb347 351->353 361 51cb33c 352->361 362 51cb328 352->362 356 51cb349-51cb353 353->356 357 51cb35b-51cb39c 353->357 356->357 367 51cb39e-51cb3a6 357->367 368 51cb3a9-51cb3b7 357->368 361->353 413 51cb32e call 51cb5a0 362->413 414 51cb32e call 51cb591 362->414 366 51cb2ef-51cb2f4 364->366 365->366 367->368 369 51cb3b9-51cb3be 368->369 370 51cb3db-51cb3dd 368->370 372 51cb3c9 369->372 373 51cb3c0-51cb3c7 call 51ca638 369->373 375 51cb3e0-51cb3e7 370->375 371 51cb334-51cb336 371->361 374 51cb478-51cb4a1 371->374 377 51cb3cb-51cb3d9 372->377 373->377 393 51cb4a3-51cb4f0 374->393 378 51cb3e9-51cb3f1 375->378 379 51cb3f4-51cb3fb 375->379 377->375 378->379 382 51cb3fd-51cb405 379->382 383 51cb408-51cb411 call 51ca648 379->383 382->383 387 51cb41e-51cb423 383->387 388 51cb413-51cb41b 383->388 389 51cb425-51cb42c 387->389 390 51cb441-51cb44e 387->390 388->387 389->390 392 51cb42e-51cb43e call 51ca658 call 51ca668 389->392 398 51cb450-51cb46e 390->398 399 51cb471-51cb477 390->399 392->390 407 51cb4f2-51cb538 393->407 398->399 408 51cb53a-51cb53d 407->408 409 51cb540-51cb56b GetModuleHandleW 407->409 408->409 410 51cb56d-51cb573 409->410 411 51cb574-51cb588 409->411 410->411 413->371 414->371
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 051CB55E
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1397893462.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_51c0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 8a504fbf44318bdae86ebe33cfa13022a1599481cf351b76ae9b337c495e595d
                                                            • Instruction ID: 46c94c0716b105cb2a16056c65bdedf83c0be10ddd6f6d979695e8fe0cf02675
                                                            • Opcode Fuzzy Hash: 8a504fbf44318bdae86ebe33cfa13022a1599481cf351b76ae9b337c495e595d
                                                            • Instruction Fuzzy Hash: E7918970A04B048FE725CF69D046B5ABBF2FF48304F048A6DD086D7A50DB79E945CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 052F1DC4 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 415 52f1dc4-52f1e36 417 52f1e38-52f1e3e 415->417 418 52f1e41-52f1e48 415->418 417->418 419 52f1e4a-52f1e50 418->419 420 52f1e53-52f1ef2 CreateWindowExW 418->420 419->420 422 52f1efb-52f1f33 420->422 423 52f1ef4-52f1efa 420->423 427 52f1f35-52f1f38 422->427 428 52f1f40 422->428 423->422 427->428 429 52f1f41 428->429 429->429
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 052F1EE2
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1399107864.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_52f0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: c530d1cc44e4e1aa9b13d2ce8210d2a0093097f5bf178c25fea3630a3bd06e11
                                                            • Instruction ID: 35aec2cf9994036fa94e68ce82dbf0f18ad194398f9f30ba2faa04f1d408cbb7
                                                            • Opcode Fuzzy Hash: c530d1cc44e4e1aa9b13d2ce8210d2a0093097f5bf178c25fea3630a3bd06e11
                                                            • Instruction Fuzzy Hash: 7B51DFB1D10349DFDB14CF99D884ADEFBB5BF48310F64812AE919AB210D7719845CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 052F1DD0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 430 52f1dd0-52f1e36 431 52f1e38-52f1e3e 430->431 432 52f1e41-52f1e48 430->432 431->432 433 52f1e4a-52f1e50 432->433 434 52f1e53-52f1ef2 CreateWindowExW 432->434 433->434 436 52f1efb-52f1f33 434->436 437 52f1ef4-52f1efa 434->437 441 52f1f35-52f1f38 436->441 442 52f1f40 436->442 437->436 441->442 443 52f1f41 442->443 443->443
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 052F1EE2
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1399107864.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_52f0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: 43cd2addd27c72711f84db4facb0b60021267210fe2799e014de31eda7ca5ec4
                                                            • Instruction ID: 7b58bb37cd6f4cd3b0a33589883c0a2cfa852ad9758bcbcbf6ceefa3b2e6b037
                                                            • Opcode Fuzzy Hash: 43cd2addd27c72711f84db4facb0b60021267210fe2799e014de31eda7ca5ec4
                                                            • Instruction Fuzzy Hash: 4841D0B1D10349DFDB14CF9AD884ADEFBB5BF48310F64822AE819AB210D775A845CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 051C4C5C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 444 51c4c5c-51c6141 CreateActCtxA 447 51c614a-51c61a4 444->447 448 51c6143-51c6149 444->448 455 51c61a6-51c61a9 447->455 456 51c61b3-51c61b7 447->456 448->447 455->456 457 51c61c8 456->457 458 51c61b9-51c61c5 456->458 460 51c61c9 457->460 458->457 460->460
                                                            APIs
                                                            • CreateActCtxA.KERNEL32(?), ref: 051C6131
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1397893462.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_51c0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: ba0488bba5b198a174f3b5f863aa9ff769d6429beec968f1c8aefce5412af553
                                                            • Instruction ID: 7796d7af571248e4ec888a4c9091305803aa6f5243dfc60fc0ad86cb19851b69
                                                            • Opcode Fuzzy Hash: ba0488bba5b198a174f3b5f863aa9ff769d6429beec968f1c8aefce5412af553
                                                            • Instruction Fuzzy Hash: 1641E470C00718CFEB24CFA9C884B9DBBF5BF88304F20806AD409AB251D7B96946CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 051C6075 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 461 51c6075-51c6141 CreateActCtxA 463 51c614a-51c61a4 461->463 464 51c6143-51c6149 461->464 471 51c61a6-51c61a9 463->471 472 51c61b3-51c61b7 463->472 464->463 471->472 473 51c61c8 472->473 474 51c61b9-51c61c5 472->474 476 51c61c9 473->476 474->473 476->476
                                                            APIs
                                                            • CreateActCtxA.KERNEL32(?), ref: 051C6131
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1397893462.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_51c0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: 2cd939cb8379687fea132ce9976cb637191de1928df4ae1222b74d70bb1ed477
                                                            • Instruction ID: 74c249b8c87f46db3faa6bb445b5790e61a7222817d3a5a8bd8fe336dc4f740d
                                                            • Opcode Fuzzy Hash: 2cd939cb8379687fea132ce9976cb637191de1928df4ae1222b74d70bb1ed477
                                                            • Instruction Fuzzy Hash: 9141C4B0C00719CFEB24DFA9C8847DDBBB5BF84305F20805AD509AB255D7B56946CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 052F4520 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 477 52f4520-52f455c 478 52f460c-52f462c 477->478 479 52f4562-52f4567 477->479 485 52f462f-52f463c 478->485 480 52f45ba-52f45f2 CallWindowProcW 479->480 481 52f4569-52f45a0 479->481 482 52f45fb-52f460a 480->482 483 52f45f4-52f45fa 480->483 488 52f45a9-52f45b8 481->488 489 52f45a2-52f45a8 481->489 482->485 483->482 488->485 489->488
                                                            APIs
                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 052F45E1
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1399107864.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_52f0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: CallProcWindow
                                                            • String ID:
                                                            • API String ID: 2714655100-0
                                                            • Opcode ID: 5f1e6f282495abd933bc768c55145c8abe5be2af7431c70f610a67d7cb017141
                                                            • Instruction ID: 9c6e5b811b6e4bdf94de4cac27552dc7a222d816b46a3a26c5c3902c693c9de2
                                                            • Opcode Fuzzy Hash: 5f1e6f282495abd933bc768c55145c8abe5be2af7431c70f610a67d7cb017141
                                                            • Instruction Fuzzy Hash: AE4147B4910309DFDB14DF89D488AAAFBF6FF88314F248459D519AB321D3B5A841CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D279DA Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 589 2d279da-2d27a2e 592 2d27a30-2d27a3c 589->592 593 2d27a3e-2d27a7d WriteProcessMemory 589->593 592->593 595 2d27a86-2d27ab6 593->595 596 2d27a7f-2d27a85 593->596 596->595
                                                            APIs
                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02D27A70
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessWrite
                                                            • String ID:
                                                            • API String ID: 3559483778-0
                                                            • Opcode ID: 06587c36115ab67d3dbfc921b7d33025f42b30349e38132e10db8b3642f7588c
                                                            • Instruction ID: 5f1d697a1d461d7ea40d10f04b3b11ab2dd1bf4b85e2edc1b177959508b8c7b9
                                                            • Opcode Fuzzy Hash: 06587c36115ab67d3dbfc921b7d33025f42b30349e38132e10db8b3642f7588c
                                                            • Instruction Fuzzy Hash: 00215571D003599FDB20CFAAC880BDEBBF1FF48324F14842AE919A7241C7789945CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D279E0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 600 2d279e0-2d27a2e 602 2d27a30-2d27a3c 600->602 603 2d27a3e-2d27a7d WriteProcessMemory 600->603 602->603 605 2d27a86-2d27ab6 603->605 606 2d27a7f-2d27a85 603->606 606->605
                                                            APIs
                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02D27A70
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessWrite
                                                            • String ID:
                                                            • API String ID: 3559483778-0
                                                            • Opcode ID: e239cdfc71b06a945e6db230af7b095a1564e039975b2e81787fbaba5b843ea0
                                                            • Instruction ID: d4c1c1aff57d159a7de5d02516ba3eb6d3e3a4168a6ad82fa3fe355920524a1d
                                                            • Opcode Fuzzy Hash: e239cdfc71b06a945e6db230af7b095a1564e039975b2e81787fbaba5b843ea0
                                                            • Instruction Fuzzy Hash: ED213571D003199FDB20CFAAC880BDEBBF5FF48324F108429E919A7240D7789945CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D27AC9 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02D27B50
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessRead
                                                            • String ID:
                                                            • API String ID: 1726664587-0
                                                            • Opcode ID: 68f67e6a93e61db42f7ea5f641f29206c4048208ab42fd7efd15683825e75fa9
                                                            • Instruction ID: 9aab46133cea34e9d094c050a32696b81c04a052d8b4c9ab2ee90d1fec2f3d04
                                                            • Opcode Fuzzy Hash: 68f67e6a93e61db42f7ea5f641f29206c4048208ab42fd7efd15683825e75fa9
                                                            • Instruction Fuzzy Hash: 2A212471C003599FDB10CFAAC884BEEBBF5FF48310F508429E919A7240C7799945CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D2740A Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02D2748E
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: ContextThreadWow64
                                                            • String ID:
                                                            • API String ID: 983334009-0
                                                            • Opcode ID: bca798ebfa9ba52a5b847620e8a96c435a916a6577fccd27fe5724ce1d3e6d70
                                                            • Instruction ID: 1853ebf1ecb7b4bfa6a3df88bff2c70c79eb97291b8e5b6480a867bacd56a680
                                                            • Opcode Fuzzy Hash: bca798ebfa9ba52a5b847620e8a96c435a916a6577fccd27fe5724ce1d3e6d70
                                                            • Instruction Fuzzy Hash: 86212871D003198FDB20CFAAC4857EEBBF5EF58224F148429D459A7241CB799946CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 051CD7BC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,051CDB96,?,?,?,?,?), ref: 051CDC57
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1397893462.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_51c0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: f80c5fa6b204d585d438e85d8d590fbb0c633f8ece9b5b32a2f29a60f349adf2
                                                            • Instruction ID: 50e3e89a7084f36f5c106fd91b98228fd90e08c96b1223a4ced4bfdb7c6aa48e
                                                            • Opcode Fuzzy Hash: f80c5fa6b204d585d438e85d8d590fbb0c633f8ece9b5b32a2f29a60f349adf2
                                                            • Instruction Fuzzy Hash: 3A21E3B5D002489FDB10CF9AD984BDEBBF5EB48320F14846AE919A3350D379A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D27AD0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02D27B50
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessRead
                                                            • String ID:
                                                            • API String ID: 1726664587-0
                                                            • Opcode ID: 7137cf3faa21119461f11a8cb3bc4401e4a2f7e2f9bad5c3b6389f7aa1297fa3
                                                            • Instruction ID: 5f0b4187646877844b825756306f08a0e7ae90bb6a54ac310543150cda255cf2
                                                            • Opcode Fuzzy Hash: 7137cf3faa21119461f11a8cb3bc4401e4a2f7e2f9bad5c3b6389f7aa1297fa3
                                                            • Instruction Fuzzy Hash: F4210571D003599FDB10CFAAC880BEEBBF5FF48310F108429E519A7240C7799945CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D27410 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02D2748E
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: ContextThreadWow64
                                                            • String ID:
                                                            • API String ID: 983334009-0
                                                            • Opcode ID: 221588147138b65469677f947751f40cc8884f840ad8b756105e5f97c4f082fb
                                                            • Instruction ID: 7d4e71e5aba6b30730ce3d4c079e893ded7260771d628b0a75f52e2883fb1d39
                                                            • Opcode Fuzzy Hash: 221588147138b65469677f947751f40cc8884f840ad8b756105e5f97c4f082fb
                                                            • Instruction Fuzzy Hash: 40213471D003198FDB20CFAAC4857EEBBF4EF48224F14842AD419A7340CB78A949CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 051CDBC8 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,051CDB96,?,?,?,?,?), ref: 051CDC57
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1397893462.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_51c0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: 68837b39a4e013292cb4f43c515d0f88917158da20022f40d0a25e25e49b083b
                                                            • Instruction ID: 236515056632001b6f1ae6e2a78526826074d0877b8a8f4c4ce380357a9e1030
                                                            • Opcode Fuzzy Hash: 68837b39a4e013292cb4f43c515d0f88917158da20022f40d0a25e25e49b083b
                                                            • Instruction Fuzzy Hash: 2A2114B5D002489FDB10CFAAD984ADEBFF4FB48310F14845AE858A3210D379A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 051CA690 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,051CB5D9,00000800,00000000,00000000), ref: 051CB7CA
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1397893462.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_51c0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad
                                                            • String ID:
                                                            • API String ID: 1029625771-0
                                                            • Opcode ID: 94606e048d3d6e290632b338c57cbb279dcfd69ce11d868a0a3171207ca97372
                                                            • Instruction ID: e156bcd8d3cfb0d4a293bc68389fcb5bab6f2e4cb957788eec162fa6f02e0656
                                                            • Opcode Fuzzy Hash: 94606e048d3d6e290632b338c57cbb279dcfd69ce11d868a0a3171207ca97372
                                                            • Instruction Fuzzy Hash: 871106B5D043498FDB10DF9AC485B9EFBF5EB48210F50845ED819A7240C379A545CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 051CB758 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,051CB5D9,00000800,00000000,00000000), ref: 051CB7CA
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1397893462.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_51c0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad
                                                            • String ID:
                                                            • API String ID: 1029625771-0
                                                            • Opcode ID: d1385af007bca3aec3e8a68ddef1d075dc0c3f30942b9e30b5e793f9a2524a7c
                                                            • Instruction ID: 6ca96e7ca1db5390d4d45238057f93c2544c461f999bc9abfac4843d1c124450
                                                            • Opcode Fuzzy Hash: d1385af007bca3aec3e8a68ddef1d075dc0c3f30942b9e30b5e793f9a2524a7c
                                                            • Instruction Fuzzy Hash: F611F2B6C043499FDB10DF9AC485B9EFBF4AB98210F54842AD819A7240C379A545CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D27918 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02D2798E
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: bea64aeebb4cb98f99c25cd635558f2d2c9579a16678686e9ee86f7584e4e40c
                                                            • Instruction ID: 9fd0e4d448d1e2ef308a8b30a073ceef3695fd8925e5835feed388e323b970c0
                                                            • Opcode Fuzzy Hash: bea64aeebb4cb98f99c25cd635558f2d2c9579a16678686e9ee86f7584e4e40c
                                                            • Instruction Fuzzy Hash: C0118971D043489FDB20CFAAC844BDEBBF5EF48324F148819D519A7250C7799945CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D27920 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02D2798E
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: d7843650960c7905ec5d7eff63a51e8c1af811a98c3a8e00818f16c4e0312e76
                                                            • Instruction ID: f5979fc92ce11f86221407bd60637bb8e17d12fd4b34bc48d201ec3bec503973
                                                            • Opcode Fuzzy Hash: d7843650960c7905ec5d7eff63a51e8c1af811a98c3a8e00818f16c4e0312e76
                                                            • Instruction Fuzzy Hash: 67115671D003488FDB20CFAAC844BEEBBF5EF48324F148819E519A7250CB79A944CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D2735A Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: ResumeThread
                                                            • String ID:
                                                            • API String ID: 947044025-0
                                                            • Opcode ID: 0c4173293c70c8e1e76bb763ff1490a6a8c7ad7cc216748168457026fd02bae9
                                                            • Instruction ID: 1da6f68adc1afa630bdba644f7ee9fdbd2e320ece82d95f225ef2903763ecd0c
                                                            • Opcode Fuzzy Hash: 0c4173293c70c8e1e76bb763ff1490a6a8c7ad7cc216748168457026fd02bae9
                                                            • Instruction Fuzzy Hash: 5B114371D003588FDB20DFAAC8457EEFBF5EF88224F248859D459A7240CB79A945CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D27360 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: ResumeThread
                                                            • String ID:
                                                            • API String ID: 947044025-0
                                                            • Opcode ID: de2b07c7554526121eb873f5054f22df925b5aaf89cf087553f5eb1300c4cdb9
                                                            • Instruction ID: bec7cad92615c51f427c982804f64442d830775f19018394a0742642d2f1ee64
