Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ExAXLXWP9K.exe

Overview

General Information

Sample name:ExAXLXWP9K.exe
renamed because original name is a hash value
Original sample name:ca28053841e7d7e6b42f7b7dd38b0f50.exe
Analysis ID:1431008
MD5:ca28053841e7d7e6b42f7b7dd38b0f50
SHA1:c9569814c98db8abb4aab100ab2eea649eeb9af8
SHA256:4ae2e13993a8ef1fbaf538b4da18eca6e0b5ada918cbeb256c8490f6fc3b34fc
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected RedLine Stealer
C2 URLs / IPs found in malware configuration
Installs new ROOT certificates
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • ExAXLXWP9K.exe (PID: 616 cmdline: "C:\Users\user\Desktop\ExAXLXWP9K.exe" MD5: CA28053841E7D7E6B42F7B7DD38B0F50)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["103.113.70.99:2630"], "Bot Id": "spoo", "Authorization Header": "a442868c38da8722ebccd4819def00b2"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ExAXLXWP9K.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000000.2024404772.00000000006B2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Process Memory Space: ExAXLXWP9K.exe PID: 616JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: ExAXLXWP9K.exe PID: 616JoeSecurity_RedLineYara detected RedLine StealerJoe Security

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.0.ExAXLXWP9K.exe.6b0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Snort Signatures

                  Timestamp:04/24/24-13:07:10.061010
                  SID:2043234
                  Source Port:2630
                  Destination Port:49704
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/24/24-13:07:28.632979
                  SID:2043231
                  Source Port:49704
                  Destination Port:2630
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/24/24-13:07:20.396167
                  SID:2046056
                  Source Port:2630
                  Destination Port:49704
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/24/24-13:07:06.715468
                  SID:2046045
                  Source Port:49704
                  Destination Port:2630
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: ExAXLXWP9K.exeMalware Configuration Extractor: RedLine {"C2 url": ["103.113.70.99:2630"], "Bot Id": "spoo", "Authorization Header": "a442868c38da8722ebccd4819def00b2"}
                  Multi AV Scanner detection for submitted file
                  Source: ExAXLXWP9K.exeVirustotal: Detection: 62%Perma Link
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F0104 CryptUnprotectData,0_2_079F0104
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F0680 CryptUnprotectData,0_2_079F0680
                  Source: ExAXLXWP9K.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: ExAXLXWP9K.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 4x nop then jmp 079F97A5h0_2_079F93D8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 4x nop then jmp 079F97A5h0_2_079F93C8

                  Networking

                  barindex
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.5:49704 -> 103.113.70.99:2630
                  Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.5:49704 -> 103.113.70.99:2630
                  Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 103.113.70.99:2630 -> 192.168.2.5:49704
                  Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 103.113.70.99:2630 -> 192.168.2.5:49704
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: 103.113.70.99:2630
                  Source: global trafficTCP traffic: 192.168.2.5:49704 -> 103.113.70.99:2630
                  Source: Joe Sandbox ViewIP Address: 103.113.70.99 103.113.70.99
                  Source: Joe Sandbox ViewASN Name: NETCONNECTWIFI-ASNetConnectWifiPvtLtdIN NETCONNECTWIFI-ASNetConnectWifiPvtLtdIN
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350066133.000000000116E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000033B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000033B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000033B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15V
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000033B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000033B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                  Source: ExAXLXWP9K.exeString found in binary or memory: https://api.ip.sb/ip
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp9FF3.tmpJump to dropped file
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile created: C:\Users\user\AppData\Local\Temp\TmpA004.tmpJump to dropped file
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_028925D80_2_028925D8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_0289DC740_2_0289DC74
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_04FA69480_2_04FA6948
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_04FA7C200_2_04FA7C20
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_04FA00400_2_04FA0040
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_04FA001C0_2_04FA001C
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_04FA7C120_2_04FA7C12
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_04FA5A430_2_04FA5A43
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_062E38380_2_062E3838
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_062F67D80_2_062F67D8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_062FA3E80_2_062FA3E8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_062F3F500_2_062F3F50
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_062FA3D80_2_062FA3D8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_062F6FE80_2_062F6FE8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_062F6FF80_2_062F6FF8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F87C80_2_079F87C8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F66B80_2_079F66B8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079FB4600_2_079FB460
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F6B380_2_079F6B38
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F72300_2_079F7230
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F39980_2_079F3998
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F49600_2_079F4960
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F58880_2_079F5888
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F80700_2_079F8070
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F60600_2_079F6060
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F4FB80_2_079F4FB8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F93D80_2_079F93D8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F93C80_2_079F93C8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F6B280_2_079F6B28
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F2AF00_2_079F2AF0
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F2AE00_2_079F2AE0
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F39890_2_079F3989
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F21D80_2_079F21D8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F21C80_2_079F21C8
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F494F0_2_079F494F
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F60500_2_079F6050
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F58780_2_079F5878
                  Source: ExAXLXWP9K.exe, 00000000.00000000.2024430330.00000000006F6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUpspearing.exe8 vs ExAXLXWP9K.exe
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2349530812.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ExAXLXWP9K.exe
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs ExAXLXWP9K.exe
                  Source: ExAXLXWP9K.exeBinary or memory string: OriginalFilenameUpspearing.exe8 vs ExAXLXWP9K.exe
                  Source: ExAXLXWP9K.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/5@0/1
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeMutant created: NULL
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp9FF3.tmpJump to behavior
                  Source: ExAXLXWP9K.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: ExAXLXWP9K.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002C88000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002C0B000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002BF5000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002C9E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: ExAXLXWP9K.exeVirustotal: Detection: 62%
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: esdsip.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32Jump to behavior
                  Source: Google Chrome.lnk.0.drLNK file: ..\..\..\Program Files\Google\Chrome\Application\chrome.exe
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: ExAXLXWP9K.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: ExAXLXWP9K.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: ExAXLXWP9K.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: ExAXLXWP9K.exeStatic PE information: 0xF0DBE6BE [Sun Jan 19 04:14:54 2098 UTC]
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_062E1DAF push FFFFFF8Bh; retf 0_2_062E1DB1
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_062FE060 push es; ret 0_2_062FE070
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_062FECF2 push eax; ret 0_2_062FED01
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeCode function: 0_2_079F8D18 push eax; retf 0_2_079F8D41

                  Persistence and Installation Behavior

                  barindex
                  Installs new ROOT certificates
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 BlobJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeMemory allocated: 2820000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeMemory allocated: 29F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeMemory allocated: 49F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWindow / User API: threadDelayed 2508Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exe TID: 4372Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exe TID: 4144Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2372865317.00000000066AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2367817241.0000000003EA5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Users\user\Desktop\ExAXLXWP9K.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: ExAXLXWP9K.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.ExAXLXWP9K.exe.6b0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000000.2024404772.00000000006B2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: ExAXLXWP9K.exe PID: 616, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                  Source: C:\Users\user\Desktop\ExAXLXWP9K.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                  Source: Yara matchFile source: 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: ExAXLXWP9K.exe PID: 616, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: ExAXLXWP9K.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.ExAXLXWP9K.exe.6b0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000000.2024404772.00000000006B2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: ExAXLXWP9K.exe PID: 616, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Masquerading                  		1
                  OS Credential Dumping                  		1
                  Query Registry                  		Remote Services1
                  Archive Collected Data                  		2
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                  Disable or Modify Tools                  		LSASS Memory221
                  Security Software Discovery                  		Remote Desktop Protocol2
                  Data from Local System                  		1
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                  Virtualization/Sandbox Evasion                  		Security Account Manager1
                  Process Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                  Obfuscated Files or Information                  		NTDS241
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Install Root Certificate                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Timestomp                  		Cached Domain Credentials1
                  File and Directory Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync113
                  System Information Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  ExAXLXWP9K.exe63%VirustotalBrowse