                                                            • Opcode Fuzzy Hash: de2b07c7554526121eb873f5054f22df925b5aaf89cf087553f5eb1300c4cdb9
                                                            • Instruction Fuzzy Hash: 13113671D003588FDB20DFAAC4457EEFBF5EF88224F248819D459A7340CB79A945CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 051CB4F8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 051CB55E
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1397893462.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_51c0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 6d54ea5ef2b3aea1f673023ad96cd4cfafa4c1a3dc71ed8c6d18c19dc04de88f
                                                            • Instruction ID: cbd0aa639d5bb38178ce59e172e5fad2723c03ed364d888cce7edbadca268380
                                                            • Opcode Fuzzy Hash: 6d54ea5ef2b3aea1f673023ad96cd4cfafa4c1a3dc71ed8c6d18c19dc04de88f
                                                            • Instruction Fuzzy Hash: 2F1110B5D046498FCB20CF9AC444BDEFBF8EB88320F14845AD829A7210D37AA545CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D28EB4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 02D2BAE5
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: e2e8760abf2c46342cddfe23e161e5f858f211295ed26df77c4852b507c854fc
                                                            • Instruction ID: eda83ee81e28ed39759bcb2e53590db2ec805a648cf27af56fb4419be0596893
                                                            • Opcode Fuzzy Hash: e2e8760abf2c46342cddfe23e161e5f858f211295ed26df77c4852b507c854fc
                                                            • Instruction Fuzzy Hash: 8F1136B58043489FCB10CF8AC484BDEBBF8FB48324F10841AE915A7300C3B9A944CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02D2BA82 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 02D2BAE5
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1391547817.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_2d20000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: 0892a88e6d9d8feb2a8d0d4a8a848b8d4bf0f3342fe825e2e7df949017f5473e
                                                            • Instruction ID: b5395821547e9f375d334a3be5d3d803d44f665cc78b512953658050067087f9
                                                            • Opcode Fuzzy Hash: 0892a88e6d9d8feb2a8d0d4a8a848b8d4bf0f3342fe825e2e7df949017f5473e
                                                            • Instruction Fuzzy Hash: 4E1103B5800259DFDB10CF9AD885BDEBBF4EB48314F14841AE519A7740C3B9A945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A9120 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: O};5
                                                            • API String ID: 0-3558557551
                                                            • Opcode ID: bc1133f0f6145b03346e229fa4cf94251158be3525c33971f69f86db91a7509c
                                                            • Instruction ID: 0d9f23f5c1c9b265dfe9518528e13d1c67604eb1bf7d861e83679094c023939d
                                                            • Opcode Fuzzy Hash: bc1133f0f6145b03346e229fa4cf94251158be3525c33971f69f86db91a7509c
                                                            • Instruction Fuzzy Hash: 0C41B170A1424ADFCB44CFA9D5888AEFFB1FF8A210F6498D9D454EB365D7309A50CB10
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A9130 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: O};5
                                                            • API String ID: 0-3558557551
                                                            • Opcode ID: 9dc512d95410882e51df72a0019be98e3baa7e44041fb4084706f67dd4ea847d
                                                            • Instruction ID: 1b99c820226646c62f790f7de52ae1ab15c7498b04f3b0a336444d44c7ca1ac9
                                                            • Opcode Fuzzy Hash: 9dc512d95410882e51df72a0019be98e3baa7e44041fb4084706f67dd4ea847d
                                                            • Instruction Fuzzy Hash: 74415B70A1420ADFCB44DF99D5858AEBFF1FB89301F609899D455EB328DB30AA11CB54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A5270 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: H+R
                                                            • API String ID: 0-1892171737
                                                            • Opcode ID: 5c56bdf90f88a4e77b41f7a0ebac505f1aa2c385ca69be07bd3582e87cc7b966
                                                            • Instruction ID: e7b91b0f38a516ad61e98bfacdb474e76d081e748acba18ad3747b13ca4787d9
                                                            • Opcode Fuzzy Hash: 5c56bdf90f88a4e77b41f7a0ebac505f1aa2c385ca69be07bd3582e87cc7b966
                                                            • Instruction Fuzzy Hash: A131F3B4E04209DFCB44CFA9C4819AEBBF2EF89300F1185AAC815A7315D734AA41CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A5280 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: H+R
                                                            • API String ID: 0-1892171737
                                                            • Opcode ID: 16634f7dfd387160ab6735d5d2c582fe2006c49b4e99ba66b23dee3d48092fc1
                                                            • Instruction ID: fa931030943aa803f7e1342e2d14f0d234e1407f17bfd3138eda4081ed61781c
                                                            • Opcode Fuzzy Hash: 16634f7dfd387160ab6735d5d2c582fe2006c49b4e99ba66b23dee3d48092fc1
                                                            • Instruction Fuzzy Hash: 3731D2B4E04209DFCB84DFA9C5819AEBBF2EB88301F51C56AD819A7315D774AA41CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A6F81 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 3H5
                                                            • API String ID: 0-3899204960
                                                            • Opcode ID: 354f6baf1bb502d635a2cf31e2367461e8ae76743563ea165ffce2561662768e
                                                            • Instruction ID: b18e6086365f3af9112cc5525eebdf5b5b37608494a473203c9dcfc1359363e6
                                                            • Opcode Fuzzy Hash: 354f6baf1bb502d635a2cf31e2367461e8ae76743563ea165ffce2561662768e
                                                            • Instruction Fuzzy Hash: F7218E70A1464ADFCB05DFA9C5809AEFFF1EF9A300F28C5AAD544AB351D7309A45CB81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089ADFB8 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: CUB
                                                            • API String ID: 0-3531825958
                                                            • Opcode ID: eb75fa6e2f61970cc0091652601b02e498586d4d12fe635357599fd2ba6dcba7
                                                            • Instruction ID: e919d2faf4392e7eac89a42c381ddadaffa855bcbdf0ffbc8ea5621ff32959e2
                                                            • Opcode Fuzzy Hash: eb75fa6e2f61970cc0091652601b02e498586d4d12fe635357599fd2ba6dcba7
                                                            • Instruction Fuzzy Hash: D7D012361101089F5B40FAA5F841DA27BDCBFA47003008422F508C7520E621F535E791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A0600 Relevance: .5, Instructions: 453COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4b62ff544a26a9ea881c5c6c82cef6f5df0df3224ac16fa8bf6c414916de9439
                                                            • Instruction ID: f7bdff8423a441f66605651e7d43a23065095feb600ac29661f28fb0c0b18b58
                                                            • Opcode Fuzzy Hash: 4b62ff544a26a9ea881c5c6c82cef6f5df0df3224ac16fa8bf6c414916de9439
                                                            • Instruction Fuzzy Hash: 44F18430F00608DFEB14ABA9C8597AD7BF6BB84706F108429E542AB385EE75DC41CBD5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A05F0 Relevance: .4, Instructions: 395COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d8bf85313b0968cca83a571a3ae7b47bd6f1e02bb7b509adab570b80bae223d1
                                                            • Instruction ID: 8c03ea233916dc55a44049f863160316a4227050344e99a9fa1002674f625ca7
                                                            • Opcode Fuzzy Hash: d8bf85313b0968cca83a571a3ae7b47bd6f1e02bb7b509adab570b80bae223d1
                                                            • Instruction Fuzzy Hash: 3BE19034B00604DFEB14AB69C8597AD7BF6BB84706F108429F902EB385DEB59C41CBD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AD3EB Relevance: .3, Instructions: 297COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7759ea8ecef5b725d9f4dd128bf03ef90175d25ade6a7088195ef60372162704
                                                            • Instruction ID: cbb1f9b6316ce1491d42fa0a2103962d0ce811f868c7ebea36811bd90700739f
                                                            • Opcode Fuzzy Hash: 7759ea8ecef5b725d9f4dd128bf03ef90175d25ade6a7088195ef60372162704
                                                            • Instruction Fuzzy Hash: C4B13674E04255CFEB04EBA9D8447BEBBB1BF45306F1481AAE1A99B7C1CB348941CBD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A10A0 Relevance: .2, Instructions: 243COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c3375ddf025a728448d1c99c0599e46d044bbd48bc6ded125fe3ce2d4cbf52df
                                                            • Instruction ID: 94ab432009e09ae45f26a2fac1ad9a27813f4a9145e785f3735d081481b5a498
                                                            • Opcode Fuzzy Hash: c3375ddf025a728448d1c99c0599e46d044bbd48bc6ded125fe3ce2d4cbf52df
                                                            • Instruction Fuzzy Hash: EAA1E230E04254CFCB10DFA4C8847AABBF1BF45306F5988AAD4639B362D734D985CB92
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A0910 Relevance: .2, Instructions: 217COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 95b2f65fd80e825861780a905a215b08113deca0bfadcb7943c4e3e60ab07ccd
                                                            • Instruction ID: fff9ef3c26e195caf98165e2cd63ece39dc1e5b1bbee51fa7af620fd4d954f0a
                                                            • Opcode Fuzzy Hash: 95b2f65fd80e825861780a905a215b08113deca0bfadcb7943c4e3e60ab07ccd
                                                            • Instruction Fuzzy Hash: 2981B030B00608DFEB14AB65D859BAD7AB6BFC5716F108429E902BB380DFB59C41CBD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AE628 Relevance: .2, Instructions: 196COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7884f667dea5d5beaf8355c9cd2ba7b8ce3c332e1c5c9b54968f8cc3b1269f68
                                                            • Instruction ID: 3f3610744bdf798b92f3c0e3d6944a58142320bc91dc346bbf036a7fc5a50479
                                                            • Opcode Fuzzy Hash: 7884f667dea5d5beaf8355c9cd2ba7b8ce3c332e1c5c9b54968f8cc3b1269f68
                                                            • Instruction Fuzzy Hash: 1E61F734A14255CFD714AB29C80477E7BB6FF85316F5885BAE12ACB282C735D841CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A09C1 Relevance: .2, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 02bc459a31c575301f3b5b80f54410112abdf4002602e8e36b7e132223d81176
                                                            • Instruction ID: 30f7b2a411b92419e5a489ade58328fb57f3058555b5c9328e33fd4212d3f1ce
                                                            • Opcode Fuzzy Hash: 02bc459a31c575301f3b5b80f54410112abdf4002602e8e36b7e132223d81176
                                                            • Instruction Fuzzy Hash: EF61A430B00708DFEB14AB65C8197AD7AB6BB89756F108429F902AB394DE759C41CBD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089ABCE0 Relevance: .2, Instructions: 167COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0fe701ccdb8e7ec26014fe65eafaf3dd6b308f93b22b0b97f358a70ec530dec6
                                                            • Instruction ID: d3840674db8f6405dcde417bd575c1fb3a7b9d076f91639be35c9f710ed1a72d
                                                            • Opcode Fuzzy Hash: 0fe701ccdb8e7ec26014fe65eafaf3dd6b308f93b22b0b97f358a70ec530dec6
                                                            • Instruction Fuzzy Hash: 4C613B35A00609DFCB14EFA9C494A9DBBF1FF88325F208159E909AB360DB71ED45CB80
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089ABCD0 Relevance: .2, Instructions: 156COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 88979af9b7e89dc9593997e8a49bae2aeaacb4ff7f7bc50574e655a0fedfba92
                                                            • Instruction ID: 4d0cfe2d547543c6ed29573f89a2d5abbc2822c5e57da4603ae056157a4a2df0
                                                            • Opcode Fuzzy Hash: 88979af9b7e89dc9593997e8a49bae2aeaacb4ff7f7bc50574e655a0fedfba92
                                                            • Instruction Fuzzy Hash: 37615E75A00609CFCB14EFA8C454A9DBBF1FF88315F208559E909AB360DB70AD85CB80
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A3ADC Relevance: .2, Instructions: 154COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9fdac943ad29e77fced7eca6e695857305092fa40636290358d8e7b4100ee850
                                                            • Instruction ID: 3feb31faae112bce3bb6bef0f8f5b54be7eec8727df2ab753fc2971198e5e272
                                                            • Opcode Fuzzy Hash: 9fdac943ad29e77fced7eca6e695857305092fa40636290358d8e7b4100ee850
                                                            • Instruction Fuzzy Hash: 2C51BF30B002058FDB15EB78885896EBBFAEFC4321B15856AE429DB391EF30DD058791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A0D38 Relevance: .1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dcaf37e121c28b21aede224a9d421e9078e037c6ea49898213f7524ebfc5d514
                                                            • Instruction ID: 3d48a581cb8f40a47e98ac4a093e2eb4a5ef7911da8a4f4ab3ad70c3efed21b5
                                                            • Opcode Fuzzy Hash: dcaf37e121c28b21aede224a9d421e9078e037c6ea49898213f7524ebfc5d514
                                                            • Instruction Fuzzy Hash: 6D415A32A14B14DFDB10AB68D8157BEBBB1FB45312F04896AE476DB281D734A940CBD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AB458 Relevance: .1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0483eec1bfa1b4918c543dbbcfe63a2e6bc385ab63e8ecd9847904b31c030e81
                                                            • Instruction ID: ecad1f434633111533da1236b40d08760e84f8dce359d0e764ed3a479c1c8df4
                                                            • Opcode Fuzzy Hash: 0483eec1bfa1b4918c543dbbcfe63a2e6bc385ab63e8ecd9847904b31c030e81
                                                            • Instruction Fuzzy Hash: E751F474904609DBDB05DF78C8403ADBBB1FF4531AF04896BE816AF391D7349942CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AC6E5 Relevance: .1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 444a0051516e69947d0af8d21dea212a2dc2d6205c54a4ecfed7224bee21afa7
                                                            • Instruction ID: 332a31ab189af7a2b45df2f46a7f25a4e1be6badc37cb6e6e816b1f8924dcb12
                                                            • Opcode Fuzzy Hash: 444a0051516e69947d0af8d21dea212a2dc2d6205c54a4ecfed7224bee21afa7
                                                            • Instruction Fuzzy Hash: 8F51C034A04245CFDB00DBA8C454ABDBBB5EF4430AF4584AAFA16EF291DB78D845CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A8FC8 Relevance: .1, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f7530de4630c23b571dc8727d91dc0c57aca58dd715b121c350e0a329869f6aa
                                                            • Instruction ID: 28e8495651879ef658e1ed08f0fad4a2db618b45f3a1df3f92d73d5d9a42271e
                                                            • Opcode Fuzzy Hash: f7530de4630c23b571dc8727d91dc0c57aca58dd715b121c350e0a329869f6aa
                                                            • Instruction Fuzzy Hash: 3C419EB89197848FC316DB69D494948BFB0FF8A211F1A81DAD880CF3B3DA349945CB12
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AAEB0 Relevance: .1, Instructions: 109COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b8e65cb67ee989472cd45753ceba1ef041e71e29027df5aa62fb47c2ab0aaefc
                                                            • Instruction ID: bc258ecf26394cfc51a1cfbce7b726a01e727f20e5bb01fe5ae273208910bea6
                                                            • Opcode Fuzzy Hash: b8e65cb67ee989472cd45753ceba1ef041e71e29027df5aa62fb47c2ab0aaefc
                                                            • Instruction Fuzzy Hash: 51410470A04255CFDB14BB68C854A7E7BF5EF85302F1588AAE201EB392DA35CD45CBD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A92B8 Relevance: .1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 522bad07eafd61222f812379840feb3274175a209eb1b633726e17ef39c74e20
                                                            • Instruction ID: 7d7b4350ffa5ecc8a981ea3f3c12985cff4bd33fd9bcaf6511a2149807acffa4
                                                            • Opcode Fuzzy Hash: 522bad07eafd61222f812379840feb3274175a209eb1b633726e17ef39c74e20
                                                            • Instruction Fuzzy Hash: 8A417975E0020A9FDB04CFA9D8819AEBFB2FB89311F109529E915BB250D7709A51CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AB34C Relevance: .1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b7089a05fa7439e025f1c11ebdde9b938f77605fe711cd060a8ccdd1aca2b6ef
                                                            • Instruction ID: 16d1585302507d44d156b7056544078d319284f8fc8323314997e6407fe12bc9
                                                            • Opcode Fuzzy Hash: b7089a05fa7439e025f1c11ebdde9b938f77605fe711cd060a8ccdd1aca2b6ef
                                                            • Instruction Fuzzy Hash: 54413875D1074A8BCB11EFAAC8446DEFBF4FF89310F14861AD459B7200E774A585CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AB43C Relevance: .1, Instructions: 99COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d1d406f4ee3530dd32be5b72c71035b685b45893ac59a4c0d22f86e146e0f860
                                                            • Instruction ID: ac7877529da67a176b7fbc41ee79147f8690ac624360d29a4c1975f0fa471a2f
                                                            • Opcode Fuzzy Hash: d1d406f4ee3530dd32be5b72c71035b685b45893ac59a4c0d22f86e146e0f860
                                                            • Instruction Fuzzy Hash: D53157B5A003499FCB14DFA9D845A9EBFF9EB48324F10842AE819E7310D735A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A3B58 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 34294370aa1686f835876ed9e85c77f1c2defbb446ead001de4870023d474919
                                                            • Instruction ID: e46b933cc80bb3ab116edf17cea7296f03478e99939e5cec4468961389df7a63
                                                            • Opcode Fuzzy Hash: 34294370aa1686f835876ed9e85c77f1c2defbb446ead001de4870023d474919
                                                            • Instruction Fuzzy Hash: D4310430A0D2918FC750AFA8C8817BABBB1EF42311F0589ABD495C7242D3349995E7D6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089ACCA8 Relevance: .1, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7771fb9ad24f8641a542e8562ee08e0f45fa3d103fb8edeab1dbc14280ec64b9
                                                            • Instruction ID: 4816699bd6308cebbe9d2c6d5bfa129f19d2bbd3385394fb75c980ecc923a19c
                                                            • Opcode Fuzzy Hash: 7771fb9ad24f8641a542e8562ee08e0f45fa3d103fb8edeab1dbc14280ec64b9
                                                            • Instruction Fuzzy Hash: 7F31AD71904619DBCB10DF68C8402EEF7B1FF4931AF04892AE82AAF291D3759852CBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A3438 Relevance: .1, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c37bb54e8f0c4f4ff9419dc7e53373c1555e1cd75440789d72d49669c52ccc26
                                                            • Instruction ID: 399d90a5d92a4c9523e49d4e2376d4464c2856faf796f2931fa36efc61d78f94
                                                            • Opcode Fuzzy Hash: c37bb54e8f0c4f4ff9419dc7e53373c1555e1cd75440789d72d49669c52ccc26
                                                            • Instruction Fuzzy Hash: 7431E471905215CBD711AF1DC80037AFBE6EB41706F18856BE9298B386D735C941EBD2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AD9F0 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3811ea440fe1b87ff8c06b0071963e59c444f6795e08670d8da65cf2b1159d68
                                                            • Instruction ID: 7de0cf55c6032f3f8a13f0269f6b63678182c32dbdfb5938d3a5875337439ddf
                                                            • Opcode Fuzzy Hash: 3811ea440fe1b87ff8c06b0071963e59c444f6795e08670d8da65cf2b1159d68
                                                            • Instruction Fuzzy Hash: A0318631A0C285CFC701DF6CD80075ABFB0FF4A322F0989AAE066CB292C2348542CBD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A3428 Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: adadbcc6b9fda2de086e4ca768fccd0c4862a493f0c37c10f01d34c2ae857672
                                                            • Instruction ID: 2be9cdb9395a95485911ca623eba63c0bfaf4ecc08a5fa1d920f35dd392840b0
                                                            • Opcode Fuzzy Hash: adadbcc6b9fda2de086e4ca768fccd0c4862a493f0c37c10f01d34c2ae857672
                                                            • Instruction Fuzzy Hash: C331E271801111CBD711AF19C8007BAFBE6EB41716F18866FE9698B3C6D336D941EBD2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AE618 Relevance: .1, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9d696028fbb017cb05789f659af9b6234e434eb848bf31c1babb7441b46c58fe
                                                            • Instruction ID: 4efe11c393c2408c655cc7885b66a5afa8271d83dac3c1eb24fa581eba27c527
                                                            • Opcode Fuzzy Hash: 9d696028fbb017cb05789f659af9b6234e434eb848bf31c1babb7441b46c58fe
                                                            • Instruction Fuzzy Hash: 5531E534B48240CFD3159A14C909B2D3B66AB8131AF2984FEE0298F6C3CB759802CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AE788 Relevance: .1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6778700d12429e2b8489ba0956e1d4803d25616987bec5ce5763f67fa1774020
                                                            • Instruction ID: d00e7f2e4ca71889c15d794db394c9418d30e00b6f69b47beb82a8a2c54538ed
                                                            • Opcode Fuzzy Hash: 6778700d12429e2b8489ba0956e1d4803d25616987bec5ce5763f67fa1774020
                                                            • Instruction Fuzzy Hash: 32318C74E14516CFDB54EF69C8402BEB7B6FB85226F44862AE626D3280D234D950CBE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A3436 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 362ae4e02142e5c5a6b8dcc2407ebf9d709232c4106270ffe27ede2dd548d747
                                                            • Instruction ID: 7fc731c5b9a6e201c8ef99d7368cade9c90db2f3714672ec3511757c1777c088
                                                            • Opcode Fuzzy Hash: 362ae4e02142e5c5a6b8dcc2407ebf9d709232c4106270ffe27ede2dd548d747
                                                            • Instruction Fuzzy Hash: C031BF75901211CAD711AF19C40077AFBE6EB40707F18866FE9698B386D336D941FBD2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AB4D8 Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f0969bcdd1af261c45db18da2c915fd64094284f0e44f750ffe26cb4e443fe2
                                                            • Instruction ID: 433369d2a1bb6494dcf6c6f6d9c0a7d49903da83e74d40bc2452aac8611496a1
                                                            • Opcode Fuzzy Hash: 7f0969bcdd1af261c45db18da2c915fd64094284f0e44f750ffe26cb4e443fe2
                                                            • Instruction Fuzzy Hash: 8A21F231A043904FD702EB7C9C506AF7FB6AFC6220B0585AAD865CB352EF30980987A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F4D43C Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1389500469.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_f4d000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e5efc30a154b98a09d75ecd2c32ad1be566f0a4b404c88f01e0279b84de1d97e
                                                            • Instruction ID: 331c2bcd914e0fba82ada10728aa19dc245199a2de9f0f8b8c82cc91e5192c49
                                                            • Opcode Fuzzy Hash: e5efc30a154b98a09d75ecd2c32ad1be566f0a4b404c88f01e0279b84de1d97e
                                                            • Instruction Fuzzy Hash: F1210372900204EFDB15DF10D9C0B16BF65FB98324F24C569EC094B266C336E856EAA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F5D1B4 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1389588215.0000000000F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_f5d000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e0121d73a6637c79f1207e92ba4f6bcfec28e0b98733e5fa2e109183328935e
                                                            • Instruction ID: 5f026643db4d6bdbb3818054bc58bcd14de4323ce9ff7239472fbdb1efff7393
                                                            • Opcode Fuzzy Hash: 2e0121d73a6637c79f1207e92ba4f6bcfec28e0b98733e5fa2e109183328935e
                                                            • Instruction Fuzzy Hash: 91210471905304DFDB25DF10D9C0F26BB65FB84325F20C5ADEE094B252C33AD84AEA62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F5D36C Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1389588215.0000000000F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_f5d000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa472b61fd16f7f2c7f08ba79d736ea3e566996fff1864b62d52ddc83c02658c
                                                            • Instruction ID: f1264f938a7b5fbc9e399fb8b023c59098b2a3f706031bbc6fd00a643e104f6c
                                                            • Opcode Fuzzy Hash: fa472b61fd16f7f2c7f08ba79d736ea3e566996fff1864b62d52ddc83c02658c
                                                            • Instruction Fuzzy Hash: 37214672901304DFDB24DF10D4C0B16BB65FB88325F20C56DEE094B292C37AE84AEB62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AB6BC Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b24bc460e66cde930f4cd312037ed81dfcd6a073ce8f2d7dcacf3a5dc7ef8656
                                                            • Instruction ID: 95d25f7f62545bd04442014349e8e75174d0dc3088996a9ee312248833c78674
                                                            • Opcode Fuzzy Hash: b24bc460e66cde930f4cd312037ed81dfcd6a073ce8f2d7dcacf3a5dc7ef8656
                                                            • Instruction Fuzzy Hash: B431F2B4D01318DFDB20DF99C589BCDBFF4AB48325F24806AE408AB650C7B95885CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A3B3C Relevance: .1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ad6d424a9c9b2473796e9874d5a842ee8f75c69106c1913271cac2b9a94dc909
                                                            • Instruction ID: 7be9ade25a7ce1d481c328d834e45d6f1a1bba06ced3b8f78bab2aefe0ab7a34
                                                            • Opcode Fuzzy Hash: ad6d424a9c9b2473796e9874d5a842ee8f75c69106c1913271cac2b9a94dc909
                                                            • Instruction Fuzzy Hash: F831E0B0D013189FDB20DF99C588B9EBFF4AB48325F248059E408BB650C7B95845CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A0D28 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0690f367ce11737a8085e923d53a06e9051ee27e7d7a977d554496c9facd8b56
                                                            • Instruction ID: 6cfdcff3e9085f57a9ba1b233da23c79c9cde0e220bcf37f2f579304ef618c3b
                                                            • Opcode Fuzzy Hash: 0690f367ce11737a8085e923d53a06e9051ee27e7d7a977d554496c9facd8b56
                                                            • Instruction Fuzzy Hash: 8A11EB33A58B10CBDB14DE68D4513BEB7A5FB55326F14463FD87AC7690C228F5408791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A3ACC Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 583c36c1df8b004838aba8aebbe1d74ce38da3f97305f03cde62167c871aa554
                                                            • Instruction ID: 1221f640b68333e3584c2ff3a106f2365ddbba5f28d291ba68957612dbddca8d
                                                            • Opcode Fuzzy Hash: 583c36c1df8b004838aba8aebbe1d74ce38da3f97305f03cde62167c871aa554
                                                            • Instruction Fuzzy Hash: 4D116A31B002198FCB14FBB998516EEBAB6BFC8311B60406AC516F7344EB369D05CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A9058 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 87bcf8718533507497067e8aff432ca288c60885b395c0e1f4c88613802566c4
                                                            • Instruction ID: a97c68989a792f162ff7fd9506b3d26cdcfa71ae63e51372dd64ca7e133b3c96
                                                            • Opcode Fuzzy Hash: 87bcf8718533507497067e8aff432ca288c60885b395c0e1f4c88613802566c4
                                                            • Instruction Fuzzy Hash: 1A219FB4A10908DFC744DF5AE085999BFF1FF88310F5280D9E8489B265DB31A9A4CB01
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AD906 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa14199f2f133b0368452af2a2ad062868a7e5e06605313692d900680ff7133f
                                                            • Instruction ID: a4ceab2ebfe99671c464dfac27e64b9d503ae8e4d702c42a799e77a69bdff10d
                                                            • Opcode Fuzzy Hash: fa14199f2f133b0368452af2a2ad062868a7e5e06605313692d900680ff7133f
                                                            • Instruction Fuzzy Hash: DF11E125B09105CEE7016B7ED8443BEB3A2BBC8313F148936E166D6BD5D738C98182D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AB44C Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 45ab6dad80e9eaa2adc6a73e1709f08a5e65202bc494b737e89d70e7d9daf0b6
                                                            • Instruction ID: 296981b551893993f7befcf31c0c0a7da6578ab5508af18002894b5974f8a2e2
                                                            • Opcode Fuzzy Hash: 45ab6dad80e9eaa2adc6a73e1709f08a5e65202bc494b737e89d70e7d9daf0b6
                                                            • Instruction Fuzzy Hash: D121FFB5D003499FCB20DF9AD884BDEBBF4EB48324F10841AE919A7210C379A954CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F4D437 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1389500469.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_f4d000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1166f709330a6c50fb0ccab333658baa4cf0de4601631cd9e1789cef95a599a7
                                                            • Instruction ID: 483ae3be06475384dc7218a3144212daf623a48eeef072a558862086ce997e0d
                                                            • Opcode Fuzzy Hash: 1166f709330a6c50fb0ccab333658baa4cf0de4601631cd9e1789cef95a599a7
                                                            • Instruction Fuzzy Hash: FD11E676904240DFCB16CF10D5C4B16BF72FB94324F28C6A9DC494B666C336D856DBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F5D367 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1389588215.0000000000F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_f5d000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction ID: 3912d9287c878a1db539b1cf573eeef6ccccc19495c460d117a7490686c065e3
                                                            • Opcode Fuzzy Hash: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction Fuzzy Hash: 8B118B75904280DFCB15CF14D5C4B15BFA1FB88328F24C6A9DD494B656C33AE84ADB62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F5D1AF Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1389588215.0000000000F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_f5d000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction ID: 1fe7af1767affae90f2e8152064385b21897fce78de8ae5ba38e3166aa5a0b53
                                                            • Opcode Fuzzy Hash: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction Fuzzy Hash: 4211BB75904280CFCB15CF10C9C0B15BBA1FB84324F24C6A9DD494B256C33AD80ADBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A0E59 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b3a28efa1d728bd394318c5491eaf559d24e57a077dcf9a80f74257cba7cee0f
                                                            • Instruction ID: 760771490619780e08f688be734bbf956d4bcda7c6d583cbcf21d2932ee190de
                                                            • Opcode Fuzzy Hash: b3a28efa1d728bd394318c5491eaf559d24e57a077dcf9a80f74257cba7cee0f
                                                            • Instruction Fuzzy Hash: 06112575A00614DFDB40ABA4E8067AD7BB1FB48312F00846AE916E7385EB705A40CFD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AB474 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e115f21574ae9a6c173f79feeb2e131d1e0c9514fa886f3a092b133e7a3aa473
                                                            • Instruction ID: 5f87a4d36231ab2ac0fd8d569409d2ba0763ef11cc9fccc0bb7ebbb2f8b24899
                                                            • Opcode Fuzzy Hash: e115f21574ae9a6c173f79feeb2e131d1e0c9514fa886f3a092b133e7a3aa473
                                                            • Instruction Fuzzy Hash: EF01DF74B002199B8B14FA6D89848BFBBF9EFC4255B20883AE919D7300DB30DD0587E2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089ABF21 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6d6e43a815dbba2ed3b93c1b08761bbe8fe8f7006b45cf4e3099ce1e7f5399b2
                                                            • Instruction ID: f717c65dda4ef520ad332ce093d715ad5e163f5597861dad4df08da8a9fcf543
                                                            • Opcode Fuzzy Hash: 6d6e43a815dbba2ed3b93c1b08761bbe8fe8f7006b45cf4e3099ce1e7f5399b2
                                                            • Instruction Fuzzy Hash: A7115E72D1074B9ACB01EFE9C8411EDFBB0FE99320B15865BD698B7101E730A6D5CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AB7CD Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d84e4e7d02601848349a363717f448bc59a4d81bff4c2fcd8d3038fad9fb4b5b
                                                            • Instruction ID: 0f59dd347b6fed277060a401a7b15ae3ba69b766fc40c3986e5554a0f4737a39
                                                            • Opcode Fuzzy Hash: d84e4e7d02601848349a363717f448bc59a4d81bff4c2fcd8d3038fad9fb4b5b
                                                            • Instruction Fuzzy Hash: 1A11F771901209DFDB25DF9EC4887DEBFB5BB88325F24C169E818AB290C7708985CB94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F4D745 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1389500469.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_f4d000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 729e20ab82b873c6892cf811550bd953696dd51af7976a5b0abf2f5b9daa6775
                                                            • Instruction ID: e7e74a5d4c3f39bb332dc121440c1478490a919c9ea3e9d500e732b5d899d462
                                                            • Opcode Fuzzy Hash: 729e20ab82b873c6892cf811550bd953696dd51af7976a5b0abf2f5b9daa6775
                                                            • Instruction Fuzzy Hash: B401D6324047449FF7249F25CD88B66BFA8EF41374F18C55AED094A282D3799841DAB6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AB7D8 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e986f6bf0a6b9f8feaec0212ff3d1747a307a05028fc2fb222100d39373790bb
                                                            • Instruction ID: ec9d3989f4f0d54fb824b7a2eeee6d2fe2dbbbd62dad0c0ccd44b3ef5b0da700
                                                            • Opcode Fuzzy Hash: e986f6bf0a6b9f8feaec0212ff3d1747a307a05028fc2fb222100d39373790bb
                                                            • Instruction Fuzzy Hash: 5C01D771901208DFDB14DF9EC48879EBEF5BB88365F25C169E828AB290C7748984CB94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A7078 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 280682bc69acab5039a58252d0ca7d5da11e26c10a9fee56d6cc58c043d0524a
                                                            • Instruction ID: df6c73cc0ddf11f67ec3d463ac24b0e44f2635a6b5f1675ac7b9f2a752c91d5f
                                                            • Opcode Fuzzy Hash: 280682bc69acab5039a58252d0ca7d5da11e26c10a9fee56d6cc58c043d0524a
                                                            • Instruction Fuzzy Hash: 23014F75A002449FDB45DBB8C49499DBFF1EF4A320F15C1D9E8449B3A2CA31A941DF41
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089ACB08 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6a04f74d09785b75a6ac02e470f1c4f561100282a13a4967f6aae2f4fb017cc3
                                                            • Instruction ID: 2ef65078643cbd76aeb110f00456875754acc6b1de8ca4b5009f40432882e030
                                                            • Opcode Fuzzy Hash: 6a04f74d09785b75a6ac02e470f1c4f561100282a13a4967f6aae2f4fb017cc3
                                                            • Instruction Fuzzy Hash: F3F0E932604248AFDF05EF58EC4189E7FFAEF85225B0480BBE108DB321DA319941C791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F4D744 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1389500469.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_f4d000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 301c7cc224a802356e57f6e0a1d9242bbbc2834a0929afb8f3ce19b0f5c563af
                                                            • Instruction ID: 273c20048ea6e691845a9b4eccf8ae4694d1e8c872c3663ac0f74ecaa111cd1f
                                                            • Opcode Fuzzy Hash: 301c7cc224a802356e57f6e0a1d9242bbbc2834a0929afb8f3ce19b0f5c563af
                                                            • Instruction Fuzzy Hash: 0EF096714053449EE7248E15CCC8B66FFD8EB51774F18C45AED084F286C2799C45CBB1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A7088 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3f4aeb28fc44f0a22fec6a283ee867f033e5ec6cbce4703e1cf1828b0f283c2b
                                                            • Instruction ID: cf167f388979e57f5ca426af5676468d1f2e737ded6b48380fe015e380e3eee5
                                                            • Opcode Fuzzy Hash: 3f4aeb28fc44f0a22fec6a283ee867f033e5ec6cbce4703e1cf1828b0f283c2b
                                                            • Instruction Fuzzy Hash: 0601C975E00208AFDB04DFA9C585A9DBFF5EF48300F15C099E94897361DA30EA40CF40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089ADB10 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 178851eb2e2472ed1fed7258b2e7a32484161c2f248e78ba8b645438c5fbb398
                                                            • Instruction ID: 2fa42ba08a893170ca65d7db4bd821643b38a6360984f29e7b182e6b84299a0b
                                                            • Opcode Fuzzy Hash: 178851eb2e2472ed1fed7258b2e7a32484161c2f248e78ba8b645438c5fbb398
                                                            • Instruction Fuzzy Hash: 07F0DAB0D0430A9FDB44DFA9C841AAEBBF4AB48314F1049A9D518E7700D77096408BD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089ADB01 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7cb25638b979e59b53ec87503ae2dd8bae788160b7b423bb75f3a3ec057b45c4
                                                            • Instruction ID: f9129f4e1217e74e242bb11df796d6886aae596de88812fb461e801c409dc526
                                                            • Opcode Fuzzy Hash: 7cb25638b979e59b53ec87503ae2dd8bae788160b7b423bb75f3a3ec057b45c4
                                                            • Instruction Fuzzy Hash: 4AF06DB0A043869FDB14CFA8C441AAEBFF0AF89325F0045AEE510DB252D7709141CBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089ADAA8 Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 446c9b0a75c3d1a6842008fee99d53a035a1b680d0af7691de57e0da913bd1a5
                                                            • Instruction ID: 1e0bd2479b41f87971af433a99e3939e8117ab7b5fe4398f862667e0e5eb2286
                                                            • Opcode Fuzzy Hash: 446c9b0a75c3d1a6842008fee99d53a035a1b680d0af7691de57e0da913bd1a5
                                                            • Instruction Fuzzy Hash: 86F0EDB1A442569FC700DF6CD4089AEBFB0AF4A236F2485BED195DB662CB310002CF80
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A6757 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 75af5c0d39c1dfe2a1d4b42fc4f77a004913948d5f91fb458044c97ef2ad1a9b
                                                            • Instruction ID: 954383b5dc42b483c7bc0e42068f340a0f1e2287f85c21bd1ec75e712ee7215c
                                                            • Opcode Fuzzy Hash: 75af5c0d39c1dfe2a1d4b42fc4f77a004913948d5f91fb458044c97ef2ad1a9b
                                                            • Instruction Fuzzy Hash: 1BE0E578A152598FDB50DF98C58089DBBB1FF89350F269095E415AB269D730EA80CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A3C58 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 42a633765d495cd779306f96dca8bcab4455777cfdce227e6525dba1b7343700
                                                            • Instruction ID: 2533ddaeaad940787ead27cb5cfafb54a60bbbfa0ffb10b7a64cf69147930c8d