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://purl.oen0%URL Reputationsafe
                  https://api.ip.sb/ip0%URL Reputationsafe
                  http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id14ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id23ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id23ResponseD1%VirustotalBrowse
                  http://tempuri.org/Entity/Id15V0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id12Response2%VirustotalBrowse
                  http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id91%VirustotalBrowse
                  http://tempuri.org/Entity/Id90%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id15V1%VirustotalBrowse
                  http://tempuri.org/Entity/Id80%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id14ResponseD2%VirustotalBrowse
                  http://tempuri.org/Entity/Id2Response2%VirustotalBrowse
                  http://tempuri.org/Entity/Id21Response4%VirustotalBrowse
                  http://tempuri.org/Entity/Id6ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id50%Avira URL Cloudsafe
                  http://tempuri.org/2%VirustotalBrowse
                  http://tempuri.org/Entity/Id70%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id40%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id60%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id81%VirustotalBrowse
                  http://tempuri.org/Entity/Id6ResponseD1%VirustotalBrowse
                  http://tempuri.org/Entity/Id13ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id19Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id51%VirustotalBrowse
                  http://tempuri.org/Entity/Id41%VirustotalBrowse
                  http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id5ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id71%VirustotalBrowse
                  http://tempuri.org/Entity/Id6Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id1ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id9Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id5ResponseD2%VirustotalBrowse
                  http://tempuri.org/Entity/Id13ResponseD1%VirustotalBrowse
                  http://tempuri.org/Entity/Id200%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id9Response2%VirustotalBrowse
                  http://tempuri.org/Entity/Id19Response2%VirustotalBrowse
                  http://tempuri.org/Entity/Id210%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id15Response2%VirustotalBrowse
                  http://tempuri.org/Entity/Id220%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id230%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id1ResponseD1%VirustotalBrowse
                  http://tempuri.org/Entity/Id201%VirustotalBrowse
                  http://tempuri.org/Entity/Id61%VirustotalBrowse
                  http://tempuri.org/Entity/Id240%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id1Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id211%VirustotalBrowse
                  http://tempuri.org/Entity/Id21ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id100%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id231%VirustotalBrowse
                  http://tempuri.org/Entity/Id6Response2%VirustotalBrowse
                  http://tempuri.org/Entity/Id110%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id1Response2%VirustotalBrowse
                  http://tempuri.org/Entity/Id24Response1%VirustotalBrowse
                  http://tempuri.org/Entity/Id10ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id21ResponseD1%VirustotalBrowse
                  http://tempuri.org/Entity/Id120%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id16Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id241%VirustotalBrowse
                  http://tempuri.org/Entity/Id130%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id10ResponseD1%VirustotalBrowse
                  http://tempuri.org/Entity/Id101%VirustotalBrowse
                  http://tempuri.org/Entity/Id140%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id16Response2%VirustotalBrowse
                  http://tempuri.org/Entity/Id150%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id131%VirustotalBrowse
                  http://tempuri.org/Entity/Id160%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id170%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id141%VirustotalBrowse
                  http://tempuri.org/Entity/Id111%VirustotalBrowse
                  http://tempuri.org/Entity/Id121%VirustotalBrowse
                  http://tempuri.org/Entity/Id180%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id161%VirustotalBrowse
                  http://tempuri.org/Entity/Id190%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id15ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id171%VirustotalBrowse
                  http://tempuri.org/Entity/Id11ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id221%VirustotalBrowse
                  http://tempuri.org/Entity/Id8Response0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id17ResponseD0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id8ResponseD0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://schemas.xmlsoap.org/ws/2005/02/sc/sctExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://tempuri.org/Entity/Id14ResponseDExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpfalse
                        • 2%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://tempuri.org/Entity/Id23ResponseDExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000033B7000.00000004.00000800.00020000.00000000.sdmpfalse
                        • 1%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://tempuri.org/Entity/Id12ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000033B7000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 2%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://tempuri.org/ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 2%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://tempuri.org/Entity/Id2ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 2%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://tempuri.org/Entity/Id15VExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AE7000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 1%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://tempuri.org/Entity/Id21ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • 4%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://tempuri.org/Entity/Id9ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • 1%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id8ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://tempuri.org/Entity/Id6ResponseDExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://tempuri.org/Entity/Id5ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id4ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://tempuri.org/Entity/Id7ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://purl.oenExAXLXWP9K.exe, 00000000.00000002.2350066133.000000000116E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/Entity/Id6ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id19ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • 2%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id13ResponseDExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • 1%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/faultExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2004/10/wsatExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Entity/Id15ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • 2%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://tempuri.org/Entity/Id5ResponseDExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • 2%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id6ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • 2%, Virustotal, Browse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://api.ip.sb/ipExAXLXWP9K.exefalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2004/04/scExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tempuri.org/Entity/Id1ResponseDExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • 1%, Virustotal, Browse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id9ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • 2%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://tempuri.org/Entity/Id20ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • 1%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://tempuri.org/Entity/Id21ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • 1%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://tempuri.org/Entity/Id22ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • 1%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://tempuri.org/Entity/Id23ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • 1%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Entity/Id24ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • 1%, Virustotal, Browse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id24ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • 1%, Virustotal, Browse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://tempuri.org/Entity/Id1ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • 2%, Virustotal, Browse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id21ResponseDExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • 1%, Virustotal, Browse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressingExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/trustExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Entity/Id10ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • 1%, Virustotal, Browse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://tempuri.org/Entity/Id11ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • 1%, Virustotal, Browse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://tempuri.org/Entity/Id10ResponseDExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • 1%, Virustotal, Browse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://tempuri.org/Entity/Id12ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • 1%, Virustotal, Browse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://tempuri.org/Entity/Id16ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • 2%, Virustotal, Browse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://tempuri.org/Entity/Id13ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • 1%, Virustotal, Browse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://tempuri.org/Entity/Id14ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • 1%, Virustotal, Browse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://tempuri.org/Entity/Id15ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://tempuri.org/Entity/Id16ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • 1%, Virustotal, Browse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/NonceExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://tempuri.org/Entity/Id17ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • 1%, Virustotal, Browse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id18ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id5ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id19ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://tempuri.org/Entity/Id15ResponseDExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://tempuri.org/Entity/Id10ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RenewExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id11ResponseDExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000033B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id8ResponseExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0ExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2006/02/addressingidentityExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id17ResponseDExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002AEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/soap/envelope/ExAXLXWP9K.exe, 00000000.00000002.2350762263.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id8ResponseDExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyExAXLXWP9K.exe, 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      103.113.70.99
                                                                                                                      		unknownIndia
                                                                                                                      		133973NETCONNECTWIFI-ASNetConnectWifiPvtLtdINtrue

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                      Analysis ID:1431008
                                                                                                                      Start date and time:2024-04-24 13:06:07 +02:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 5m 13s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Number of analysed new started processes analysed:4
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:0
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:ExAXLXWP9K.exe
                                                                                                                      renamed because original name is a hash value
                                                                                                                      Original Sample Name:ca28053841e7d7e6b42f7b7dd38b0f50.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@1/5@0/1
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 100%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 100%
                                                                                                                      • Number of executed functions: 105
                                                                                                                      • Number of non-executed functions: 27
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      13:07:26API Interceptor15x Sleep call for process: ExAXLXWP9K.exe modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      103.113.70.9944QHzbqD3m.exeGet hashmaliciousRedLineBrowse
                                                                                                                        3q1lESMAMh.exeGet hashmaliciousRedLineBrowse
                                                                                                                          fkmfYBX2c6.exeGet hashmaliciousRedLineBrowse
                                                                                                                            IcDaW5Yzvb.exeGet hashmaliciousRedLineBrowse
                                                                                                                              W8Q1QyZc1j.exeGet hashmaliciousRedLineBrowse
                                                                                                                                W8Q1QyZc1j.exeGet hashmaliciousRedLineBrowse

                                                                                                                                  Domains

                                                                                                                                  No context

                                                                                                                                  ASNs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  NETCONNECTWIFI-ASNetConnectWifiPvtLtdIN44QHzbqD3m.exeGet hashmaliciousRedLineBrowse
                                                                                                                                  • 103.113.70.99
                                                                                                                                  3q1lESMAMh.exeGet hashmaliciousRedLineBrowse
                                                                                                                                  • 103.113.70.99
                                                                                                                                  fkmfYBX2c6.exeGet hashmaliciousRedLineBrowse
                                                                                                                                  • 103.113.70.99
                                                                                                                                  IcDaW5Yzvb.exeGet hashmaliciousRedLineBrowse
                                                                                                                                  • 103.113.70.99
                                                                                                                                  W8Q1QyZc1j.exeGet hashmaliciousRedLineBrowse
                                                                                                                                  • 103.113.70.99
                                                                                                                                  W8Q1QyZc1j.exeGet hashmaliciousRedLineBrowse
                                                                                                                                  • 103.113.70.99
                                                                                                                                  https://www.wsj.pm/download.phpGet hashmaliciousNetSupport RATBrowse
                                                                                                                                  • 103.113.70.37
                                                                                                                                  3A8YbQ0RZ7.dllGet hashmaliciousQbotBrowse
                                                                                                                                  • 103.113.68.33
                                                                                                                                  onuxDag8Co.exeGet hashmaliciousLummaC Stealer, RedLine, SectopRATBrowse
                                                                                                                                  • 103.113.68.183
                                                                                                                                  wssays.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 103.113.70.18

                                                                                                                                  JA3 Fingerprints

                                                                                                                                  No context

                                                                                                                                  Dropped Files

                                                                                                                                  No context

                                                                                                                                  Created / dropped Files

                                                                                                                                  C:\Users\Public\Desktop\Google Chrome.lnk

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\ExAXLXWP9K.exe
                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 13:16:56 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2104
                                                                                                                                  Entropy (8bit):3.4510367916039364
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:8SOl2dfTXddRYrnvPdAKRkdAGdAKRFdAKRE:8SOlOG
                                                                                                                                  MD5:14D091663C73CCE23EADFBEAF860A986
                                                                                                                                  SHA1:2C1E133DA317B23A955C1074822C447434AF819B
                                                                                                                                  SHA-256:8264443A11D312AABF8D6A571C49B0FC6385030EC013C4EB68F41527CA8CE2C8
                                                                                                                                  SHA-512:1891BA89B1FD1203832FE7A8E54026D1FC9D9D741F305796710FB3D709822591DFBF39DC5D16C2D33478F8E27D7B9B1D8882EFEF454E6B924CFA8A9E3534FEF9
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:low
                                                                                                                                  Preview:L..................F.@.. ......,.......n.......q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDW.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDWUl....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDWUl....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDWUl..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VDW.r..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ExAXLXWP9K.exe.log

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\ExAXLXWP9K.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):3274
                                                                                                                                  Entropy (8bit):5.3318368586986695
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY
                                                                                                                                  MD5:0B2E58EF6402AD69025B36C36D16B67F
                                                                                                                                  SHA1:5ECC642327EF5E6A54B7918A4BD7B46A512BF926
                                                                                                                                  SHA-256:4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7
                                                                                                                                  SHA-512:1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Tmp9FF3.tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\ExAXLXWP9K.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2662
                                                                                                                                  Entropy (8bit):7.8230547059446645
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                                                                                  MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                                                                                  SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                                                                                  SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                                                                                  SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                  Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                                                                                  C:\Users\user\AppData\Local\Temp\TmpA004.tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\ExAXLXWP9K.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2662
                                                                                                                                  Entropy (8bit):7.8230547059446645
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                                                                                  MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                                                                                  SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                                                                                  SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                                                                                  SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                  Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\ExAXLXWP9K.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2251
                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3::
                                                                                                                                  MD5:0158FE9CEAD91D1B027B795984737614
                                                                                                                                  SHA1:B41A11F909A7BDF1115088790A5680AC4E23031B
                                                                                                                                  SHA-256:513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
                                                                                                                                  SHA-512:C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  Static File Info

                                                                                                                                  General

                                                                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                  Entropy (8bit):5.069507606347515
                                                                                                                                  TrID:
                                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                  • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                  File name:ExAXLXWP9K.exe
                                                                                                                                  File size:312'332 bytes
                                                                                                                                  MD5:ca28053841e7d7e6b42f7b7dd38b0f50
                                                                                                                                  SHA1:c9569814c98db8abb4aab100ab2eea649eeb9af8
                                                                                                                                  SHA256:4ae2e13993a8ef1fbaf538b4da18eca6e0b5ada918cbeb256c8490f6fc3b34fc
                                                                                                                                  SHA512:c86f17323b43391c7a9b746787a7de607f4bf470be6c34827787c227301594a48a8fa3c49d4ac310d3fee7e6ba62754a151ee1ead15c87890637cd335802e301
                                                                                                                                  SSDEEP:6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
                                                                                                                                  TLSH:25645C1823EC8911E27F4B7994A1E274D375ED56A452E30F4ED06CAB3E32741FA11AB2
                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ... ....@.. ....................... ............@................................

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:4d8ea38d85a38e6d

                                                                                                                                  Static PE Info

                                                                                                                                  General

                                                                                                                                  Entrypoint:0x42b9ae
                                                                                                                                  Entrypoint Section:.text
                                                                                                                                  Digitally signed:false
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  Subsystem:windows gui
                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                  Time Stamp:0xF0DBE6BE [Sun Jan 19 04:14:54 2098 UTC]
                                                                                                                                  TLS Callbacks:
                                                                                                                                  CLR (.Net) Version:
                                                                                                                                  OS Version Major:4
                                                                                                                                  OS Version Minor:0
                                                                                                                                  File Version Major:4
                                                                                                                                  File Version Minor:0
                                                                                                                                  Subsystem Version Major:4
                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                  Entrypoint Preview