                                                            • Opcode Fuzzy Hash: 42a633765d495cd779306f96dca8bcab4455777cfdce227e6525dba1b7343700
                                                            • Instruction Fuzzy Hash: DFE0C2205AA3C05FC3529B709D09796BF70EF03106B0808DBD88883452D7300490C7DA
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A609C Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8a37da36d6ca202676a09ed0274c15ca90a5466b2cea8a6cfe3f861b43aa4ce1
                                                            • Instruction ID: 3959c2406b2b97fe049f4b2d3686a9ea50aae6362f3826526aad186a4f34c800
                                                            • Opcode Fuzzy Hash: 8a37da36d6ca202676a09ed0274c15ca90a5466b2cea8a6cfe3f861b43aa4ce1
                                                            • Instruction Fuzzy Hash: C0E04670616354CFC758EFA0C0818987F72FF88356B22189AE403ABA64CB35E881CF40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A6024 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 089f1397e5a8c11a3cb8c1fd2d7874463e2ffeff45ac8aa8f79bc6029146211e
                                                            • Instruction ID: 3ff345561791f2c2b7420bcb20505d65a367920ec43704047b33ad1d9bed8627
                                                            • Opcode Fuzzy Hash: 089f1397e5a8c11a3cb8c1fd2d7874463e2ffeff45ac8aa8f79bc6029146211e
                                                            • Instruction Fuzzy Hash: 94E08C30611314CFCB94DFA0C445589BF70FF84341B1000A6E816DF668C7369981CF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A1A88 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 235d8e40b73cecbb20bbf21c0eaf9db379120f2486f18882e4eda91816e828e7
                                                            • Instruction ID: 66df96896d72d0b260ce3c9d5227a03ec131071396b6ff467eb41726df6e4bff
                                                            • Opcode Fuzzy Hash: 235d8e40b73cecbb20bbf21c0eaf9db379120f2486f18882e4eda91816e828e7
                                                            • Instruction Fuzzy Hash: AAE01220218240CBDB119F54D4217253BB8BB85605F48409EE4438B2D1DB785601C756
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A6563 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5b6b38fd3eeefc77d2823ce4239d89fb4d150f5280c063defcbb27f6de263a69
                                                            • Instruction ID: 482b3eeb00769874f7d8a7bdcb384529c6064d3a5bd0cdcef1241628a2a1f133
                                                            • Opcode Fuzzy Hash: 5b6b38fd3eeefc77d2823ce4239d89fb4d150f5280c063defcbb27f6de263a69
                                                            • Instruction Fuzzy Hash: 4DE0E5B0C6226CCFCB29DF65CA847DDBBB0AB18312F1408C9C18677254E6315AA4CF48
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089AAFF8 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c60813c788b061ec48d79d1a369b7955a15a17e348e5059f65f0c797c281a725
                                                            • Instruction ID: 00aef4aa0c8a09c6ef6a6a1edf3c21d86e6e468e2f799c578277bad9196cd4e2
                                                            • Opcode Fuzzy Hash: c60813c788b061ec48d79d1a369b7955a15a17e348e5059f65f0c797c281a725
                                                            • Instruction Fuzzy Hash: 24D01235009641AED3029751CCC1D58BF34FF0A30431585D2D5944A473D222A479D772
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A42D5 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1f77a220988ed21f0c92380784e435a77df50f89126a694dcd6ff6f5609a3508
                                                            • Instruction ID: a2c62e75c1ec0364495e789eeed3704db80dff8419930af7f82a60bdc964959d
                                                            • Opcode Fuzzy Hash: 1f77a220988ed21f0c92380784e435a77df50f89126a694dcd6ff6f5609a3508
                                                            • Instruction Fuzzy Hash: 96D012309121198BCB94DF24DC80B9CBBB6AB84200F10D595D40993224DB705A858F44
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 089A33F8 Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 235075172d77c522e5082e29901d7a7e2ea07cc079f6545861226dc7720723cd
                                                            • Instruction ID: d23a5d55386d35ae6330eff5312897ba8235a550443548b8f3c02cfe029dacee
                                                            • Opcode Fuzzy Hash: 235075172d77c522e5082e29901d7a7e2ea07cc079f6545861226dc7720723cd
                                                            • Instruction Fuzzy Hash: 2BD022341043848FE342836068143553F38BB89200FD0019EE882433A2DD3C0141CF03
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 089AE1B8 Relevance: 5.3, Strings: 4, Instructions: 259COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000A.00000002.1401200465.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_10_2_89a0000_wpvgIECypA.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: T+-q$[V~*$[V~*$]\`
                                                            • API String ID: 0-1849991408
                                                            • Opcode ID: 82b405f4c6bf413a322e5df0db3f08b6bac7654f04cd04b8e837348869bb1f8a
                                                            • Instruction ID: e2f4abb457d33eb5302e97803327d12324d43ac5773e81a5b9902ca368381e8b
                                                            • Opcode Fuzzy Hash: 82b405f4c6bf413a322e5df0db3f08b6bac7654f04cd04b8e837348869bb1f8a
                                                            • Instruction Fuzzy Hash: 61B1F874E152199FCB04DFAAD98099EFBF2FF89300F14D92AD819BB254D730A9018F54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:11.1%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:201
                                                            Total number of Limit Nodes:20
                                                            execution_graph 39673 63d29f8 39674 63d2a60 CreateWindowExW 39673->39674 39676 63d2b1c 39674->39676 39676->39676 39690 63d8028 39691 63d8033 39690->39691 39693 63d8043 39691->39693 39694 63d746c 39691->39694 39695 63d8078 OleInitialize 39694->39695 39696 63d80dc 39695->39696 39696->39693 39697 63d65e8 DuplicateHandle 39698 63d667e 39697->39698 39908 63d9f88 39910 63d9fcc SetWindowsHookExA 39908->39910 39911 63da012 39910->39911 39677 10e1188 39679 10e11a4 39677->39679 39678 10e12ae 39679->39678 39680 63efa60 GlobalMemoryStatusEx GlobalMemoryStatusEx 39679->39680 39681 63efa50 GlobalMemoryStatusEx GlobalMemoryStatusEx 39679->39681 39680->39679 39681->39679 39904 2978170 39905 29781b6 DeleteFileW 39904->39905 39907 29781ef 39905->39907 39912 63d194a 39914 63d1950 GetModuleHandleW 39912->39914 39915 63d19c5 39914->39915 39682 63d7b70 39683 63d7b78 39682->39683 39685 63d7b9b 39683->39685 39686 63d7234 39683->39686 39687 63d7bb0 KiUserCallbackDispatcher 39686->39687 39689 63d7c1e 39687->39689 39689->39683 39699 dad044 39700 dad05c 39699->39700 39701 dad0b6 39700->39701 39707 63d2cdd 39700->39707 39711 63d2ba2 39700->39711 39717 63d2bb0 39700->39717 39723 63d0a34 39700->39723 39727 63d0a44 39700->39727 39708 63d2ce0 39707->39708 39735 63d0a6c 39708->39735 39710 63d2ce7 39710->39701 39712 63d2bd6 39711->39712 39713 63d0a34 GetModuleHandleW 39712->39713 39714 63d2be2 39713->39714 39715 63d0a44 2 API calls 39714->39715 39716 63d2bf7 39715->39716 39716->39701 39718 63d2bd6 39717->39718 39719 63d0a34 GetModuleHandleW 39718->39719 39720 63d2be2 39719->39720 39721 63d0a44 2 API calls 39720->39721 39722 63d2bf7 39721->39722 39722->39701 39724 63d0a3f 39723->39724 39725 63d0a6c GetModuleHandleW 39724->39725 39726 63d2ce7 39725->39726 39726->39701 39728 63d0a4f 39727->39728 39729 63d7651 39728->39729 39731 63d7641 39728->39731 39755 63d71e0 39729->39755 39743 63d7778 39731->39743 39749 63d7768 39731->39749 39732 63d764f 39732->39732 39736 63d0a77 39735->39736 39738 63d2db7 39736->39738 39739 63d0910 39736->39739 39740 63d1950 GetModuleHandleW 39739->39740 39742 63d19c5 39740->39742 39742->39738 39745 63d7786 39743->39745 39744 63d71e0 2 API calls 39744->39745 39745->39744 39746 63d7862 39745->39746 39762 63d7c40 39745->39762 39767 63d7c50 39745->39767 39746->39732 39751 63d7786 39749->39751 39750 63d71e0 2 API calls 39750->39751 39751->39750 39752 63d7862 39751->39752 39753 63d7c50 OleGetClipboard 39751->39753 39754 63d7c40 OleGetClipboard 39751->39754 39752->39732 39753->39751 39754->39751 39756 63d71eb 39755->39756 39757 63d78ba 39756->39757 39758 63d7964 39756->39758 39760 63d7912 CallWindowProcW 39757->39760 39761 63d78c1 39757->39761 39759 63d0a44 OleGetClipboard 39758->39759 39759->39761 39760->39761 39761->39732 39764 63d7c46 39762->39764 39763 63d7c36 39763->39745 39764->39763 39772 63d7e08 39764->39772 39778 63d7df7 39764->39778 39768 63d7c6f 39767->39768 39769 63d7d38 39768->39769 39770 63d7e08 OleGetClipboard 39768->39770 39771 63d7df7 OleGetClipboard 39768->39771 39769->39745 39770->39768 39771->39768 39774 63d7e10 39772->39774 39773 63d7e24 39773->39764 39774->39773 39784 63d7e41 39774->39784 39795 63d7e50 39774->39795 39775 63d7e39 39775->39764 39780 63d7e02 39778->39780 39779 63d7e24 39779->39764 39780->39779 39782 63d7e41 OleGetClipboard 39780->39782 39783 63d7e50 OleGetClipboard 39780->39783 39781 63d7e39 39781->39764 39782->39781 39783->39781 39785 63d7e4a 39784->39785 39786 63d7e7d 39785->39786 39789 63d7ec1 39785->39789 39791 63d7e41 OleGetClipboard 39786->39791 39792 63d7e50 OleGetClipboard 39786->39792 39787 63d7e83 39787->39775 39788 63d7f5f 39788->39775 39790 63d7f4b 39789->39790 39806 63d8108 39789->39806 39810 63d8118 39789->39810 39790->39775 39791->39787 39792->39787 39796 63d7e62 39795->39796 39797 63d7e7d 39796->39797 39800 63d7ec1 39796->39800 39802 63d7e41 OleGetClipboard 39797->39802 39803 63d7e50 OleGetClipboard 39797->39803 39798 63d7e83 39798->39775 39799 63d7f5f 39799->39775 39801 63d7f4b 39800->39801 39804 63d8118 OleGetClipboard 39800->39804 39805 63d8108 OleGetClipboard 39800->39805 39801->39775 39802->39798 39803->39798 39804->39799 39805->39799 39808 63d812d 39806->39808 39809 63d8153 39808->39809 39814 63d7580 39808->39814 39809->39788 39812 63d812d 39810->39812 39811 63d7580 OleGetClipboard 39811->39812 39812->39811 39813 63d8153 39812->39813 39813->39788 39815 63d81c0 OleGetClipboard 39814->39815 39817 63d825a 39815->39817 39818 2970848 39820 297084e 39818->39820 39819 297091b 39820->39819 39823 2971392 39820->39823 39830 29714ba 39820->39830 39825 2971395 39823->39825 39824 29714b0 39824->39820 39825->39824 39829 29714ba 3 API calls 39825->39829 39837 297fb12 39825->39837 39841 297fb20 39825->39841 39845 2978348 39825->39845 39829->39825 39831 29713a6 39830->39831 39831->39830 39832 29714b0 39831->39832 39833 297fb12 GetModuleHandleW 39831->39833 39834 297fb20 GetModuleHandleW 39831->39834 39835 29714ba 3 API calls 39831->39835 39836 2978348 2 API calls 39831->39836 39832->39820 39833->39831 39834->39831 39835->39831 39836->39831 39838 297fb32 39837->39838 39839 297fba9 39838->39839 39850 297f71c 39838->39850 39839->39825 39842 297fb32 39841->39842 39843 297f71c GetModuleHandleW 39842->39843 39844 297fba9 39842->39844 39843->39844 39844->39825 39846 2978352 39845->39846 39847 297836c 39846->39847 39895 63efa60 39846->39895 39899 63efa50 39846->39899 39847->39825 39851 297f727 39850->39851 39855 63d0f18 39851->39855 39862 63d0f03 39851->39862 39852 297fd8a 39852->39839 39856 63d0f43 39855->39856 39869 63d1491 39856->39869 39874 63d14a0 39856->39874 39857 63d0fc6 39858 63d0910 GetModuleHandleW 39857->39858 39859 63d0ff2 39857->39859 39858->39859 39863 63d0f43 39862->39863 39867 63d1491 GetModuleHandleW 39863->39867 39868 63d14a0 GetModuleHandleW 39863->39868 39864 63d0fc6 39865 63d0910 GetModuleHandleW 39864->39865 39866 63d0ff2 39864->39866 39865->39866 39867->39864 39868->39864 39870 63d14a0 39869->39870 39871 63d154e 39870->39871 39879 63d166f 39870->39879 39887 63d1703 39870->39887 39875 63d14cd 39874->39875 39876 63d154e 39875->39876 39877 63d166f GetModuleHandleW 39875->39877 39878 63d1703 GetModuleHandleW 39875->39878 39877->39876 39878->39876 39880 63d167a 39879->39880 39881 63d0910 GetModuleHandleW 39880->39881 39882 63d179a 39881->39882 39883 63d0910 GetModuleHandleW 39882->39883 39886 63d1814 39882->39886 39884 63d17e8 39883->39884 39885 63d0910 GetModuleHandleW 39884->39885 39884->39886 39885->39886 39886->39871 39888 63d172f 39887->39888 39889 63d0910 GetModuleHandleW 39888->39889 39890 63d179a 39889->39890 39891 63d0910 GetModuleHandleW 39890->39891 39894 63d1814 39890->39894 39892 63d17e8 39891->39892 39893 63d0910 GetModuleHandleW 39892->39893 39892->39894 39893->39894 39894->39871 39897 63efa75 39895->39897 39896 63efc8a 39896->39847 39897->39896 39898 63efca0 GlobalMemoryStatusEx GlobalMemoryStatusEx 39897->39898 39898->39897 39901 63ef993 39899->39901 39902 63efa5f 39899->39902 39900 63efc8a 39900->39847 39901->39847 39902->39900 39903 63efca0 GlobalMemoryStatusEx GlobalMemoryStatusEx 39902->39903 39903->39902

                                                            Executed Functions

                                                            Function 063E55D8 Relevance: 1.8, Strings: 1, Instructions: 593COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 697 63e55d8-63e55f5 698 63e55f7-63e55fa 697->698 699 63e55fc-63e560c 698->699 700 63e5611-63e5614 698->700 699->700 701 63e5616-63e5624 700->701 702 63e5633-63e5636 700->702 706 63e562b-63e562e 701->706 703 63e5638-63e563c 702->703 704 63e5647-63e564a 702->704 707 63e5794-63e57a1 703->707 708 63e5642 703->708 709 63e564c-63e564f 704->709 710 63e5656-63e5659 704->710 706->702 708->704 709->701 711 63e5651 709->711 712 63e565b-63e566d 710->712 713 63e5672-63e5675 710->713 711->710 712->713 714 63e569b-63e569e 713->714 715 63e5677-63e5696 713->715 714->709 716 63e56a0-63e56a3 714->716 715->714 719 63e56a5-63e56ab 716->719 720 63e56b2-63e56b5 716->720 721 63e56ad 719->721 722 63e5714-63e5715 719->722 723 63e56cd-63e56d0 720->723 724 63e56b7-63e56c8 720->724 721->720 726 63e571a-63e571d 722->726 727 63e56ed-63e56f0 723->727 728 63e56d2-63e56e8 723->728 724->723 731 63e571f-63e5725 726->731 732 63e574c-63e574f 726->732 729 63e56f2-63e56f5 727->729 730 63e5760-63e5766 727->730 728->727 735 63e56f7-63e56fd 729->735 736 63e5702-63e5705 729->736 730->731 734 63e5768 730->734 737 63e5727-63e5732 731->737 738 63e57a2-63e57cb 731->738 739 63e575b-63e575e 732->739 740 63e5751-63e575a 732->740 742 63e576d-63e5770 734->742 735->736 743 63e570f-63e5712 736->743 744 63e5707-63e570c 736->744 737->738 745 63e5734-63e5741 737->745 754 63e57d5-63e57d8 738->754 739->730 739->742 746 63e5778-63e577b 742->746 747 63e5772-63e5773 742->747 743->722 743->726 744->743 745->738 748 63e5743-63e5747 745->748 750 63e577d-63e577f 746->750 751 63e5782-63e5784 746->751 747->746 748->732 750->751 752 63e578b-63e578e 751->752 753 63e5786 751->753 752->698 752->707 753->752 755 63e57fa-63e57fd 754->755 756 63e57da-63e57de 754->756 757 63e57ff-63e5806 755->757 758 63e5811-63e5814 755->758 759 63e58c6-63e5904 756->759 760 63e57e4-63e57ec 756->760 762 63e58be-63e58c5 757->762 763 63e580c 757->763 764 63e582c-63e582f 758->764 765 63e5816-63e5827 758->765 769 63e5906-63e5909 759->769 760->759 761 63e57f2-63e57f5 760->761 761->755 763->758 767 63e5851-63e5854 764->767 768 63e5831-63e5835 764->768 765->764 772 63e5856-63e5860 767->772 773 63e5865-63e5868 767->773 768->759 771 63e583b-63e5843 768->771 776 63e590b-63e5912 769->776 777 63e5917-63e591a 769->777 771->759 778 63e5849-63e584c 771->778 772->773 774 63e586a-63e5871 773->774 775 63e5872-63e5875 773->775 779 63e588f-63e5892 775->779 780 63e5877-63e587b 775->780 776->777 781 63e591c-63e592f 777->781 782 63e5932-63e5935 777->782 778->767 785 63e58ac-63e58ae 779->785 786 63e5894-63e5898 779->786 780->759 784 63e587d-63e5885 780->784 787 63e59db-63e5b6f 782->787 788 63e593b-63e593e 782->788 784->759 789 63e5887-63e588a 784->789 794 63e58b5-63e58b8 785->794 795 63e58b0 785->795 786->759 791 63e589a-63e58a2 786->791 846 63e5ca5-63e5cb8 787->846 847 63e5b75-63e5b7c 787->847 792 63e5948-63e594b 788->792 793 63e5940-63e5945 788->793 789->779 791->759 797 63e58a4-63e58a7 791->797 798 63e594d-63e595e 792->798 799 63e5965-63e5968 792->799 793->792 794->754 794->762 795->794 797->785 806 63e5998-63e59a9 798->806 808 63e5960 798->808 800 63e596a-63e5971 799->800 801 63e5976-63e5979 799->801 800->801 802 63e597b-63e598c 801->802 803 63e5993-63e5996 801->803 802->781 812 63e598e 802->812 803->806 807 63e59b0-63e59b3 803->807 806->800 817 63e59ab 806->817 807->787 811 63e59b5-63e59b8 807->811 808->799 814 63e59ba-63e59cb 811->814 815 63e59d2-63e59d5 811->815 812->803 814->800 822 63e59cd 814->822 815->787 816 63e5cbb-63e5cbe 815->816 819 63e5cdc-63e5cde 816->819 820 63e5cc0-63e5cd1 816->820 817->807 823 63e5ce5-63e5ce8 819->823 824 63e5ce0 819->824 820->800 828 63e5cd7 820->828 822->815 823->769 827 63e5cee-63e5cf7 823->827 824->823 828->819 848 63e5b82-63e5ba5 847->848 849 63e5c30-63e5c37 847->849 858 63e5bad-63e5bb5 848->858 849->846 850 63e5c39-63e5c6c 849->850 862 63e5c6e 850->862 863 63e5c71-63e5c9e 850->863 860 63e5bba-63e5bfb 858->860 861 63e5bb7 858->861 871 63e5bfd-63e5c0e 860->871 872 63e5c13-63e5c24 860->872 861->860 862->863 863->827 871->827 872->827
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $
                                                            • API String ID: 0-3993045852
                                                            • Opcode ID: b37d1816c3391d4cf4f22781af9bea362074ca58f34353a6dd5bcc61b521a7f7
                                                            • Instruction ID: 5ef1de408f69b1dc5edf139c9a8bebb3c16c2ca625100bf7f570de0000517108
                                                            • Opcode Fuzzy Hash: b37d1816c3391d4cf4f22781af9bea362074ca58f34353a6dd5bcc61b521a7f7
                                                            • Instruction Fuzzy Hash: EB22B231F102288FDF64DB68C5806AEBBB2FF84324F248469D545AB385DA36DD45CBE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E274A Relevance: 1.0, Instructions: 1024COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2a513787bbeb3207014006d22b8ac68cd2d6868637d39d4f7c6574d563a8dddd
                                                            • Instruction ID: 4f4a4ecbf1f8172f50d66e1a6219065a6f1c7e42d286b6337fa8aa1e9981cfa7
                                                            • Opcode Fuzzy Hash: 2a513787bbeb3207014006d22b8ac68cd2d6868637d39d4f7c6574d563a8dddd
                                                            • Instruction Fuzzy Hash: FB922634E002248FDBA4DB68C584B9EB7F6EF44314F5484AAD409AB391DB35ED85CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E6610 Relevance: .8, Instructions: 817COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 336c13eafb7ddad4eb5ce8e81532b662bceee637c0a119b406da34bc5a367987
                                                            • Instruction ID: f856fa6f43740905d8aa39e27eac241216dec455c58f6c193315779419e22bff
                                                            • Opcode Fuzzy Hash: 336c13eafb7ddad4eb5ce8e81532b662bceee637c0a119b406da34bc5a367987
                                                            • Instruction Fuzzy Hash: D162BD34F002148FDB64DB68D591BAEB7B2EF85310F248469E406EB390DB35ED45CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EC1A0 Relevance: .6, Instructions: 638COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e94d3fb4887e7ffcf1642afcc056c67cb96e24bf9bbe8275edf192983164a078
                                                            • Instruction ID: 0c6c7e39b56b5b291724c705e5278d2db4abe14388df09c686d752aedee68582
                                                            • Opcode Fuzzy Hash: e94d3fb4887e7ffcf1642afcc056c67cb96e24bf9bbe8275edf192983164a078
                                                            • Instruction Fuzzy Hash: E632C030F102158FDB65DB68D990BAEB7B2FB88314F109529E415EB785DB34EC46CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EB424 Relevance: .6, Instructions: 557COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b87619e54034bc193a849cb801740163e0327d4ba4f2d43c4f5ff52214c8b5ea
                                                            • Instruction ID: e8007e53e570d8eb2f9a29eb362c266dead646150a538e6118f8606e0200f6d9
                                                            • Opcode Fuzzy Hash: b87619e54034bc193a849cb801740163e0327d4ba4f2d43c4f5ff52214c8b5ea
                                                            • Instruction Fuzzy Hash: 11128E70E102198FEF66DB58C6807ADF7B2EB49310F248526E406EB7D5DA34DC858BB1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E3498 Relevance: .5, Instructions: 545COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ab6da36e0d9d462b5897a443536ea36726cf009d2715c081322ada54565b7c60
                                                            • Instruction ID: 58776af2f0a835691470cd00ecd0a92e919b8d6f0521f54e7666cc40588fb567
                                                            • Opcode Fuzzy Hash: ab6da36e0d9d462b5897a443536ea36726cf009d2715c081322ada54565b7c60