                                                                                                                                  Instruction
                                                                                                                                  jmp dword ptr [00402000h]
                                                                                                                                  popad
                                                                                                                                  add byte ptr [ebp+00h], dh
                                                                                                                                  je 00007F72A87DD742h
                                                                                                                                  outsd
                                                                                                                                  add byte ptr [esi+00h], ah
                                                                                                                                  imul eax, dword ptr [eax], 006C006Ch
                                                                                                                                  xor eax, 59007400h
                                                                                                                                  add byte ptr [edi+00h], dl
                                                                                                                                  push edx
                                                                                                                                  add byte ptr [ecx+00h], dh
                                                                                                                                  popad
                                                                                                                                  add byte ptr [edi+00h], dl
                                                                                                                                  push esi
                                                                                                                                  add byte ptr [edi+00h], ch
                                                                                                                                  popad
                                                                                                                                  add byte ptr [ebp+00h], ch
                                                                                                                                  push 61006800h
                                                                                                                                  add byte ptr [ebp+00h], ch
                                                                                                                                  dec edx
                                                                                                                                  add byte ptr [eax], bh
                                                                                                                                  add byte ptr [edi+00h], dl
                                                                                                                                  push edi
                                                                                                                                  add byte ptr [ecx], bh
                                                                                                                                  add byte ptr [ecx+00h], bh
                                                                                                                                  bound eax, dword ptr [eax]
                                                                                                                                  xor al, byte ptr [eax]
                                                                                                                                  insb
                                                                                                                                  add byte ptr [eax+00h], bl
                                                                                                                                  pop ecx
                                                                                                                                  add byte ptr [edi+00h], dl
                                                                                                                                  js 00007F72A87DD742h
                                                                                                                                  jnc 00007F72A87DD742h
                                                                                                                                  pop edx
                                                                                                                                  add byte ptr [eax+00h], bl
                                                                                                                                  push ecx
                                                                                                                                  add byte ptr [ebx+00h], cl
                                                                                                                                  popad
                                                                                                                                  add byte ptr [edi+00h], dl
                                                                                                                                  dec edx
                                                                                                                                  add byte ptr [ebp+00h], dh
                                                                                                                                  pop edx
                                                                                                                                  add byte ptr [edi+00h], dl
                                                                                                                                  jo 00007F72A87DD742h
                                                                                                                                  imul eax, dword ptr [eax], 5Ah
                                                                                                                                  add byte ptr [ebp+00h], ch
                                                                                                                                  jo 00007F72A87DD742h
                                                                                                                                  je 00007F72A87DD742h
                                                                                                                                  bound eax, dword ptr [eax]
                                                                                                                                  push edi
                                                                                                                                  add byte ptr [eax+eax+77h], dh
                                                                                                                                  add byte ptr [ecx+00h], bl
                                                                                                                                  xor al, byte ptr [eax]
                                                                                                                                  xor eax, 63007300h
                                                                                                                                  add byte ptr [edi+00h], al
                                                                                                                                  push esi
                                                                                                                                  add byte ptr [ecx+00h], ch
                                                                                                                                  popad
                                                                                                                                  add byte ptr [edx], dh
                                                                                                                                  add byte ptr [eax+00h], bh
                                                                                                                                  je 00007F72A87DD742h
                                                                                                                                  bound eax, dword ptr [eax]
                                                                                                                                  insd
                                                                                                                                  add byte ptr [eax+eax+76h], dh
                                                                                                                                  add byte ptr [edx+00h], bl
                                                                                                                                  push edi
                                                                                                                                  add byte ptr [ecx], bh
                                                                                                                                  add byte ptr [eax+00h], dh
                                                                                                                                  popad
                                                                                                                                  add byte ptr [edi+00h], al
                                                                                                                                  cmp dword ptr [eax], eax
                                                                                                                                  insd
                                                                                                                                  add byte ptr [edx+00h], bl
                                                                                                                                  push edi
                                                                                                                                  add byte ptr [esi+00h], cl
                                                                                                                                  cmp byte ptr [eax], al
                                                                                                                                  push esi
                                                                                                                                  add byte ptr [eax+00h], cl
                                                                                                                                  dec edx
                                                                                                                                  add byte ptr [esi+00h], dh
                                                                                                                                  bound eax, dword ptr [eax]
                                                                                                                                  insd
                                                                                                                                  add byte ptr [eax+00h], bh
                                                                                                                                  jo 00007F72A87DD742h
                                                                                                                                  bound eax, dword ptr [eax]
                                                                                                                                  insd
                                                                                                                                  add byte ptr [ebx+00h], dh

                                                                                                                                  Data Directories

                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x2b95c0x4f.text
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x320000x1c9d4.rsrc
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x500000xc.reloc
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x2b9400x1c.text
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                  Sections

                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                  .text0x20000x2e9940x2ec0064c48738b5efa1379746874c338807d5False0.4696168950534759data6.205450376900145IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                  .rsrc0x320000x1c9d40x1cc005b3e8f48de8a05507379330b3cf331a7False0.23725373641304348data2.6063301335912525IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                  .reloc0x500000xc0x400f921873e0b7f3fe3399366376917ef43False0.025390625data0.05390218305374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                  Resources

                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                  RT_ICON0x321a00x3d04PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9934058898847631
                                                                                                                                  RT_ICON0x35eb40x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.09013072282030049
                                                                                                                                  RT_ICON0x466ec0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.13905290505432216
                                                                                                                                  RT_ICON0x4a9240x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.17033195020746889
                                                                                                                                  RT_ICON0x4cedc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.2045028142589118
                                                                                                                                  RT_ICON0x4df940x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.24645390070921985
                                                                                                                                  RT_GROUP_ICON0x4e40c0x5adata0.7666666666666667
                                                                                                                                  RT_VERSION0x4e4780x35adata0.4417249417249417
                                                                                                                                  RT_MANIFEST0x4e7e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                  Imports

                                                                                                                                  DLLImport
                                                                                                                                  mscoree.dll_CorExeMain

                                                                                                                                  Network Behavior

                                                                                                                                  Snort IDS Alerts

                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                  04/24/24-13:07:10.061010TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response263049704103.113.70.99192.168.2.5
                                                                                                                                  04/24/24-13:07:28.632979TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497042630192.168.2.5103.113.70.99
                                                                                                                                  04/24/24-13:07:20.396167TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)263049704103.113.70.99192.168.2.5
                                                                                                                                  04/24/24-13:07:06.715468TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)497042630192.168.2.5103.113.70.99

                                                                                                                                  Network Port Distribution

                                                                                                                                  TCP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Apr 24, 2024 13:06:57.828517914 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:06:58.840449095 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:00.287190914 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:00.287336111 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:00.297216892 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:00.390374899 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:00.390568018 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:03.309365034 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:03.677241087 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:03.721246004 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:06.540352106 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:06.540489912 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:06.715467930 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:07.236264944 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:07.277919054 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:10.061009884 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:10.061088085 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:13.089145899 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:16.090341091 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:16.341633081 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:16.341684103 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:16.341718912 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:16.341753006 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:16.341801882 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:16.341828108 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:20.396167040 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:20.396404982 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:20.629538059 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:20.684067965 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:20.760421991 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:20.982624054 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:21.027918100 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:21.040200949 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:21.259939909 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:21.260024071 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:21.260056019 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:21.260121107 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:21.496957064 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:21.497030973 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:21.759102106 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:21.801986933 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:21.812004089 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:22.044074059 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:22.045041084 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:22.090315104 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:22.269030094 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:22.490698099 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:22.498579025 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:22.720134974 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:22.762190104 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:22.870321035 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:23.115148067 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:23.119703054 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:23.359921932 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:23.368616104 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:23.597274065 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:23.605423927 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:23.880048990 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:23.881105900 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:24.101741076 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:24.130460978 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:24.351481915 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:24.353718042 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:24.584884882 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:24.587914944 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:24.871433020 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:24.918231010 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:25.151273012 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.199661016 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:25.262540102 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:25.487926006 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.487951040 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.487962961 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.487977028 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.488066912 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:25.714811087 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.714976072 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:25.715049028 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.715188980 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:25.715604067 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.715617895 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.715646029 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.715941906 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:25.716022015 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:25.934804916 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.934828997 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.934910059 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.935945034 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.935960054 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.936074972 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.936387062 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.936507940 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.936518908 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.936532974 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.936546087 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.936639071 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:25.936714888 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:25.936841965 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.942222118 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.942327023 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.942339897 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.942353010 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.942476034 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.942492008 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:25.942682028 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:25.942749023 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:26.158763885 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.159018993 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.159250975 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.159547091 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.159801960 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.160012007 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.160322905 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:26.160378933 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:26.162457943 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.162646055 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.162673950 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.162797928 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.162962914 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.163018942 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.164155006 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.164207935 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.164514065 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.164525032 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.164792061 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.164947033 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.165059090 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.165262938 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.165471077 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.165482044 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.165688992 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:26.165730953 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:26.397839069 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.400113106 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.400125980 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.400374889 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.400594950 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.400854111 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.400942087 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.401019096 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.401216030 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.401318073 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:26.401384115 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:26.401405096 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.401417971 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.406512976 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.406620979 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.410202026 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.418257952 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.419135094 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:26.419189930 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:26.633754969 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.634068012 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.634143114 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.634275913 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.634469032 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.634566069 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.634799004 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:26.634866953 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:26.653554916 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.653675079 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.653738976 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.653935909 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.654062033 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.654237986 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.654283047 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.654499054 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:26.856986046 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.857021093 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.857170105 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.857258081 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.857270002 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.857336044 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.857441902 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.857629061 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.857640982 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.857803106 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.857889891 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.874383926 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.874433994 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.874469995 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.874505997 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.874619961 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.874696016 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.874800920 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.874912977 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.875008106 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.875041008 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.875211000 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.875411034 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.875448942 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.875581026 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.875670910 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.875814915 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.877770901 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:26.881746054 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:27.104923010 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:27.152795076 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:27.764765024 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:28.029571056 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:28.158344030 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:28.160244942 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:28.401959896 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:28.402612925 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:28.623723984 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:28.632978916 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:28.855037928 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                  Apr 24, 2024 13:07:28.902801037 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                  Apr 24, 2024 13:07:29.098176956 CEST497042630192.168.2.5103.113.70.99

                                                                                                                                  Statistics

                                                                                                                                  CPU Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Memory Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  High Level Behavior Distribution

                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                  System Behavior

                                                                                                                                  General

                                                                                                                                  Target ID:0
                                                                                                                                  Start time:13:06:56
                                                                                                                                  Start date:24/04/2024
                                                                                                                                  Path:C:\Users\user\Desktop\ExAXLXWP9K.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\Desktop\ExAXLXWP9K.exe"
                                                                                                                                  Imagebase:0x6b0000
                                                                                                                                  File size:312'332 bytes
                                                                                                                                  MD5 hash:CA28053841E7D7E6B42F7B7DD38B0F50
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.2024404772.00000000006B2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2350762263.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:low
                                                                                                                                  Has exited:true

                                                                                                                                  Disassembly

                                                                                                                                  Reset < >

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:9.6%
                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                    Signature Coverage:2.3%
                                                                                                                                    Total number of Nodes:133
                                                                                                                                    Total number of Limit Nodes:10
                                                                                                                                    execution_graph 49714 2894668 49715 289466a 49714->49715 49716 2894696 49715->49716 49720 28947a0 49715->49720 49725 2893e10 49716->49725 49718 28946b5 49721 28947c5 49720->49721 49729 28948a1 49721->49729 49733 28948b0 49721->49733 49726 2893e1b 49725->49726 49741 2895c54 49726->49741 49728 2896ff0 49728->49718 49730 28948b0 49729->49730 49732 28949b4 49730->49732 49737 2894248 49730->49737 49735 28948d7 49733->49735 49734 28949b4 49734->49734 49735->49734 49736 2894248 CreateActCtxA 49735->49736 49736->49734 49738 2895940 CreateActCtxA 49737->49738 49740 2895a03 49738->49740 49742 2895c5f 49741->49742 49745 2895c64 49742->49745 49744 289709d 49744->49728 49746 2895c6f 49745->49746 49749 2895c94 49746->49749 49748 289717a 49748->49744 49750 2895c9f 49749->49750 49753 2895cc4 49750->49753 49752 289726d 49752->49748 49754 2895ccf 49753->49754 49756 2898653 49754->49756 49759 289ad01 49754->49759 49755 2898691 49755->49752 49756->49755 49763 289cdf0 49756->49763 49767 289ad28 49759->49767 49771 289ad38 49759->49771 49760 289ad16 49760->49756 49764 289ce11 49763->49764 49765 289ce35 49764->49765 49794 289cfa0 49764->49794 49765->49755 49768 289ad38 49767->49768 49774 289ae30 49768->49774 49769 289ad47 49769->49760 49773 289ae30 2 API calls 49771->49773 49772 289ad47 49772->49760 49773->49772 49775 289ae41 49774->49775 49776 289ae64 49774->49776 49775->49776 49782 289b0b8 49775->49782 49786 289b0c8 49775->49786 49776->49769 49777 289ae5c 49777->49776 49778 289b068 GetModuleHandleW 49777->49778 49779 289b095 49778->49779 49779->49769 49783 289b0dc 49782->49783 49785 289b101 49783->49785 49790 289a870 49783->49790 49785->49777 49787 289b0dc 49786->49787 49788 289b101 49787->49788 49789 289a870 LoadLibraryExW 49787->49789 49788->49777 49789->49788 49791 289b2a8 LoadLibraryExW 49790->49791 49793 289b321 49791->49793 49793->49785 49795 289cfad 49794->49795 49796 289cfe7 49795->49796 49798 289c8d8 49795->49798 49796->49765 49799 289c8dd 49798->49799 49801 289d8f8 49799->49801 49802 289ca04 49799->49802 49801->49801 49803 289ca0f 49802->49803 49804 2895cc4 2 API calls 49803->49804 49805 289d967 49804->49805 49805->49801 49858 289d0b8 49859 289d0fe 49858->49859 49863 289d289 49859->49863 49866 289d298 49859->49866 49860 289d1eb 49869 289c9a0 49863->49869 49867 289d2c6 49866->49867 49868 289c9a0 DuplicateHandle 49866->49868 49867->49860 49868->49867 49870 289d300 DuplicateHandle 49869->49870 49871 289d2c6 49870->49871 49871->49860 49806 279d01c 49807 279d034 49806->49807 49808 279d08e 49807->49808 49811 4fa2c08 49807->49811 49820 4fa0ad4 49807->49820 49814 4fa2c45 49811->49814 49812 4fa2c79 49845 4fa0bfc 49812->49845 49814->49812 49815 4fa2c69 49814->49815 49829 4fa2e6c 49815->49829 49835 4fa2d90 49815->49835 49840 4fa2da0 49815->49840 49816 4fa2c77 49821 4fa0adf 49820->49821 49822 4fa2c79 49821->49822 49824 4fa2c69 49821->49824 49823 4fa0bfc CallWindowProcW 49822->49823 49825 4fa2c77 49823->49825 49826 4fa2e6c CallWindowProcW 49824->49826 49827 4fa2da0 CallWindowProcW 49824->49827 49828 4fa2d90 CallWindowProcW 49824->49828 49826->49825 49827->49825 49828->49825 49830 4fa2e2a 49829->49830 49831 4fa2e7a 49829->49831 49849 4fa2e58 49830->49849 49852 4fa2e48 49830->49852 49832 4fa2e40 49832->49816 49837 4fa2db4 49835->49837 49836 4fa2e40 49836->49816 49838 4fa2e58 CallWindowProcW 49837->49838 49839 4fa2e48 CallWindowProcW 49837->49839 49838->49836 49839->49836 49842 4fa2db4 49840->49842 49841 4fa2e40 49841->49816 49843 4fa2e58 CallWindowProcW 49842->49843 49844 4fa2e48 CallWindowProcW 49842->49844 49843->49841 49844->49841 49846 4fa0c07 49845->49846 49847 4fa435a CallWindowProcW 49846->49847 49848 4fa4309 49846->49848 49847->49848 49848->49816 49850 4fa2e69 49849->49850 49855 4fa429f 49849->49855 49850->49832 49853 4fa2e69 49852->49853 49854 4fa429f CallWindowProcW 49852->49854 49853->49832 49854->49853 49856 4fa0bfc CallWindowProcW 49855->49856 49857 4fa42aa 49856->49857 49857->49850 49707 79f0448 49708 79f0465 49707->49708 49711 79f0104 49708->49711 49712 79f0688 CryptUnprotectData 49711->49712 49713 79f049d 49712->49713 49872 79fa2e8 49873 79fa473 49872->49873 49875 79fa30e 49872->49875 49875->49873 49876 79f9038 49875->49876 49877 79fa568 PostMessageW 49876->49877 49878 79fa5d4 49877->49878 49878->49875