                                                            • Instruction Fuzzy Hash: 47321E31E106198FDB14EF79C99069DB7B6FFC9300F50C6AAD40AA7254EB70A985CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E7D98 Relevance: .5, Instructions: 472COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c8738206550e22a8ac5a5e93aedcfe268f1ce34b7abfa23eff796096dd061950
                                                            • Instruction ID: da17f13b74c18f8f6c460a50b79942a1042bcb482eaf60a26e9e96e47d0e027a
                                                            • Opcode Fuzzy Hash: c8738206550e22a8ac5a5e93aedcfe268f1ce34b7abfa23eff796096dd061950
                                                            • Instruction Fuzzy Hash: CA026A30B002149FDB64EB68D990BAEB7B2FF84304F148529D405AB795DB35ED86CBE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E4B98 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 63e4b98-63e4bbc 1 63e4bbe-63e4bc1 0->1 2 63e4be2-63e4be5 1->2 3 63e4bc3-63e4bdd 1->3 4 63e4beb-63e4ce3 2->4 5 63e52c4-63e52c6 2->5 3->2 23 63e4ce9-63e4d36 call 63e544a 4->23 24 63e4d66-63e4d6d 4->24 7 63e52cd-63e52d0 5->7 8 63e52c8 5->8 7->1 9 63e52d6-63e52e3 7->9 8->7 37 63e4d3c-63e4d58 23->37 25 63e4d73-63e4de3 24->25 26 63e4df1-63e4dfa 24->26 43 63e4dee 25->43 44 63e4de5 25->44 26->9 40 63e4d5a 37->40 41 63e4d63 37->41 40->41 41->24 43->26 44->43
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: fq$XPq$\Oq
                                                            • API String ID: 0-132346853
                                                            • Opcode ID: a20bafa3f02518f1ceb8286c09204711426e38c7ae7ee3afc69eecc7e71f0bac
                                                            • Instruction ID: 8108fc0a218b621d106dfcc04a6ef7ce195f498f2ff5350223169c8bfcc46f08
                                                            • Opcode Fuzzy Hash: a20bafa3f02518f1ceb8286c09204711426e38c7ae7ee3afc69eecc7e71f0bac
                                                            • Instruction Fuzzy Hash: 90616135F002189FEF549FA8C8157AEBAF6FF88340F208429E506AB395DE754D458BA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E4B88 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 651 63e4b88-63e4bbc 652 63e4bbe-63e4bc1 651->652 653 63e4be2-63e4be5 652->653 654 63e4bc3-63e4bdd 652->654 655 63e4beb-63e4ce3 653->655 656 63e52c4-63e52c6 653->656 654->653 674 63e4ce9-63e4d36 call 63e544a 655->674 675 63e4d66-63e4d6d 655->675 658 63e52cd-63e52d0 656->658 659 63e52c8 656->659 658->652 660 63e52d6-63e52e3 658->660 659->658 688 63e4d3c-63e4d58 674->688 676 63e4d73-63e4de3 675->676 677 63e4df1-63e4dfa 675->677 694 63e4dee 676->694 695 63e4de5 676->695 677->660 691 63e4d5a 688->691 692 63e4d63 688->692 691->692 692->675 694->677 695->694
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: fq$XPq
                                                            • API String ID: 0-3167736908
                                                            • Opcode ID: 21d27f9f71359beac194d7eb16a5543799d89868ee797d149fc0b1cb13d4f3fa
                                                            • Instruction ID: d26b4067eab027ad8e284515be5c3e6bb79aaaa8d10c149d7c2a2ba233e6c103
                                                            • Opcode Fuzzy Hash: 21d27f9f71359beac194d7eb16a5543799d89868ee797d149fc0b1cb13d4f3fa
                                                            • Instruction Fuzzy Hash: 2F516235F002189FEB549FA5C8557AEBBF6FF8C340F208529E106AB395DE758C458BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D29F2 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1007 63d29f2-63d2a5e 1009 63d2a69-63d2a70 1007->1009 1010 63d2a60-63d2a66 1007->1010 1011 63d2a7b-63d2ab3 1009->1011 1012 63d2a72-63d2a78 1009->1012 1010->1009 1013 63d2abb-63d2b1a CreateWindowExW 1011->1013 1012->1011 1014 63d2b1c-63d2b22 1013->1014 1015 63d2b23-63d2b5b 1013->1015 1014->1015 1019 63d2b5d-63d2b60 1015->1019 1020 63d2b68 1015->1020 1019->1020 1021 63d2b69 1020->1021 1021->1021
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 063D2B0A
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: 074664257ff639c9daf53b81bbf1b7b828d3f918affa69215046328e83bd692f
                                                            • Instruction ID: c545f1f4b383384e700932a4cdbc7a9bc092634176475f7a772ea486a4ff8e1b
                                                            • Opcode Fuzzy Hash: 074664257ff639c9daf53b81bbf1b7b828d3f918affa69215046328e83bd692f
                                                            • Instruction Fuzzy Hash: B151C0B1D003499FDB14CF9AD884ADEFBB5FF48310F24852AE818AB250D775A985CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D29F8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1022 63d29f8-63d2a5e 1023 63d2a69-63d2a70 1022->1023 1024 63d2a60-63d2a66 1022->1024 1025 63d2a7b-63d2b1a CreateWindowExW 1023->1025 1026 63d2a72-63d2a78 1023->1026 1024->1023 1028 63d2b1c-63d2b22 1025->1028 1029 63d2b23-63d2b5b 1025->1029 1026->1025 1028->1029 1033 63d2b5d-63d2b60 1029->1033 1034 63d2b68 1029->1034 1033->1034 1035 63d2b69 1034->1035 1035->1035
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 063D2B0A
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: 98cc4c0847e60837b7ad73a3b18da119f435aea2a1d46c33064607c91ba24766
                                                            • Instruction ID: 6eeeb4f6ae87f92aacdc0f9955c157d05fb878d00f811fd83c07c3994619cb5d
                                                            • Opcode Fuzzy Hash: 98cc4c0847e60837b7ad73a3b18da119f435aea2a1d46c33064607c91ba24766
                                                            • Instruction Fuzzy Hash: CB41CFB1D003499FDB14CF9AD884ADEFBB5FF48310F24852AE818AB250D775A985CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D71E0 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1036 63d71e0-63d78b4 1039 63d78ba-63d78bf 1036->1039 1040 63d7964-63d7984 call 63d0a44 1036->1040 1042 63d78c1-63d78f8 1039->1042 1043 63d7912-63d794a CallWindowProcW 1039->1043 1047 63d7987-63d7994 1040->1047 1050 63d78fa-63d7900 1042->1050 1051 63d7901-63d7910 1042->1051 1044 63d794c-63d7952 1043->1044 1045 63d7953-63d7962 1043->1045 1044->1045 1045->1047 1050->1051 1051->1047
                                                            APIs
                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 063D7939
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: CallProcWindow
                                                            • String ID:
                                                            • API String ID: 2714655100-0
                                                            • Opcode ID: 5ae4cb5108ddf6398a4dfede5d1a9faa924e2b6d004870ce09f3c225077a3a33
                                                            • Instruction ID: 3e2d8337262909ef3ebfd75bfb3b44663ddc4e3fc4d624f2491ab63b7a9aee0f
                                                            • Opcode Fuzzy Hash: 5ae4cb5108ddf6398a4dfede5d1a9faa924e2b6d004870ce09f3c225077a3a33
                                                            • Instruction Fuzzy Hash: 09413AB6A00345CFDB54CF99C488AAAFBF5FB88314F24C459D519A7361D335A845CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D81B5 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1066 63d81b5-63d8210 1068 63d821a-63d8258 OleGetClipboard 1066->1068 1069 63d825a-63d8260 1068->1069 1070 63d8261-63d82af 1068->1070 1069->1070 1075 63d82bf 1070->1075 1076 63d82b1-63d82b5 1070->1076 1078 63d82c0 1075->1078 1076->1075 1077 63d82b7 1076->1077 1077->1075 1078->1078
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: Clipboard
                                                            • String ID:
                                                            • API String ID: 220874293-0
                                                            • Opcode ID: 8b323a716666a0d77a55f504d32f94472950c2b6ac8eb4ea6ab93a1568829679
                                                            • Instruction ID: 4f69c844219f3086c70eea549e18158458eae8737c8255dd7d10a68e7982e1f0
                                                            • Opcode Fuzzy Hash: 8b323a716666a0d77a55f504d32f94472950c2b6ac8eb4ea6ab93a1568829679
                                                            • Instruction Fuzzy Hash: 123101B1D01648DFEB24CF99D885BCEBBF5AF48708F248019E404AB290D779A845CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D7580 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1053 63d7580-63d8258 OleGetClipboard 1056 63d825a-63d8260 1053->1056 1057 63d8261-63d82af 1053->1057 1056->1057 1062 63d82bf 1057->1062 1063 63d82b1-63d82b5 1057->1063 1065 63d82c0 1062->1065 1063->1062 1064 63d82b7 1063->1064 1064->1062 1065->1065
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: Clipboard
                                                            • String ID:
                                                            • API String ID: 220874293-0
                                                            • Opcode ID: 7d94e56f731ff2a1ab6a9a1c2ffaab04a6172dfe72399f6868940abdbc833c45
                                                            • Instruction ID: 89034aa941f9a4e68ee76aa23156bd6253f318ccd29743c4ed1424b34021ab1f
                                                            • Opcode Fuzzy Hash: 7d94e56f731ff2a1ab6a9a1c2ffaab04a6172dfe72399f6868940abdbc833c45
                                                            • Instruction Fuzzy Hash: 4A3101B1D01608DFEB64CF99D885BDEBBF5EF48308F248059E404AB290D775A849CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D9F80 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1079 63d9f80-63d9f84 1080 63d9f86-63d9fd2 1079->1080 1081 63d9f62-63d9f69 1079->1081 1086 63d9fde-63da010 SetWindowsHookExA 1080->1086 1087 63d9fd4-63d9fdc 1080->1087 1083 63d9f6b 1081->1083 1084 63d9f70-63d9f77 1081->1084 1083->1084 1088 63da019-63da039 1086->1088 1089 63da012-63da018 1086->1089 1087->1086 1089->1088
                                                            APIs
                                                            • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 063DA003
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: HookWindows
                                                            • String ID:
                                                            • API String ID: 2559412058-0
                                                            • Opcode ID: d3489ae75ee7addce4a054b697f8cd99e5fc6cf0c73e390c26a6311d83245660
                                                            • Instruction ID: 7e5a538f5617d7163aad2ac49cb555ad55b48359fedb10132feeec384917d1e0
                                                            • Opcode Fuzzy Hash: d3489ae75ee7addce4a054b697f8cd99e5fc6cf0c73e390c26a6311d83245660
                                                            • Instruction Fuzzy Hash: 59212776D002089FCB14CF9AE845BDEFBF8FB88310F10842AE458A3250C775A945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D65E0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1093 63d65e0-63d65e7 1094 63d65e8-63d667c DuplicateHandle 1093->1094 1095 63d667e-63d6684 1094->1095 1096 63d6685-63d66a2 1094->1096 1095->1096
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 063D666F
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: e3de7e1cae1f1b81336ac64c4b7cb6ccb5263be5eaa12865a23f5d8739baf32a
                                                            • Instruction ID: 1a5d8e9e39753c0dd5a88ae203641a9824203b6d80d6a0d91c969ba157240b3b
                                                            • Opcode Fuzzy Hash: e3de7e1cae1f1b81336ac64c4b7cb6ccb5263be5eaa12865a23f5d8739baf32a
                                                            • Instruction Fuzzy Hash: 0E21D4B5900248AFDB10CFAAD885ADEBBF8EB48310F14841AE954A3350D378A955CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D65E8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1099 63d65e8-63d667c DuplicateHandle 1100 63d667e-63d6684 1099->1100 1101 63d6685-63d66a2 1099->1101 1100->1101
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 063D666F
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: 5ca4bf5b66ece2d43c912f03c4a3109fd3079f3dd92a165b85919157188e9473
                                                            • Instruction ID: ce2e161f05e2ceaa4daa142c12661853dbc548c3c5f1829810ee432ec8c51fcf
                                                            • Opcode Fuzzy Hash: 5ca4bf5b66ece2d43c912f03c4a3109fd3079f3dd92a165b85919157188e9473
                                                            • Instruction Fuzzy Hash: 6321E2B5D003489FDB10CFAAD885ADEFBF8EB48310F14841AE918A3350D378A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02978169 Relevance: 1.6, APIs: 1, Instructions: 61fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1104 2978169-29781ba 1107 29781c2-29781ed DeleteFileW 1104->1107 1108 29781bc-29781bf 1104->1108 1109 29781f6-297821e 1107->1109 1110 29781ef-29781f5 1107->1110 1108->1107 1110->1109
                                                            APIs
                                                            • DeleteFileW.KERNELBASE(00000000), ref: 029781E0
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759500541.0000000002970000.00000040.00000800.00020000.00000000.sdmp, Offset: 02970000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_2970000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: DeleteFile
                                                            • String ID:
                                                            • API String ID: 4033686569-0
                                                            • Opcode ID: a7e26758cd5c6312a893e73541f0351411be1a729756157589be65d97e5eccf2
                                                            • Instruction ID: 9882d92f5ff7b50ddb56419f6c785e47bfcf4da6600d09d3278d32335e23e3c5
                                                            • Opcode Fuzzy Hash: a7e26758cd5c6312a893e73541f0351411be1a729756157589be65d97e5eccf2
                                                            • Instruction Fuzzy Hash: 682136B5C0065A9BCB20CF9AC845BDEFBF4FF48720F10856AD858A7240D738A945CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D9F88 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 063DA003
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: HookWindows
                                                            • String ID:
                                                            • API String ID: 2559412058-0
                                                            • Opcode ID: d2e46b75c7d20003357e7fe9306ddd79b2d15f0bb2cf2ab4f70307244bbb4c62
                                                            • Instruction ID: 1f6d0398275359aa9d8c8223363b1e38d480c70583c523437cb7128938282f58
                                                            • Opcode Fuzzy Hash: d2e46b75c7d20003357e7fe9306ddd79b2d15f0bb2cf2ab4f70307244bbb4c62
                                                            • Instruction Fuzzy Hash: A521E375D002499FDB14CF9AD844BEEFBF5FB88310F10842AE459A7250C779A945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02978170 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteFileW.KERNELBASE(00000000), ref: 029781E0
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759500541.0000000002970000.00000040.00000800.00020000.00000000.sdmp, Offset: 02970000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_2970000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: DeleteFile
                                                            • String ID:
                                                            • API String ID: 4033686569-0
                                                            • Opcode ID: 03005eece2f9d97d78ddaf7c9f6f87a57a053257f190093a689b2618c9216c5a
                                                            • Instruction ID: f940a79e5a27ea9c9519f4ef95651fc67edae8ea326fa1e92ae70d167d3061e5
                                                            • Opcode Fuzzy Hash: 03005eece2f9d97d78ddaf7c9f6f87a57a053257f190093a689b2618c9216c5a
                                                            • Instruction Fuzzy Hash: A21144B1C0065A9BCB20CF9AC445BEEFBF4FF48720F10856AD818A7240D738A941CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0297F0EC Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GlobalMemoryStatusEx.KERNELBASE ref: 0297F157
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759500541.0000000002970000.00000040.00000800.00020000.00000000.sdmp, Offset: 02970000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_2970000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: GlobalMemoryStatus
                                                            • String ID:
                                                            • API String ID: 1890195054-0
                                                            • Opcode ID: 6aad8ad84ef8074894a5e22731d7b39622e2879a7440ef7f0987598b0b16fbd0
                                                            • Instruction ID: ebf37a9f3bef920072c4dfc099e747b5730599c487b13094bc8299128ffa977c
                                                            • Opcode Fuzzy Hash: 6aad8ad84ef8074894a5e22731d7b39622e2879a7440ef7f0987598b0b16fbd0
                                                            • Instruction Fuzzy Hash: A91112B1C006599FDB10CF9AD444BDEFBF4AF48310F14866AD818B7240D778A941CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0297F0F0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GlobalMemoryStatusEx.KERNELBASE ref: 0297F157
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759500541.0000000002970000.00000040.00000800.00020000.00000000.sdmp, Offset: 02970000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_2970000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: GlobalMemoryStatus
                                                            • String ID:
                                                            • API String ID: 1890195054-0
                                                            • Opcode ID: ad20e3b7bdeec1020a10befeedd01ef6415360211e6311298597fdd6afc7d5c4
                                                            • Instruction ID: 31c84a27d34e9ea321f6b6d74c4f9478255d8baa00a33efd093626f14741125c
                                                            • Opcode Fuzzy Hash: ad20e3b7bdeec1020a10befeedd01ef6415360211e6311298597fdd6afc7d5c4
                                                            • Instruction Fuzzy Hash: 121120B1C006599BCB10CFAAC444BDEFBF4EF48320F10856AE818B7240D778A941CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D0910 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 063D19B6
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 81d7c24d8dbe11a173f9beea2802ebfb5d393ea81231ab56b733aaf79f15c4dd
                                                            • Instruction ID: a8eee48f68d1d4e0b8aee5313f3d6264d374b7bc0310ef095434b5969d31b0d1
                                                            • Opcode Fuzzy Hash: 81d7c24d8dbe11a173f9beea2802ebfb5d393ea81231ab56b733aaf79f15c4dd
                                                            • Instruction Fuzzy Hash: FF11F0B6D002498FDB20CF9AD444B9EFBF4EB89214F10845AD859B7200D379A546CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D194A Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 063D19B6
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 5dae4f555adb14be85dd8ee66a178c83c280f6944a4edffb5464e4b8be073e83
                                                            • Instruction ID: af58f011398beb5cc9d16b4ff86aeb4b8b211df7eaf4848cee30d9e833e6bbce
                                                            • Opcode Fuzzy Hash: 5dae4f555adb14be85dd8ee66a178c83c280f6944a4edffb5464e4b8be073e83
                                                            • Instruction Fuzzy Hash: 6A110FB6D003498FDB20DF9AD844BDEFBF5EB89310F10845AD868A7210C379A546CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D746C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • OleInitialize.OLE32(00000000), ref: 063D80CD
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: Initialize
                                                            • String ID:
                                                            • API String ID: 2538663250-0
                                                            • Opcode ID: a0dcfa660a970d317e058322ebf79b14ec08c40064ddf7511f02450c2e590120
                                                            • Instruction ID: 1f555d3756aa75cbf71622bde5ba46a507c2d9a4b62c3ac73ca86cb91703364b
                                                            • Opcode Fuzzy Hash: a0dcfa660a970d317e058322ebf79b14ec08c40064ddf7511f02450c2e590120
                                                            • Instruction Fuzzy Hash: C91115B59007489FDB20DF9AD445BDEFBF8EB48310F108459E518A7200D379A945CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D7234 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,063D7B85), ref: 063D7C0F
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: CallbackDispatcherUser