                                                                                                                                    Executed Functions

                                                                                                                                    Function 079F87C8 Relevance: 2.8, Strings: 2, Instructions: 304COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 819 79f87c8-79f87f0 820 79f87f7-79f88fd 819->820 821 79f87f2 819->821 836 79f88ff-79f8906 820->836 837 79f890b-79f89f0 820->837 821->820 838 79f8c3f-79f8c48 836->838 850 79f8bf7-79f8c00 837->850 851 79f8c07-79f8c1d 850->851 852 79f89f5-79f8be1 call 79f55f0 851->852 853 79f8c23-79f8c3d 851->853 879 79f8bf3-79f8bf4 852->879 880 79f8be3-79f8bf2 852->880 853->838 879->850 880->879
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: .$1
                                                                                                                                    • API String ID: 0-1839485796
                                                                                                                                    • Opcode ID: a2581f633aea67abcb46b77952715335c5e1f291d41497e0e17ce49b952f078a
                                                                                                                                    • Instruction ID: 79d420c8cdc248a170c6a10b6609b1fa012ffbe90066848e1e5abbf46887f1d3
                                                                                                                                    • Opcode Fuzzy Hash: a2581f633aea67abcb46b77952715335c5e1f291d41497e0e17ce49b952f078a
                                                                                                                                    • Instruction Fuzzy Hash: 7ED1C074E01218CFDB68DFA5C990B9DB7B2BF89304F2085A9C509AB354DB359E86CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F3998 Relevance: 2.8, Strings: 2, Instructions: 251COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 882 79f3998-79f39c3 883 79f39ca-79f3aae 882->883 884 79f39c5 882->884 889 79f3ab5-79f3af6 883->889 890 79f3ab0 883->890 884->883 893 79f3afd-79f3b3e 889->893 894 79f3af8 889->894 890->889 897 79f3b45-79f3b55 893->897 898 79f3b40 893->898 894->893 899 79f3b5e-79f3b80 897->899 898->897 901 79f3c07-79f3c18 899->901 902 79f3c1e-79f3c28 901->902 903 79f3b85-79f3b96 901->903 906 79f3c2f-79f3c36 902->906 907 79f3c2a 902->907 904 79f3b9d-79f3ba3 903->904 905 79f3b98 903->905 908 79f3baa-79f3be2 904->908 909 79f3ba5 904->909 905->904 910 79f3c3d-79f3c74 906->910 911 79f3c38 906->911 907->906 920 79f3be9-79f3c04 908->920 921 79f3be4 908->921 909->908 918 79f3c7b-79f3c9f 910->918 919 79f3c76 910->919 911->910 924 79f3d26-79f3d37 918->924 919->918 920->901 921->920 925 79f3d3d-79f3fc1 924->925 926 79f3ca4-79f3cb5 924->926 927 79f3cbc-79f3cc2 926->927 928 79f3cb7 926->928 930 79f3cc9-79f3d01 927->930 931 79f3cc4 927->931 928->927 935 79f3d08-79f3d23 930->935 936 79f3d03 930->936 931->930 935->924 936->935
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: N'uq$N'uq
                                                                                                                                    • API String ID: 0-2047261738
                                                                                                                                    • Opcode ID: 12fc9661a776a8602ee8e948c7fa3e3944b3ce65bbeb450cbf5d32b12ca332f4
                                                                                                                                    • Instruction ID: f8ab01af6c84fef5876ecc29c176130c8c15837228c7045681bf562e6d6fa8f6
                                                                                                                                    • Opcode Fuzzy Hash: 12fc9661a776a8602ee8e948c7fa3e3944b3ce65bbeb450cbf5d32b12ca332f4
                                                                                                                                    • Instruction Fuzzy Hash: C0C1E2B4E01219CFDB14DFA9C944B9EFBB6BF84305F14C5A9D808AB255CB349985CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F3989 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 938 79f3989-79f39c3 941 79f39ca-79f3aae 938->941 942 79f39c5 938->942 947 79f3ab5-79f3af6 941->947 948 79f3ab0 941->948 942->941 951 79f3afd-79f3b3e 947->951 952 79f3af8 947->952 948->947 955 79f3b45-79f3b55 951->955 956 79f3b40 951->956 952->951 957 79f3b5e-79f3b80 955->957 956->955 959 79f3c07-79f3c18 957->959 960 79f3c1e-79f3c28 959->960 961 79f3b85-79f3b96 959->961 964 79f3c2f-79f3c36 960->964 965 79f3c2a 960->965 962 79f3b9d-79f3ba3 961->962 963 79f3b98 961->963 966 79f3baa-79f3be2 962->966 967 79f3ba5 962->967 963->962 968 79f3c3d-79f3c74 964->968 969 79f3c38 964->969 965->964 978 79f3be9-79f3c04 966->978 979 79f3be4 966->979 967->966 976 79f3c7b-79f3c9f 968->976 977 79f3c76 968->977 969->968 982 79f3d26-79f3d37 976->982 977->976 978->959 979->978 983 79f3d3d-79f3fc1 982->983 984 79f3ca4-79f3cb5 982->984 985 79f3cbc-79f3cc2 984->985 986 79f3cb7 984->986 988 79f3cc9-79f3d01 985->988 989 79f3cc4 985->989 986->985 993 79f3d08-79f3d23 988->993 994 79f3d03 988->994 989->988 993->982 994->993
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: N'uq$N'uq
                                                                                                                                    • API String ID: 0-2047261738
                                                                                                                                    • Opcode ID: 92702649cdbbae160b53180205cb8c7a590329cc14585157c2f229b7a59eef01
                                                                                                                                    • Instruction ID: b994765fa657e2564d88cce5cf35e15e91517df87610fd09dd6f530577599654
                                                                                                                                    • Opcode Fuzzy Hash: 92702649cdbbae160b53180205cb8c7a590329cc14585157c2f229b7a59eef01
                                                                                                                                    • Instruction Fuzzy Hash: 4481B3B0D012198FEB14DFAAC948B9EFBF6BF84314F14C0A9D508AB265DB749985CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F7230 Relevance: 1.9, Strings: 1, Instructions: 644COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1103 79f7230-79f725e 1104 79f726a-79f726f 1103->1104 1105 79f7260-79f7268 1103->1105 1106 79f7274-79f7279 1104->1106 1105->1106 1107 79f727f 1106->1107 1108 79f727b-79f727d 1106->1108 1109 79f7282-79f7284 1107->1109 1108->1109 1110 79f728a-79f7294 1109->1110 1111 79f7324-79f732a 1109->1111 1114 79f7296-79f72a2 1110->1114 1115 79f72a4-79f72b3 1110->1115 1112 79f732c 1111->1112 1113 79f7336-79f7343 1111->1113 1112->1113 1120 79f7610-79f7617 1113->1120 1116 79f72b6-79f72c2 1114->1116 1115->1116 1118 79f72c8 1116->1118 1119 79f72c4-79f72c6 1116->1119 1121 79f72cb-79f72cd 1118->1121 1119->1121 1121->1111 1122 79f72cf-79f72d9 1121->1122 1123 79f72db-79f72e7 1122->1123 1124 79f72e9-79f7307 1122->1124 1125 79f730b-79f7317 1123->1125 1124->1125 1126 79f731d 1125->1126 1127 79f7319-79f731b 1125->1127 1128 79f7320-79f7322 1126->1128 1127->1128 1128->1111 1129 79f7348-79f7352 1128->1129 1130 79f7354-79f7360 1129->1130 1131 79f7362-79f7380 1129->1131 1132 79f7384-79f7390 1130->1132 1131->1132 1133 79f7396 1132->1133 1134 79f7392-79f7394 1132->1134 1135 79f7399-79f739b 1133->1135 1134->1135 1136 79f739d-79f73ab 1135->1136 1137 79f73b0-79f73ba 1135->1137 1136->1120 1138 79f73bc-79f73c8 1137->1138 1139 79f73ca-79f73e8 1137->1139 1140 79f73ec-79f73f8 1138->1140 1139->1140 1142 79f73fe 1140->1142 1143 79f73fa-79f73fc 1140->1143 1144 79f7401-79f7403 1142->1144 1143->1144 1145 79f7418-79f7422 1144->1145 1146 79f7405-79f7413 1144->1146 1147 79f7424-79f7430 1145->1147 1148 79f7432-79f7450 1145->1148 1146->1120 1150 79f7454-79f7460 1147->1150 1148->1150 1151 79f7466 1150->1151 1152 79f7462-79f7464 1150->1152 1153 79f7469-79f746b 1151->1153 1152->1153 1154 79f746d-79f747b 1153->1154 1155 79f7480-79f748a 1153->1155 1154->1120 1156 79f748c-79f7498 1155->1156 1157 79f749a-79f74b8 1155->1157 1159 79f74bc-79f74c8 1156->1159 1157->1159 1160 79f74ce 1159->1160 1161 79f74ca-79f74cc 1159->1161 1162 79f74d1-79f74d3 1160->1162 1161->1162 1163 79f74e8-79f74f2 1162->1163 1164 79f74d5-79f74e3 1162->1164 1165 79f74f4-79f7500 1163->1165 1166 79f7502-79f7520 1163->1166 1164->1120 1167 79f7524-79f7530 1165->1167 1166->1167 1169 79f7536 1167->1169 1170 79f7532-79f7534 1167->1170 1171 79f7539-79f753b 1169->1171 1170->1171 1172 79f753d-79f754b 1171->1172 1173 79f7550-79f755a 1171->1173 1172->1120 1174 79f756d-79f758e 1173->1174 1175 79f755c-79f756b 1173->1175 1177 79f7592-79f75a1 1174->1177 1175->1177 1178 79f75a7 1177->1178 1179 79f75a3-79f75a5 1177->1179 1180 79f75aa-79f75ac 1178->1180 1179->1180 1181 79f75ae-79f75c5 1180->1181 1182 79f761a-79f7693 1180->1182 1183 79f75de 1181->1183 1184 79f75c7-79f75dc 1181->1184 1195 79f769a-79f7782 call 79f0f80 1182->1195 1196 79f7695 1182->1196 1185 79f75e0-79f7609 1183->1185 1184->1185 1185->1120 1203 79f77c5-79f784f call 79f0f8c 1195->1203 1204 79f7784-79f77ba 1195->1204 1196->1195 1212 79f7892-79f78c4 call 79f0f98 1203->1212 1213 79f7851-79f7887 1203->1213 1204->1203 1217 79f78ca-79f7923 call 79f0f98 1212->1217 1218 79f7a30-79f7a41 1212->1218 1213->1212 1230 79f79eb-79f7a21 1217->1230 1231 79f7929-79f795a 1217->1231 1219 79f7a84-79f7a9f call 79f0fa4 1218->1219 1220 79f7a43-79f7a79 1218->1220 1229 79f7aa4-79f7aa9 1219->1229 1220->1219 1245 79f7a2c-79f7a2e 1230->1245 1238 79f79be-79f79c9 1231->1238 1239 79f79cb 1238->1239 1240 79f79d1-79f79d3 1238->1240 1242 79f79cd-79f79cf 1239->1242 1243 79f79d5 1239->1243 1244 79f79da-79f79e1 1240->1244 1242->1240 1242->1243 1243->1244 1246 79f795c-79f7976 1244->1246 1247 79f79e7-79f79e9 1244->1247 1245->1219 1248 79f797d-79f79bb 1246->1248 1249 79f7978 1246->1249 1247->1245 1248->1238 1249->1248
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Haq
                                                                                                                                    • API String ID: 0-725504367
                                                                                                                                    • Opcode ID: 9fa8772d3a623e7d3b77fe68285c339e99f834cfbd155c4d8fdb18e633ed584d
                                                                                                                                    • Instruction ID: 3c78e5d76c118c6bba7816e35d5af621c01eec4c3e28e7ee353ad88388e1c704
                                                                                                                                    • Opcode Fuzzy Hash: 9fa8772d3a623e7d3b77fe68285c339e99f834cfbd155c4d8fdb18e633ed584d
                                                                                                                                    • Instruction Fuzzy Hash: BE424BB0D0426ACFDB14DFA5C8407EDFBB2BF89304F5085AAD549AB240EB749A85CF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F3F50 Relevance: 1.8, Strings: 1, Instructions: 520COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1253 62f3f50-62f3f84 1256 62f3f86-62f3f8f 1253->1256 1257 62f3f92-62f3fa5 1253->1257 1256->1257 1258 62f3fab-62f3fae 1257->1258 1259 62f4215-62f4219 1257->1259 1263 62f3fbd-62f3fc9 1258->1263 1264 62f3fb0-62f3fb5 1258->1264 1261 62f422e-62f4238 1259->1261 1262 62f421b-62f422b 1259->1262 1262->1261 1265 62f3fcf-62f3fe1 1263->1265 1266 62f4253-62f4299 1263->1266 1264->1263 1271 62f414d-62f415b 1265->1271 1272 62f3fe7-62f403a 1265->1272 1273 62f429b-62f42a5 1266->1273 1274 62f42a8-62f42d0 1266->1274 1278 62f4161-62f416f 1271->1278 1279 62f41e0-62f41e2 1271->1279 1302 62f403c-62f4048 call 62f3c88 1272->1302 1303 62f404a 1272->1303 1273->1274 1296 62f42d6-62f42ef 1274->1296 1297 62f4425-62f4443 1274->1297 1282 62f417e-62f418a 1278->1282 1283 62f4171-62f4176 1278->1283 1284 62f41e4-62f41ea 1279->1284 1285 62f41f0-62f41fc 1279->1285 1282->1266 1289 62f4190-62f41bf 1282->1289 1283->1282 1287 62f41ee 1284->1287 1288 62f41ec 1284->1288 1294 62f41fe-62f420f 1285->1294 1287->1285 1288->1285 1309 62f41c1-62f41ce 1289->1309 1310 62f41d0-62f41de 1289->1310 1294->1258 1294->1259 1314 62f4406-62f441f 1296->1314 1315 62f42f5-62f430b 1296->1315 1311 62f44ae-62f44b8 1297->1311 1312 62f4445-62f4467 1297->1312 1305 62f404c-62f405c 1302->1305 1303->1305 1321 62f405e-62f4075 1305->1321 1322 62f4077-62f4079 1305->1322 1309->1310 1310->1259 1334 62f44b9-62f450a 1312->1334 1335 62f4469-62f4485 1312->1335 1314->1296 1314->1297 1315->1314 1332 62f4311-62f435f 1315->1332 1321->1322 1324 62f407b-62f4089 1322->1324 1325 62f40c2-62f40c4 1322->1325 1324->1325 1339 62f408b-62f409d 1324->1339 1329 62f40c6-62f40d0 1325->1329 1330 62f40d2-62f40e2 1325->1330 1329->1330 1340 62f411b-62f4127 1329->1340 1343 62f410d-62f4110 1330->1343 1344 62f40e4-62f40f2 1330->1344 1381 62f4389-62f43ad 1332->1381 1382 62f4361-62f4387 1332->1382 1368 62f450c-62f4528 1334->1368 1369 62f452a-62f4568 1334->1369 1348 62f44a9-62f44ac 1335->1348 1353 62f409f-62f40a1 1339->1353 1354 62f40a3-62f40a7 1339->1354 1340->1294 1361 62f412d-62f4148 1340->1361 1402 62f4113 call 62f48a8 1343->1402 1403 62f4113 call 62f48b8 1343->1403 1358 62f4105-62f4108 1344->1358 1359 62f40f4-62f4103 1344->1359 1348->1311 1349 62f4493-62f4496 1348->1349 1349->1334 1360 62f4498-62f44a8 1349->1360 1351 62f4119 1351->1340 1357 62f40ad-62f40bc 1353->1357 1354->1357 1357->1325 1371 62f4239-62f424c 1357->1371 1358->1259 1359->1340 1360->1348 1361->1259 1368->1369 1371->1266 1391 62f43df-62f43f8 1381->1391 1392 62f43af-62f43c6 1381->1392 1382->1381 1394 62f43fa 1391->1394 1395 62f4403-62f4404 1391->1395 1399 62f43c8-62f43cb 1392->1399 1400 62f43d2-62f43dd 1392->1400 1394->1395 1395->1314 1399->1400 1400->1391 1400->1392 1402->1351 1403->1351
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $]q
                                                                                                                                    • API String ID: 0-1007455737
                                                                                                                                    • Opcode ID: 36bcf1e93fec7e7f329f6a8bf4fe006a10cd40eaa02fc1b100579b174055d671
                                                                                                                                    • Instruction ID: e084283c601376d98c056d948de9a97a0fbef9a69d27afec25a6dd8f6f9a5006