                                                            • String ID:
                                                            • API String ID: 2492992576-0
                                                            • Opcode ID: 94c2e92bdbeafa44b6fed4a6f081e4bb13a2d1612dbdc6223350e3298fd868bf
                                                            • Instruction ID: 970a819abf2d93c13f4ec4ed6f0b19c7400dddeac90202876922add54b05cc7c
                                                            • Opcode Fuzzy Hash: 94c2e92bdbeafa44b6fed4a6f081e4bb13a2d1612dbdc6223350e3298fd868bf
                                                            • Instruction Fuzzy Hash: EE1103B5C003488FDB20DF9AD445BDEFBF4EB48324F20885AD919A7250D379A945CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D7BA8 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,063D7B85), ref: 063D7C0F
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: CallbackDispatcherUser
                                                            • String ID:
                                                            • API String ID: 2492992576-0
                                                            • Opcode ID: 4960facf3eb9bb525cda14eeb678283761d8320771b102e98de2af7a4840e418
                                                            • Instruction ID: b02ed6f0131b2efa79c063a72208c1c19c1fde3fc85eb3a24f3e4b50a557528c
                                                            • Opcode Fuzzy Hash: 4960facf3eb9bb525cda14eeb678283761d8320771b102e98de2af7a4840e418
                                                            • Instruction Fuzzy Hash: B91133B5C003488FCB20CF9AD845BDEFBF8EB49320F208819D818A3200D379A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063D8071 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • OleInitialize.OLE32(00000000), ref: 063D80CD
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774702183.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63d0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID: Initialize
                                                            • String ID:
                                                            • API String ID: 2538663250-0
                                                            • Opcode ID: 86fce1e9d3bff6e35d5cfbaafd0c5b31ff1e7cab971b0ff5992415d8c2fe7f28
                                                            • Instruction ID: c13941f93868c2d7dbf119a6fcf73017687f153193a3ba4e81f8be12e278b3f5
                                                            • Opcode Fuzzy Hash: 86fce1e9d3bff6e35d5cfbaafd0c5b31ff1e7cab971b0ff5992415d8c2fe7f28
                                                            • Instruction Fuzzy Hash: 601103B5C043488FDB20CF9AD4847DEBBF4EB48320F24885AD458A7300C379A945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E4A81 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: \Oq
                                                            • API String ID: 0-643489707
                                                            • Opcode ID: 6244eb3a4678dd62f28e7aeaa90a83af561588bc82ca1426263fd51f5a78715a
                                                            • Instruction ID: a0d0e08fc59abbe33f284fe051bdc3c85ef3709d7e63881f2363581f7a3f4908
                                                            • Opcode Fuzzy Hash: 6244eb3a4678dd62f28e7aeaa90a83af561588bc82ca1426263fd51f5a78715a
                                                            • Instruction Fuzzy Hash: 72F0FE30E60229DFDB14DF94E8597AEBBB6FF48714F204129E402A7294CB705D45CBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063ECF68 Relevance: .8, Instructions: 803COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0e600b651d4aae09092607614023b30feaa2406fad93525723deca346572bafa
                                                            • Instruction ID: d6405662f4de8bdd446a3948c9f90cd4c236568d80524ee971966ebfdebc4101
                                                            • Opcode Fuzzy Hash: 0e600b651d4aae09092607614023b30feaa2406fad93525723deca346572bafa
                                                            • Instruction Fuzzy Hash: 9F625B30A103198FCB65EF68D590A5EB7B2FF84304F208A28D0499B759DB75ED86CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EACE8 Relevance: .4, Instructions: 391COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0e0ad34972e9d0cf352e921dc9e267fb79406bade9ab07b87a9d892891430863
                                                            • Instruction ID: 3d1414186b8a91eb41602ae3c36e86f4cb02f1a8592883cd0f58d6dfdd589e56
                                                            • Opcode Fuzzy Hash: 0e0ad34972e9d0cf352e921dc9e267fb79406bade9ab07b87a9d892891430863
                                                            • Instruction Fuzzy Hash: 13E18E30E102198FDB69DFA9D5906AEB7B2FF85310F10852AD406AB384DB75DC46CBE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E9168 Relevance: .2, Instructions: 230COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ef782acde2f0baca77bdf3c99c277bd791845ea535c7120fa05ff173884dea6b
                                                            • Instruction ID: 38ff83acd71c0c5b48b4654ace0c99bd910b1e48d2140e8c2324678bdfbce510
                                                            • Opcode Fuzzy Hash: ef782acde2f0baca77bdf3c99c277bd791845ea535c7120fa05ff173884dea6b
                                                            • Instruction Fuzzy Hash: 3A917F70F402198FDB65DF69C9507AE77F6FF88300F108465C409AB784EE359D418BA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E6210 Relevance: .2, Instructions: 229COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 43f2ff74e6c39a79f6956f8b0d8bb76bc66feecc75f33e128d23a37a72d062b6
                                                            • Instruction ID: 2390ecc834bbc6cde59494d31dd3a6cde6037b88ddb5ac48b2f8a3851bb55d83
                                                            • Opcode Fuzzy Hash: 43f2ff74e6c39a79f6956f8b0d8bb76bc66feecc75f33e128d23a37a72d062b6
                                                            • Instruction Fuzzy Hash: B361E472F001204FDF559B7DC88066EBADBAFE5210B244439E80AEB361DEB5DD0287D2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E42D0 Relevance: .2, Instructions: 223COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9113cc5369aea7e4f269e847a66fca01b8b2a746c5829f29bae8e537ed1bc1ee
                                                            • Instruction ID: 6aa1d21094d49e41245499f313a8d187131462f4c0c7e9f8003ec95adbcf0fff
                                                            • Opcode Fuzzy Hash: 9113cc5369aea7e4f269e847a66fca01b8b2a746c5829f29bae8e537ed1bc1ee
                                                            • Instruction Fuzzy Hash: 80814C34B102188FDB54DFA8D59076EBBF2AF89300F108529D40AEB385EF75DC568BA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E45EC Relevance: .2, Instructions: 217COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 44ca10e3feaf90d9e6645ec97007143c24fd0fd9744d356ec7acb5c4fa92771a
                                                            • Instruction ID: bf978b904b6ee9ecc83a05744f030467e9bdedde1c1d9d16a3dd66a9c203dbe6
                                                            • Opcode Fuzzy Hash: 44ca10e3feaf90d9e6645ec97007143c24fd0fd9744d356ec7acb5c4fa92771a
                                                            • Instruction Fuzzy Hash: 25911D30E102199FDF60DF68C890B9DB7B1FF89310F208599D549BB285DB71AA85CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E4600 Relevance: .2, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: afe886401364e8a2c4ea367058caf50d439ac25c6c7a6f35c04adef5f3a53b4b
                                                            • Instruction ID: 692e9bbf25b2527023c5ce84be98dfe458530c3e83737f8274efabf6d52b5eea
                                                            • Opcode Fuzzy Hash: afe886401364e8a2c4ea367058caf50d439ac25c6c7a6f35c04adef5f3a53b4b
                                                            • Instruction Fuzzy Hash: 3C910A34E106198BDF60DF68C880B9DB7B1FF89310F208599D549BB285EB71AA85CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EEF30 Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c0db5fa33632b36f751bdb405f55197b14c874f521ded4d04d0ebedddb82cc3a
                                                            • Instruction ID: d0549b5859b85d87e4160b9a2bb08d01040f3eece094eb4a4ba14d2efb634e0c
                                                            • Opcode Fuzzy Hash: c0db5fa33632b36f751bdb405f55197b14c874f521ded4d04d0ebedddb82cc3a
                                                            • Instruction Fuzzy Hash: BD713D70A002189FDB54DFA8D980A9DBBF6FF84300F148529E419EB395DB74ED46CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EEF40 Relevance: .2, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d78d3cce36a0b9af8049fc6b610fda5a2bdf56b255314f44893d98c823bb4958
                                                            • Instruction ID: 6d3c91a0f262a461f04007ae0d77d9367fb74ac9d275c2107de051eb5c79b356
                                                            • Opcode Fuzzy Hash: d78d3cce36a0b9af8049fc6b610fda5a2bdf56b255314f44893d98c823bb4958
                                                            • Instruction Fuzzy Hash: E8713C70A002188FDB54DFA9D980A9DBBF6FF84300F148529E419EB395DB70ED46CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EFA50 Relevance: .2, Instructions: 193COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 13a3864b9dec2cda84b8f3477604348de12edd2585526025a7912c0d322ee01e
                                                            • Instruction ID: 2324dbbb46ef0574244632ab93bda6d495c0022475746730caa317b7e2ecff2c
                                                            • Opcode Fuzzy Hash: 13a3864b9dec2cda84b8f3477604348de12edd2585526025a7912c0d322ee01e
                                                            • Instruction Fuzzy Hash: 0751F270F202249FEF605668D85476E36AFE789750F20052EE40BC7BD5DAACCC9587E2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EFCA0 Relevance: .2, Instructions: 174COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a9483291ef0daa295e85b78006d07f882005fb5ff1f4c751a6173c5e2fac00eb
                                                            • Instruction ID: 212893e43e2a9ccb356c14cf5b10648dda6ef68b0f31f7cfbb8414352a342d1b
                                                            • Opcode Fuzzy Hash: a9483291ef0daa295e85b78006d07f882005fb5ff1f4c751a6173c5e2fac00eb
                                                            • Instruction Fuzzy Hash: D351F135E00215DFDB24AB78E4547AEBBB2FF88311F20896DD10AD7290CB759959CBE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EFA60 Relevance: .2, Instructions: 163COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5e50025151dd641fe49cbaf89b1714015ccbdc2f8ff226318b5178e43fbb87c0
                                                            • Instruction ID: 8e6cba5c476e9f380648bf377305abd03de572d57cb70fd49d56e888b2dc0bf3
                                                            • Opcode Fuzzy Hash: 5e50025151dd641fe49cbaf89b1714015ccbdc2f8ff226318b5178e43fbb87c0
                                                            • Instruction Fuzzy Hash: 0651DF70F202249FEF60A668C95472E36AEE789750F204529E40FC7BD4DAACCC5547E2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E9159 Relevance: .2, Instructions: 157COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0ea9b910acf45c1fd8de90a5df548b44202555b58aacc39e00f862315ad9d891
                                                            • Instruction ID: 1c10cc02d15baba7468ddd377e649eaa7af1f192029986de38f17ab7dcbce9ad
                                                            • Opcode Fuzzy Hash: 0ea9b910acf45c1fd8de90a5df548b44202555b58aacc39e00f862315ad9d891
                                                            • Instruction Fuzzy Hash: CC517174B401159FDB65DB79D9A0B6E77E6FB88340F108429C40AE7784EE31DC52CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E55C8 Relevance: .1, Instructions: 137COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 450c0de5d4bf910e2a3b0a257f79aaffd3a163d16144d7caebd229d2bcb1126f
                                                            • Instruction ID: 09b01543cb131e8e2dbe8830842f1e0fbdedc0ce3d910a67f6e0e1441b92439d
                                                            • Opcode Fuzzy Hash: 450c0de5d4bf910e2a3b0a257f79aaffd3a163d16144d7caebd229d2bcb1126f
                                                            • Instruction Fuzzy Hash: EF41AF34E102158FDF60CB68C580B7EBBB2FB45324F248829E599DB2D1C636D995CBE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E544A Relevance: .1, Instructions: 130COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a0f5caee547eb9780f7220f378ce98f8ec4133a88ad45552514119918a0f448e
                                                            • Instruction ID: cd6298886928de480a63dc999855e140f0f369557441ef86bab384d3ff2196d3
                                                            • Opcode Fuzzy Hash: a0f5caee547eb9780f7220f378ce98f8ec4133a88ad45552514119918a0f448e
                                                            • Instruction Fuzzy Hash: 04415171E006158FDF70CFA9D880AAFB7F2EB44224F10492AE156D7691D332E9598FE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EDADD Relevance: .1, Instructions: 126COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ce8d9e828071fcea1c71bbc0f5026d7509a130352af31f0a41a11a6d4d9cf95d
                                                            • Instruction ID: 3248cabe766f359366fc578169ed9595934ab42dcdbc4ff40f86e859b0fe879d
                                                            • Opcode Fuzzy Hash: ce8d9e828071fcea1c71bbc0f5026d7509a130352af31f0a41a11a6d4d9cf95d
                                                            • Instruction Fuzzy Hash: F4417F34E1021ADFDB649F65C9846AEBBB6FF85340F204529D405EB380EB74D94ACBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E21BD Relevance: .1, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e8563745a2bbed9171106b769cdfffb8f76a7fd3216b2f16ada4d5dab759534d
                                                            • Instruction ID: 5e1772e0db7b8f6db8f377d76749be60387d7f9ae28cd9af1416ee451d61f134
                                                            • Opcode Fuzzy Hash: e8563745a2bbed9171106b769cdfffb8f76a7fd3216b2f16ada4d5dab759534d
                                                            • Instruction Fuzzy Hash: CF31EF30B00214CFDB99AB74C95476F3BA6AF89240B248529D402DB791DF79CE06CBF1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E21D0 Relevance: .1, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 14cbb43e2f11160a8b1cf32c2e1a59b5e915cf1bc0e570b1bc89be7c43526fc9
                                                            • Instruction ID: 37f6ea16f5663ad0b5f1948d61555d1d2ebf183b6cb121ec6f9487bc09b2ff93
                                                            • Opcode Fuzzy Hash: 14cbb43e2f11160a8b1cf32c2e1a59b5e915cf1bc0e570b1bc89be7c43526fc9
                                                            • Instruction Fuzzy Hash: 9731DC30B102148FDB98AB78C95476F3AAABF89240B208528D406DB385DF79CE05CBF1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E6491 Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4b2db0939ed98c6010241279f3b83e51be318f8a2ca67c6001ca2ea6acc6a2f3
                                                            • Instruction ID: 89ff148ed6e3632244b0873c3880a8d12f9c48200609642b865c813de18fdb03
                                                            • Opcode Fuzzy Hash: 4b2db0939ed98c6010241279f3b83e51be318f8a2ca67c6001ca2ea6acc6a2f3
                                                            • Instruction Fuzzy Hash: 7C315071D052599FDB10CFA9D9817DEFBB4EB09210F14856AE408E7281D3749945CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E2080 Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9b9afe8299f64877ec9f004991a157cce299a56776fc354395a02a1d05ba51b2
                                                            • Instruction ID: dbf70d485c349d4b169b71bd7918095ccfa2667646e1380e7ce85fd0f3f66668
                                                            • Opcode Fuzzy Hash: 9b9afe8299f64877ec9f004991a157cce299a56776fc354395a02a1d05ba51b2
                                                            • Instruction Fuzzy Hash: 58319C34E102159FDB15DFA4C894A9EB7B6FF89300F108919E806E7790EB31AE46CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E1179 Relevance: .1, Instructions: 99COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8836d63d121156118c02b3bd57bd0ea078d04c0c31eb24e9a6fcea533ac79d06
                                                            • Instruction ID: 26129c85236caafe708568e0fc4fe57422cddf06d838f5c43a438fec929ca83c
                                                            • Opcode Fuzzy Hash: 8836d63d121156118c02b3bd57bd0ea078d04c0c31eb24e9a6fcea533ac79d06
                                                            • Instruction Fuzzy Hash: A231AD30A002158FDF61EFA8D881AAE7BF5EF8A310F108568D006EB755DB75ED41CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E0957 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b839263c593e158751552741b8309aa0cd6c0973a59a067013d6481ffaa33995
                                                            • Instruction ID: 7c67dee7617cca2703a85043a5b267ca70a45c19281c4a2b6f141d8d34625b52
                                                            • Opcode Fuzzy Hash: b839263c593e158751552741b8309aa0cd6c0973a59a067013d6481ffaa33995
                                                            • Instruction Fuzzy Hash: 5A416031A007099FCB15DFA9C49469DBBF1FF88310F18C659E4897B265EB70A981CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E1188 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 97d11f7e69c85e5f11ae404cfb1d28c01772ef900b3623245f2ec4e33d3a2334
                                                            • Instruction ID: 355bbb09d0ccc53408a98ae7c33d81868b58b2acb93e852cdcec5408a64348f7
                                                            • Opcode Fuzzy Hash: 97d11f7e69c85e5f11ae404cfb1d28c01772ef900b3623245f2ec4e33d3a2334
                                                            • Instruction Fuzzy Hash: 6B318D30A002198FDF51EF68D880AAEB7F5EF89310F108568D40AEB755DB75ED418BA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E2090 Relevance: .1, Instructions: 91COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f3fc1ed536b9e98f317206165268d4b58703eb1ec415d76c069ba88226a0b0cf
                                                            • Instruction ID: 156460d5cb4e292b7f85ca432fc23d15528dce5653f6d4b21f3733b813c51ffe
                                                            • Opcode Fuzzy Hash: f3fc1ed536b9e98f317206165268d4b58703eb1ec415d76c069ba88226a0b0cf
                                                            • Instruction Fuzzy Hash: 09318F34E102159BDB15DFA5C854A9FB7B6BF89300F108519E906A7380EB71EE45CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E3ED9 Relevance: .1, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b343291f444cffe4c23c1ef2e09b403f5c32df127e3bed1e4b24ef1382a4069c
                                                            • Instruction ID: 647ba4774a8fdb8319935bc31925debf12d873c1edce2dd2959253a2adb32bd0
                                                            • Opcode Fuzzy Hash: b343291f444cffe4c23c1ef2e09b403f5c32df127e3bed1e4b24ef1382a4069c
                                                            • Instruction Fuzzy Hash: 75215A75F102189FEB50DFA8DA40BAEBBF5BB48300F14802AE945E7381D775D8428BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E3EE8 Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f3e64e139967b8fa1d326eaa6ebe56cf67ad9956941757429c186c8886cc4fc4
                                                            • Instruction ID: c1e50574c24d22bf43f7033cdc60eeba145205701558708249678d5b518d7199
                                                            • Opcode Fuzzy Hash: f3e64e139967b8fa1d326eaa6ebe56cf67ad9956941757429c186c8886cc4fc4
                                                            • Instruction Fuzzy Hash: 78214C75F006189FEB50EF69DA40AAEBBF5BB48310F104026E915E7380E775DD41CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E6D28 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3480f685bb36ca58d0fdd5558cf6890905dc355977f28dbeede869913073fce7
                                                            • Instruction ID: 7b6b7bb393f1f296540c1e19d42240811c171581835712cf1e27c3cd5dab6365
                                                            • Opcode Fuzzy Hash: 3480f685bb36ca58d0fdd5558cf6890905dc355977f28dbeede869913073fce7
                                                            • Instruction Fuzzy Hash: 7721D434F100149FCFA4DA68E9516AEB7B7EF85310F108525E405EB390DB31DD428BE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E0CA5 Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 501ffad3593d15ed1f2187d50af4912b9fe768a265814de70a1881970edef160
                                                            • Instruction ID: 2fec1e53541ab8581400b4a9862815d17986ce3c77e9668a734b4310a9a168a8
                                                            • Opcode Fuzzy Hash: 501ffad3593d15ed1f2187d50af4912b9fe768a265814de70a1881970edef160
                                                            • Instruction Fuzzy Hash: F531E3B0D00258DFDB24DF9AC989BDEBBF5AB48310F248459E444AB250C7B56845CF61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DAD3BC Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3757830525.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_dad000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b7c04ab1d914a18e4e8c87d53ba8e37c3bd53dd03a7a7bd2125b25968b3c8573
                                                            • Instruction ID: 33b301ef5322838fd85428a659e3e12d200dfa58229e7a97061eda410e565645
                                                            • Opcode Fuzzy Hash: b7c04ab1d914a18e4e8c87d53ba8e37c3bd53dd03a7a7bd2125b25968b3c8573
                                                            • Instruction Fuzzy Hash: D6212671504304DFDB04DF10D5C0B26BBA6FB89314F24C56DD84A4B692C3BAE846CB72
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DAD20C Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3757830525.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_dad000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c92051e93995bc48968454d970f4b5495a5fa61c361461f0fec2e0757fa3a4d9
                                                            • Instruction ID: 51fcefbc72dff9009ae8cdeba21f61291f2646a0aabcfd49a2de0864fa637587
                                                            • Opcode Fuzzy Hash: c92051e93995bc48968454d970f4b5495a5fa61c361461f0fec2e0757fa3a4d9
                                                            • Instruction Fuzzy Hash: 19213872504344DFDB05DF10D4C4F2ABB66FBC5324F24C569D84A0B641C37AD846CA76
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DAD044 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3757830525.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_dad000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccabff1c632118c1d644b4df97b1263b6bf6d299737a720054b7d69454306601
                                                            • Instruction ID: 0aa5d8fc884f81fb9a098425e7293447df7f43978ceb2345517ea7853afa04b0
                                                            • Opcode Fuzzy Hash: ccabff1c632118c1d644b4df97b1263b6bf6d299737a720054b7d69454306601
                                                            • Instruction Fuzzy Hash: E8213471504304DFDB14DF20C8C0B26BB62FB89314F24C5ADE88A4B682C73AD847CA76
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DAD12C Relevance: .1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3757830525.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_dad000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 824c4a1dab16e20ba6fac61cd2ab7036cb6f85c7275142457fd961c037eaaba7
                                                            • Instruction ID: e31ff6df03829d622c1a474e94443d2f29e70aae49f9bec349947cf24319355e
                                                            • Opcode Fuzzy Hash: 824c4a1dab16e20ba6fac61cd2ab7036cb6f85c7275142457fd961c037eaaba7
                                                            • Instruction Fuzzy Hash: CB21F3B1604340DFDB15DF14D9C0F26BBA6FB99314F24C66DD84A4BA52C33AD846CA72
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EF978 Relevance: .1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 374b37bc5b5d12134bd1810333222440362be20ea7b3159fc79af4244fd950d7
                                                            • Instruction ID: 48b4ca2f4eaa78790b7e981356821b3bcf9d26c5e7bf716d85d315c88be90c41
                                                            • Opcode Fuzzy Hash: 374b37bc5b5d12134bd1810333222440362be20ea7b3159fc79af4244fd950d7
                                                            • Instruction Fuzzy Hash: F1110C70B202301BEF6425798C40B2F22AFC786B90F21042EE40ADB7D1D998CC4947F2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E0CB0 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cbd861af1a1e7394611e63e2d5c09195217a393ec887c9bdc4b4bc88ff3caa45
                                                            • Instruction ID: 304536f369112cff93df03d442f7404d2de960d09305801b476446ddfac9e2eb
                                                            • Opcode Fuzzy Hash: cbd861af1a1e7394611e63e2d5c09195217a393ec887c9bdc4b4bc88ff3caa45
                                                            • Instruction Fuzzy Hash: 9631E3B4D01318DFDB24DF9AC988B9EBBF5AB48710F24845AE444AB240C7B5A845CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E6D38 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: df5074c860eadba147f85189385d2f2dc8f48b56ccaa936a22e5e9238aa35777
                                                            • Instruction ID: e8d62a3a1f2e37bce8bb3af1dfb2fe02be396294e21794578750d3413e70a3f1
                                                            • Opcode Fuzzy Hash: df5074c860eadba147f85189385d2f2dc8f48b56ccaa936a22e5e9238aa35777
                                                            • Instruction Fuzzy Hash: 84219031F101289FDFA4EA68E9506AEB7B6EF85310F208529D405EB394DB31DD518BE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EF988 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fd4298f1c25e8ba62196d2c966d4a46883a98e9b81c76c36f13ef6fe9a5414c9
                                                            • Instruction ID: 1a96e51ee95658fb52b1984fa3b7e79066bf146ff93ae9a8650460375b56e7e3
                                                            • Opcode Fuzzy Hash: fd4298f1c25e8ba62196d2c966d4a46883a98e9b81c76c36f13ef6fe9a5414c9
                                                            • Instruction Fuzzy Hash: 2E017170B202241BFF64656A885072F119FC7C5B90F20443EE40ADB7D1D8D8CC8607F6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E422F Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e7f6d143d56d66b1dd8766e0d5204f27eeafc5811a085bb8702315b7f0934f4d
                                                            • Instruction ID: 3e0c928bedc97cbce4e02fef42f73980820f076087d5a60fe751a0d37c4bfd1e
                                                            • Opcode Fuzzy Hash: e7f6d143d56d66b1dd8766e0d5204f27eeafc5811a085bb8702315b7f0934f4d
                                                            • Instruction Fuzzy Hash: D001DD35B102201FDB6599BD985075BB7DADFDD320F108839F109C7391DA26DC4543E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E3FF8 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 75564a294ea5da732d198760b756de4986e33ae3d34b0f0575e3bc4e7548d6a8
                                                            • Instruction ID: 398341413fc3782971c2be0da0132aa5ff360e4674a6ab60d76a248046f5de5d
                                                            • Opcode Fuzzy Hash: 75564a294ea5da732d198760b756de4986e33ae3d34b0f0575e3bc4e7548d6a8
                                                            • Instruction Fuzzy Hash: CF11A132B102289FCB689A78C8246AEB7EBEBCC310F014539C506E7384DE76DC0587E0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EF1B2 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3891235ae38c525703a9bcea836d1a44bef89409c72fbdee426bb3d803481a98
                                                            • Instruction ID: 992b5dd14d8cc4c3e06268b3a088c451605af4dab9ee13e895c32ae7d6a65c0d
                                                            • Opcode Fuzzy Hash: 3891235ae38c525703a9bcea836d1a44bef89409c72fbdee426bb3d803481a98
                                                            • Instruction Fuzzy Hash: 5201FC39B101610FCB6695BC9850B6F6BEBDBCA310F14882EE50AC73C1DA55DC4783E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DAD03F Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3757830525.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_dad000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction ID: db121a3ee55485eec846d75181f534af32e9f7747b7c3cb00ca1a99ecd2585b9
                                                            • Opcode Fuzzy Hash: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction Fuzzy Hash: 85119D75504284DFCB15CF10D9C4B15BFA2FB89314F28C6ADE84A4B696C33AD84ACF62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DAD3B7 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3757830525.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_dad000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction ID: 25108d1d30c6e5559b5b3d8d5441caff0f2fe0764e7f46401f94c0ad9b92fdb7
                                                            • Opcode Fuzzy Hash: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                            • Instruction Fuzzy Hash: 04119D75504280DFCB05CF10D5C4B15BFB2FB89314F28C6AAD84A4B656C37AE84ACFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DAD207 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3757830525.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_dad000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fcc7b76233ba9704f987b25b3189605da9f378fcd960415197fba76abc6c46a8
                                                            • Instruction ID: acbcf1a10fadff9087f0340bc47d1767ec676008e79b73c0585e6828307d8eb9
                                                            • Opcode Fuzzy Hash: fcc7b76233ba9704f987b25b3189605da9f378fcd960415197fba76abc6c46a8
                                                            • Instruction Fuzzy Hash: 7D11B276504284DFDB11CF10D5C4B15FF62FB85324F28C6A9D8494BA56C33AD806CB61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E3FE9 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 69134fef2d2b1ff981bd7427746d77243650c3a426eec948925e06b547c0345d
                                                            • Instruction ID: 470eb33b071a455ce1a7b985b1db8842e731761fdc7f7a1e21ab8c8e22b9657a
                                                            • Opcode Fuzzy Hash: 69134fef2d2b1ff981bd7427746d77243650c3a426eec948925e06b547c0345d
                                                            • Instruction Fuzzy Hash: 88018436B201285FDBA89A789D206AFB7EBEBCC311F11443AD546E7384DE618C1647E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E3CB2 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a66e094fc276b24f6c28b1c00550d5d8c5cf2d7c976ae18628d36d5ec539ac2a
                                                            • Instruction ID: 9f00ca33d41c1004189a6da5e2f6984839f4103e6c24ac51c9e57fb93ad8a842
                                                            • Opcode Fuzzy Hash: a66e094fc276b24f6c28b1c00550d5d8c5cf2d7c976ae18628d36d5ec539ac2a
                                                            • Instruction Fuzzy Hash: 9621CFB5D012599FDB10CF9AD984ACEFBB4FF48310F10856AE918A7240C378A955CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DAD127 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3757830525.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_dad000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d2b5df3ed4108835ccbf5234fee1761a83e8755add7b3133b54584a97719e759
                                                            • Instruction ID: 755d23a4b37692f5e72d40970b2e57d523c7212357c884ea4c6f973dab30b7c8
                                                            • Opcode Fuzzy Hash: d2b5df3ed4108835ccbf5234fee1761a83e8755add7b3133b54584a97719e759
                                                            • Instruction Fuzzy Hash: 8D119075504380CFCB15CF14D5C4B15BF62FB49314F28C6ADD84A4BA66C33AD846CB61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E3CB8 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c8aff8ad1ba8a85d5f6fcb9e63ec9fb0cd9cd055d139e0b4e546ca6523e0511f
                                                            • Instruction ID: e7117b369168157fe1cb5672ad21d7b2ae2b808863fadacf57d2d12360a262fe
                                                            • Opcode Fuzzy Hash: c8aff8ad1ba8a85d5f6fcb9e63ec9fb0cd9cd055d139e0b4e546ca6523e0511f
                                                            • Instruction Fuzzy Hash: FB11E2B5D01259AFDB10CF9AD884BCEFBB4FF48310F10852AE918A7240C378A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E4240 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c1e9a6d2861a8b1985eba4e95517a6b7ae046977f199fd2cbf9d3f9b4636cff4
                                                            • Instruction ID: 09f3776755d7f59955d6f3ee84f38e2abd9cf0f2b15d119aa3f94d3e029e4e14
                                                            • Opcode Fuzzy Hash: c1e9a6d2861a8b1985eba4e95517a6b7ae046977f199fd2cbf9d3f9b4636cff4
                                                            • Instruction Fuzzy Hash: 6D018131B101204BDB65A9BD9454B2BB7DADBDD720F108839E10AC7381EE66DC4647E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EA320 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2d982973fbb2675cfabc658d40edc83559f4424c8c6242bd59f12d9c51cb8d0b
                                                            • Instruction ID: 98b86c173f2a44cdce2adeac38d3f75dbdf245a49ecdee0efd31a19538a8e966
                                                            • Opcode Fuzzy Hash: 2d982973fbb2675cfabc658d40edc83559f4424c8c6242bd59f12d9c51cb8d0b
                                                            • Instruction Fuzzy Hash: 1501D430B102604FCB62DB7C995076E77E6EB8A314F10882AE14AD7794EA26DC0683E0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EF1C0 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 17eac41c4b8f10a234c3043138f923893c8e0f4dd809b6434f80e634e865efa7
                                                            • Instruction ID: 8bb776e0c86e1f8cb552ad6cbe149d2361ba962dfdb6f70d47e90b50b92d0ba0
                                                            • Opcode Fuzzy Hash: 17eac41c4b8f10a234c3043138f923893c8e0f4dd809b6434f80e634e865efa7
                                                            • Instruction Fuzzy Hash: 33018179B101200BDB6599BC9850B2F66DADBCA720F10882DE50AC7380EE65DC4387E5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E0480 Relevance: .0, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 72603f29736076db80738879bd0788c8178676ee08bcbe1c3a1c456a20bbe303
                                                            • Instruction ID: 3f7729d3323ecd730870b0f32a8955ef907a1ee42b9b0a803e0c025649829b21
                                                            • Opcode Fuzzy Hash: 72603f29736076db80738879bd0788c8178676ee08bcbe1c3a1c456a20bbe303
                                                            • Instruction Fuzzy Hash: D41102B59003498FCB20CF9AD545BDEBBF4EB48310F20841AE958A7210D779A945CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EA330 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d92b7992242880d3ba2cd021292af1a1d4912e1cfe8a830d789e94dffb34b8d2
                                                            • Instruction ID: f8caf8696d244f7a373b854cedba4df31e0aaef3bf14863603290a82152f6006
                                                            • Opcode Fuzzy Hash: d92b7992242880d3ba2cd021292af1a1d4912e1cfe8a830d789e94dffb34b8d2
                                                            • Instruction Fuzzy Hash: 6301A430B101204FDB65EA7CD950B5E73DAEB8A764F108829E50AC7794EE22DC4587E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D9D8C5 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3757756912.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_d9d000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8300cb4dbdc495fc674b013b695aa4eb8cccd8cf8a7fce607737175ccada57c3
                                                            • Instruction ID: 5c774891c01297b369d93cf91b76a9b8ce86cf57ea7ec5e996cd7034a0912ff7
                                                            • Opcode Fuzzy Hash: 8300cb4dbdc495fc674b013b695aa4eb8cccd8cf8a7fce607737175ccada57c3
                                                            • Instruction Fuzzy Hash: 56012631004344AFEB209B16CC84B66FBA8EF46364F18C41AED490E287D378DC81CEB6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E0488 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 379e55a4bbe29ef74c933f874b9ae2369bfdd1f6de583d5d300bd68bfae6d5f2
                                                            • Instruction ID: 2130d160ec1d05465cdb5797304a32f27e212b1c2b65fadc2232c87b18f7a6fd
                                                            • Opcode Fuzzy Hash: 379e55a4bbe29ef74c933f874b9ae2369bfdd1f6de583d5d300bd68bfae6d5f2
                                                            • Instruction Fuzzy Hash: 0C1103B59003498FDB20DF9AC545BDEFBF4EB48320F20841AE958A7200C779A945CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E1071 Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 16721b3a9f2ab5e4594c9e5085c7150e09e25d279e6d2027ceae4022d6af3df6
                                                            • Instruction ID: 5812b037271281e7ef4a3cbed0ea84a473dcd07f73ed7ef2b3d8b59ea2e13afb
                                                            • Opcode Fuzzy Hash: 16721b3a9f2ab5e4594c9e5085c7150e09e25d279e6d2027ceae4022d6af3df6
                                                            • Instruction Fuzzy Hash: 23F090317082545FC7048B699C50AAABFF9EFDA720B1544ABE044DB366C6B06C01C774
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E0FD6 Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 26eb7699afff5a202c8b32d79083fbe213371304106f4c0cd6f0677815af4e70
                                                            • Instruction ID: 226dd82dceea20b94a4789eb925cdea095308b22be8823f4e674613ac736982d
                                                            • Opcode Fuzzy Hash: 26eb7699afff5a202c8b32d79083fbe213371304106f4c0cd6f0677815af4e70
                                                            • Instruction Fuzzy Hash: E6011A71900259DFEB15CF6AC4487EE7FF1BF49324F248669E564AA2A0D3B54A80CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D9D8C4 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3757756912.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_d9d000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 42bae7806a21ad2bfc6bd2a302eed0f5b7ec95a7573a42d2bfc3522530057da8
                                                            • Instruction ID: 99e8defce537dce2cb6de047252f99866db1d05db3a862ea2f2d965e053d404c
                                                            • Opcode Fuzzy Hash: 42bae7806a21ad2bfc6bd2a302eed0f5b7ec95a7573a42d2bfc3522530057da8
                                                            • Instruction Fuzzy Hash: EAF06271404344AEEB209F16D884B66FBA8EB55734F18C45AED485E286C3799C45CE71
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EC7E8 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5cd0dbcb3dc44f27bb36e5054769263cb4cb02c5968074beab936ae2e153ada0
                                                            • Instruction ID: c34d5809249337be3edfd88bbf40d5f704886e63175ebb6e5570c6eee8a2704f
                                                            • Opcode Fuzzy Hash: 5cd0dbcb3dc44f27bb36e5054769263cb4cb02c5968074beab936ae2e153ada0
                                                            • Instruction Fuzzy Hash: 77F0E936F201249BDB74A5B9D9405DF7336FBC4364F004629E921F76C4EA315815C7D0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E1390 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8666b30bf1a3b74d72115aacdfbf044d6b32ab7a6dfe068a604acadf637deb71
                                                            • Instruction ID: 7d217e1fc992d94c8e4392a2eac9f9fbdf892d78f624da93d69317c616347c19
                                                            • Opcode Fuzzy Hash: 8666b30bf1a3b74d72115aacdfbf044d6b32ab7a6dfe068a604acadf637deb71
                                                            • Instruction Fuzzy Hash: F6F037B4D04209AFDB54DFBAC846AAEBFF4FB48300F0144A9D540E7311EB759641CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E0FE0 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3d4993a26a25c2a17d85f3f48075082d025d52da4ceb260727fb83d6a3399e6
                                                            • Instruction ID: 26a35005503358fee2ccd5f0002d18977741a57dfcee41e05b38dacae44046c5
                                                            • Opcode Fuzzy Hash: e3d4993a26a25c2a17d85f3f48075082d025d52da4ceb260727fb83d6a3399e6
                                                            • Instruction Fuzzy Hash: 2D01FB70900259DFEB14CF6AC4483EEBEF1BF48360F108669E564AA2A0D7B54A40CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063EC7F8 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d72bd286983ec4db6ffab750ae7133d4f50a0a788ff8381725719fd716cbcf43
                                                            • Instruction ID: 95323a132ce4b881766e1a98a59ff609e869e8af21d0dc17a1c0d26718e58718
                                                            • Opcode Fuzzy Hash: d72bd286983ec4db6ffab750ae7133d4f50a0a788ff8381725719fd716cbcf43
                                                            • Instruction Fuzzy Hash: 95F0A732F202389BDB24A565DC00A9FB73AF784354F004529E911E7684D6316C0587D0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 063E82DF Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3774808384.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_63e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b6031e8bba31c900712c5a1725d1223ad487efc3aaf7d35f213e773dccb71be4
                                                            • Instruction ID: 4d08dbbdebce8c77da8d270c61725d3473252da411afbb02e8fac7435d8985d0
                                                            • Opcode Fuzzy Hash: b6031e8bba31c900712c5a1725d1223ad487efc3aaf7d35f213e773dccb71be4
                                                            • Instruction Fuzzy Hash: ABF05E39E40124CFDF649A44EE402AC7774FB00355F194462C415979D5C335AA86CBE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E1080 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a813bd788aee2dedc0190e99844e6bee09d7b8e8c63bd93baa102047c92a6d61
                                                            • Instruction ID: bf09ffdc46512d7c5d0255837db96ebefee2df1bfefff3aeee05fa76184b1537
                                                            • Opcode Fuzzy Hash: a813bd788aee2dedc0190e99844e6bee09d7b8e8c63bd93baa102047c92a6d61
                                                            • Instruction Fuzzy Hash: 41E092317002186FD3049A5EDC40E6BFBEDFFC9620B21807AF504D7361CAB0AC0186B4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E10C1 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5c7df5d476dfb9f0745937e2c708849a8fac3be3eac79feeba0fc814f65d7dfd
                                                            • Instruction ID: 30706435f25ab5e38c38766305faec8d2b41e3598d5d084f2805805ff69bce6a
                                                            • Opcode Fuzzy Hash: 5c7df5d476dfb9f0745937e2c708849a8fac3be3eac79feeba0fc814f65d7dfd
                                                            • Instruction Fuzzy Hash: 34F0E5323083805FC3118B6EDC84D06BFB8EF8A33071544EAF549CB362C521AC01CBA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E13A0 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bc7def4e58c78899fffd8bf5113a11308e92487620ff7eb603f4bbf2eef789ba
                                                            • Instruction ID: eb982a3be4227d518401e15a47f089516337dcf322db38a165bb7dd212cf0b51
                                                            • Opcode Fuzzy Hash: bc7def4e58c78899fffd8bf5113a11308e92487620ff7eb603f4bbf2eef789ba
                                                            • Instruction Fuzzy Hash: E6F0DAB0E0420ADFDB54DFAAD845AAEBBF4FB48200F1045A9D558E7301EB7596418B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E1338 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 118ad602adb8e12a8e71e78f5d0bdf3564ecccf118cfe515cbac1a5955c93013
                                                            • Instruction ID: eade568f592b7c971b2563452f6450c962acd794e2c19dac97733f662c2f668a
                                                            • Opcode Fuzzy Hash: 118ad602adb8e12a8e71e78f5d0bdf3564ecccf118cfe515cbac1a5955c93013
                                                            • Instruction Fuzzy Hash: 1AF0F8B1800205AFCB50DF7AC849A9ABBF0EB09300F1285AAD444EB261E77456058B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E10D0 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 400aa77e20c4168f819f4652c38b5aab61c6a7b792e270d92535a6e8976e409a
                                                            • Instruction ID: 4f17ff32f6e4a38fc74aa8b57eff50bcb57a40d29770afda4d5dee45e0698181
                                                            • Opcode Fuzzy Hash: 400aa77e20c4168f819f4652c38b5aab61c6a7b792e270d92535a6e8976e409a
                                                            • Instruction Fuzzy Hash: 4CE0EC36304614AFC3149A4EEC88D4AFBADFFC9775B55806AFA49C7361CA71AC01C6A4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E1430 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9e4a2a3a0a589d2e4de6ae2cc3dd1dc6dfd570d380780720977771e0fb62c68b
                                                            • Instruction ID: fd899f8ddf9a86213e29ee72cf224dc302eaa2ae93018855ad5cdd42d801a85e
                                                            • Opcode Fuzzy Hash: 9e4a2a3a0a589d2e4de6ae2cc3dd1dc6dfd570d380780720977771e0fb62c68b
                                                            • Instruction Fuzzy Hash: D9E0C2731143085FCB42DAB4D844D423BDDAB25300B0180A3E4C4CB121E221E0549B42
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 010E1348 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000E.00000002.3759408276.00000000010E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_14_2_10e0000_RegSvcs.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 344e4b79ceb90c5d43e1f3db5da77ae9590b56db0f7ba411fd68898b61e7fa66
                                                            • Instruction ID: d9818e2b9e998a2bf45694062984882aed970b46be54e8ff0a83b48838389301
                                                            • Opcode Fuzzy Hash: 344e4b79ceb90c5d43e1f3db5da77ae9590b56db0f7ba411fd68898b61e7fa66
                                                            • Instruction Fuzzy Hash: 8AE0B6B0D44209DFD740EFBAC909A5EBBF0BF08700F11C5AAD019E7261E77496058F91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Executed Functions

                                                            Function 011E1340 Relevance: .6, Instructions: 591COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.1438798295.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_11e0000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f9aca19d128bdc915912827f0543dadd59fc7ad6144924120fbd3c32e787ff0a
                                                            • Instruction ID: 03937c23cf112fc1357cb53c9f6c2ad336e49561da7150ee08e230b18779dc6d
                                                            • Opcode Fuzzy Hash: f9aca19d128bdc915912827f0543dadd59fc7ad6144924120fbd3c32e787ff0a
                                                            • Instruction Fuzzy Hash: B5327C30700712DFDB6CEF75E49466A77E2BB88305B148A2CC5168B788EB35EC91CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011E0BC0 Relevance: .3, Instructions: 336COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.1438798295.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_11e0000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e6e1ef2748bd8c4f961b011465966f2e6f6116063e65b662edd1b25f45e8f985
                                                            • Instruction ID: ed09a232de44eaded5081bbfe61c97a639d7f7d5cddb075f6dce15cf18f769ed
                                                            • Opcode Fuzzy Hash: e6e1ef2748bd8c4f961b011465966f2e6f6116063e65b662edd1b25f45e8f985
                                                            • Instruction Fuzzy Hash: EF81B034A00710CFDB299BB4D41869EBBF2FF88300F148569D41267668EB75ACD1CB81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011E1230 Relevance: .1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.1438798295.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_11e0000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 039307f4e41bb977cac3495da4c19193ec32a89cf599a821720344c572da079e
                                                            • Instruction ID: e2aea61ec4314b5090fe90fdb529b17efee166ca07b131078567db59becd9170
                                                            • Opcode Fuzzy Hash: 039307f4e41bb977cac3495da4c19193ec32a89cf599a821720344c572da079e
                                                            • Instruction Fuzzy Hash: 473108743407108FC759AB39C558A2D3BF2AF8A71535109E8E506CF371EA35EC42CB80
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011E1240 Relevance: .1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.1438798295.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_11e0000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 38ae0bef5dff2da265e707e1884287af6519fee85f080bccfbabeaaa9c5f6772
                                                            • Instruction ID: 1ee80a722795c105dd5ddce18269037bdf511b44027210181f26759ed39a1c97
                                                            • Opcode Fuzzy Hash: 38ae0bef5dff2da265e707e1884287af6519fee85f080bccfbabeaaa9c5f6772
                                                            • Instruction Fuzzy Hash: E421F4747407108FC759AB39C458A2D7BF2AF89B1636149B8E506CF371EA36EC42CB80
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011E1C00 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.1438798295.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_11e0000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9f035c13c389af8ac6459ee77ff2d3a783dd2286f7873f38fd917876de2a6c71
                                                            • Instruction ID: e1a6050e442e96ba654f301d53e4443f054346ea5480c6d10b051403ea59c618
                                                            • Opcode Fuzzy Hash: 9f035c13c389af8ac6459ee77ff2d3a783dd2286f7873f38fd917876de2a6c71
                                                            • Instruction Fuzzy Hash: DB11CE36E002168FCB40DFB8D8808DEBBF1FF8931031186AAE115EB221E731A915CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011E1C10 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.1438798295.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_11e0000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 343528f730e2fa1ba47e122114ec6ea9885eb9d55acefc4bdc3054150760c6d1
                                                            • Instruction ID: 2a6f3572713458595b76bedc3a4ebb1fa19904366d27b6c1008ac761b2e08ace
                                                            • Opcode Fuzzy Hash: 343528f730e2fa1ba47e122114ec6ea9885eb9d55acefc4bdc3054150760c6d1
                                                            • Instruction Fuzzy Hash: 67017575E002159FCB44EFB9E8448AFFBF5FF89310710866AE51597224EB31A915CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011E0880 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.1438798295.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_11e0000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a7285e4a695286f3bde5d22e3306fc44a52a569c25517a1e15b2d498dc27fe66
                                                            • Instruction ID: 1364960bf92ea48f5caa3ee3596105cfb5c2553cc8b558ce9dcd68fa3bdf32e7
                                                            • Opcode Fuzzy Hash: a7285e4a695286f3bde5d22e3306fc44a52a569c25517a1e15b2d498dc27fe66
                                                            • Instruction Fuzzy Hash: 51F04F70A093659FC7429BB89D601DA7BF0EE46214B1500ABD8C5D7112E2784D15CBE2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011E0F9D Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.1438798295.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_11e0000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f19deb5db193965734ab8cf83918fea07e635f74e2c3f5706c8e652d8b64499
                                                            • Instruction ID: 0dd83cd9c4901e4d4e54c2cff5536d7614087171455b85b191531f22be05e3a7
                                                            • Opcode Fuzzy Hash: 7f19deb5db193965734ab8cf83918fea07e635f74e2c3f5706c8e652d8b64499
                                                            • Instruction Fuzzy Hash: D5F01C74A40705DFDB28DBB8C05CBAD7BF0BB08704F250898D412A7260DBB48CC4CB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011E1AE0 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.1438798295.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_11e0000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4840801c969ded3a2bd822e35d2b04a2627a44989b19c5bf6cf126cc77b99d8f
                                                            • Instruction ID: 926f42ad9c26d3fc4c1a10437296b800547c673bc42d675ca1fbb24eef50b5e1
                                                            • Opcode Fuzzy Hash: 4840801c969ded3a2bd822e35d2b04a2627a44989b19c5bf6cf126cc77b99d8f
                                                            • Instruction Fuzzy Hash: BFD01235700214DBC714EB69F949A453BB8AF09611F5041A5E604CB254EB71DC14C7D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011E08A8 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.1438798295.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_11e0000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 14e66db59c242eb5b3a781c0ff736cc3f0577b14e268cdb6ac114f1223e4e689
                                                            • Instruction ID: dee2f7839ffba91db62971a7c74812053178d4b6599c7dd54ffa8d0b2c128b1a
                                                            • Opcode Fuzzy Hash: 14e66db59c242eb5b3a781c0ff736cc3f0577b14e268cdb6ac114f1223e4e689
                                                            • Instruction Fuzzy Hash: 8DD017B1D01229EF8B40EFF899091DEBBF8EE08250B000576D919E3200F3705A108BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Executed Functions

                                                            Function 00D71340 Relevance: 1.8, Strings: 1, Instructions: 599COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000012.00000002.1521484692.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_18_2_d70000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: xX1snC^
                                                            • API String ID: 0-1379128307
                                                            • Opcode ID: aedf949d3542b2d37d39b07d415f04c8e4a326f35215908be00052b3673a8a11
                                                            • Instruction ID: 558375423cecaf9572ac2ba9324dd1b4323ea409ff9f49617ac4996866072070
                                                            • Opcode Fuzzy Hash: aedf949d3542b2d37d39b07d415f04c8e4a326f35215908be00052b3673a8a11
                                                            • Instruction Fuzzy Hash: 11326034704241CFD728DF78D89476E77B2BB88345B24892DD55A8B398EB35EC82CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D70BC0 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000012.00000002.1521484692.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_18_2_d70000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: xX1snC^
                                                            • API String ID: 0-1379128307
                                                            • Opcode ID: 05ada073cd2f8a87c990591555ebc6d937a394af672c6ca9f3f4b4aa16a0e541
                                                            • Instruction ID: c22ed789e206296f763b62a56825e1f1952d1e6b400cd3a186328c7120c39700
                                                            • Opcode Fuzzy Hash: 05ada073cd2f8a87c990591555ebc6d937a394af672c6ca9f3f4b4aa16a0e541
                                                            • Instruction Fuzzy Hash: 4E81C535A00340CFDB269BB4D4587AEBBB2BF88310F14C569D4569B6A4EF75AC81CB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D71230 Relevance: .1, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000012.00000002.1521484692.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_18_2_d70000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a88ccab79acfba056b2bc64914a1f3e85759e35b30b736a441a56351cbbd3309
                                                            • Instruction ID: 9d322180732ed30899154e3c1d12895c0cbe07def3d3468bf4a9102cb1f6ffba
                                                            • Opcode Fuzzy Hash: a88ccab79acfba056b2bc64914a1f3e85759e35b30b736a441a56351cbbd3309
                                                            • Instruction Fuzzy Hash: 1B3147747413508FCB19AB39C45892D3BF2AF8A71135549B9E40ACF772EA35EC42CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D71240 Relevance: .1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000012.00000002.1521484692.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_18_2_d70000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6a11b90406b7d6ceb1d02a9c0c9d5a8c48d3f82d03c0e678b1bb3d8a6e366dd3
                                                            • Instruction ID: 0dbb6131f001b4aecde76de5da549a65b75096960ae2fc010e2a5026154550cf
                                                            • Opcode Fuzzy Hash: 6a11b90406b7d6ceb1d02a9c0c9d5a8c48d3f82d03c0e678b1bb3d8a6e366dd3
                                                            • Instruction Fuzzy Hash: 7121D4757403108FC759AB39C458A2D77B2AF89B1536149B8E50ACF371EA76EC42CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D71C00 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000012.00000002.1521484692.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_18_2_d70000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8350988bcb009a1d24dbf3d967c75a47586e8e4121118c57c1b6c271ef61cf31
                                                            • Instruction ID: e33afb0ab70c9eced38a0674a64bd9c420ab8f3c62cf0229394dc81deb8bd262
                                                            • Opcode Fuzzy Hash: 8350988bcb009a1d24dbf3d967c75a47586e8e4121118c57c1b6c271ef61cf31
                                                            • Instruction Fuzzy Hash: B0118276E042458FCB41DFB8D8448AEFFB1FF9930071186AAE515DB221E7309905CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D71C10 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000012.00000002.1521484692.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_18_2_d70000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 06158bdf7e3c8544b15376df21dae7badcab22bc0d4fb7c9b9eef5ba6c291445
                                                            • Instruction ID: 56a9237035d710258a47966bf05b4a0eded15b0d4770d12cb9d02ae5898dab97
                                                            • Opcode Fuzzy Hash: 06158bdf7e3c8544b15376df21dae7badcab22bc0d4fb7c9b9eef5ba6c291445
                                                            • Instruction Fuzzy Hash: EC017576E00205DFCB44EFB9D84489FFBF5FF89310710866AE51997225EB30A915CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D70880 Relevance: .0, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000012.00000002.1521484692.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_18_2_d70000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dade9905bdc9155823c35def8e2250949172c150a402f9c173fb5f3f44ddb46f
                                                            • Instruction ID: a2990e5f8ad13ae2603b277711ef7de593dd89e4376281480c8a696370576129
                                                            • Opcode Fuzzy Hash: dade9905bdc9155823c35def8e2250949172c150a402f9c173fb5f3f44ddb46f
                                                            • Instruction Fuzzy Hash: F5F06261E0E3E49FCB13A77498520AA7FB05D17710B1491FBC4C9D7593E225491E87E3
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D70F9D Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000012.00000002.1521484692.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_18_2_d70000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 422b65d9bbd1ea4f0fb9b0b68268e2c981b70dad72d3e511813e51d448b59d37
                                                            • Instruction ID: 204ea2da8028ff03c17d9609a275952aaff3e30fa893a52c28eacd3c72fdaf3f
                                                            • Opcode Fuzzy Hash: 422b65d9bbd1ea4f0fb9b0b68268e2c981b70dad72d3e511813e51d448b59d37
                                                            • Instruction Fuzzy Hash: 93F01C74A00345CFDB24DF68C4587ADBBB0BB48704F244999D406AB2A0EBB48C84CB60
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D71AE0 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000012.00000002.1521484692.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_18_2_d70000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ca8c2c23298b96099a92c3199847a2a9e04f8669db4b4ab980f3a17c97d4cebc
                                                            • Instruction ID: 2920f843a338c13839bead8a8ae0ca161ffca3e4cf36a1f3ce68cad86f260d70
                                                            • Opcode Fuzzy Hash: ca8c2c23298b96099a92c3199847a2a9e04f8669db4b4ab980f3a17c97d4cebc
                                                            • Instruction Fuzzy Hash: 44D012357102149FC710EB69E949B493778AB09651F504195E508DB2A0EB61DD14C7D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D708A8 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000012.00000002.1521484692.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_18_2_d70000_BjTxJte.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f5eeac388deb1bc25ca954a424d31404d2aa5a66ff6c2ca9d14d1b3a0b90f2d4
                                                            • Instruction ID: 4c290f196bad57d9151d202a3e82d181e03f507b0052ebb57a9ff459e624525c
                                                            • Opcode Fuzzy Hash: f5eeac388deb1bc25ca954a424d31404d2aa5a66ff6c2ca9d14d1b3a0b90f2d4
                                                            • Instruction Fuzzy Hash: ABD067B1D01219EF8B40EFB999052DEBBF8FE09250B104566D959E7300F6709A108BE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%