                                                                                                                                    • Opcode Fuzzy Hash: 36bcf1e93fec7e7f329f6a8bf4fe006a10cd40eaa02fc1b100579b174055d671
                                                                                                                                    • Instruction Fuzzy Hash: 06128134B202058FDB54DF78C594A9EBBF6BF88710B148169D906EB365DB70EC42CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F0680 Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 079F06ED
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CryptDataUnprotect
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 834300711-0
                                                                                                                                    • Opcode ID: 0d999d1dc66f73fa504fe9495495a74fa36d21cafcd2aeb86854d9d652dc6acf
                                                                                                                                    • Instruction ID: 798c357c0ca59d9abe2ee3ebe193606754213644a30297b13ae651ea4f057a21
                                                                                                                                    • Opcode Fuzzy Hash: 0d999d1dc66f73fa504fe9495495a74fa36d21cafcd2aeb86854d9d652dc6acf
                                                                                                                                    • Instruction Fuzzy Hash: FB113AB28002499FDB10DF99C945BEEBFF9EF48320F148419E614A7211D339A550DFA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F0104 Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 079F06ED
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CryptDataUnprotect
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 834300711-0
                                                                                                                                    • Opcode ID: dfe984a560ca65f8476c06769cfc37a089f5cf276038a8f3d1fe4d5e77212f25
                                                                                                                                    • Instruction ID: 2c401d1277f11155794e613498946a9e017ed814273ce5f05443df4b31195a0c
                                                                                                                                    • Opcode Fuzzy Hash: dfe984a560ca65f8476c06769cfc37a089f5cf276038a8f3d1fe4d5e77212f25
                                                                                                                                    • Instruction Fuzzy Hash: 471156B28002499FDB10DF99C844BEEBFF9EF48324F108419EA18A7211C339A550CFA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062E3838 Relevance: 1.0, Instructions: 1022COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372624111.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62e0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f3df4c6205d33c93c96db8aa4231666fbde5303b24d744d2d6d7f28ae790d172
                                                                                                                                    • Instruction ID: 134f4b86ca16a62d6c36e74b9622761a101f848e164622bc958af98397302fb0
                                                                                                                                    • Opcode Fuzzy Hash: f3df4c6205d33c93c96db8aa4231666fbde5303b24d744d2d6d7f28ae790d172
                                                                                                                                    • Instruction Fuzzy Hash: DC827D30B502159FCB44DF68C994EAEBBF6EF88700F1580AAE506DB3A5CA71DD45CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079FB460 Relevance: .6, Instructions: 584COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bdb1724cc7ba084d3585def045ca6f8241a554a9b4bcebdb02413ee24f3dd8bd
                                                                                                                                    • Instruction ID: c850f78efb50afd3b39f6d8afff57912c4c3a9e2a7f2a22b5190f060d6faadfa
                                                                                                                                    • Opcode Fuzzy Hash: bdb1724cc7ba084d3585def045ca6f8241a554a9b4bcebdb02413ee24f3dd8bd
                                                                                                                                    • Instruction Fuzzy Hash: BD2268B47016058FDB19DF79C590BAEB7FAAF89708F248469D605DB3A0CB34E901CB52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04FA6948 Relevance: .5, Instructions: 499COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2371538854.0000000004FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_4fa0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9ccf14544a45e1009e738113131a19313af3a6cc701bc9e1643b87cbb939732d
                                                                                                                                    • Instruction ID: 0603723d47f415c8232ab26f6a47754b1d9ebfaedb92fd1b11a1d446c6dd6957
                                                                                                                                    • Opcode Fuzzy Hash: 9ccf14544a45e1009e738113131a19313af3a6cc701bc9e1643b87cbb939732d
                                                                                                                                    • Instruction Fuzzy Hash: ED22D175940228CFDB65DF64C958BD9BBB2FF8A301F0080E9D509AB2A1DB359E85DF40
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F67D8 Relevance: .4, Instructions: 411COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 64b9970df5353c2a30eac0f5f271d126d9b06850c48294506d125d7a7509e919
                                                                                                                                    • Instruction ID: 04c9bc064d4399725cc560b2d3c6b32d3521c27ea894d9ffca8d8511d6f13981
                                                                                                                                    • Opcode Fuzzy Hash: 64b9970df5353c2a30eac0f5f271d126d9b06850c48294506d125d7a7509e919
                                                                                                                                    • Instruction Fuzzy Hash: 04F1B230A202099FDB05DF68D984B9EBBF6EF84310F148579E905EB2A1DB35ED45CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F5888 Relevance: .3, Instructions: 322COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2874d75d43697c4972269c6c041773ba6d231430b269dabbc9994322fe669566
                                                                                                                                    • Instruction ID: 0dd7f3de253e2d3266156597c6d6e16cfa7f8defd6d7919f6dcb1aae75a236d5
                                                                                                                                    • Opcode Fuzzy Hash: 2874d75d43697c4972269c6c041773ba6d231430b269dabbc9994322fe669566
                                                                                                                                    • Instruction Fuzzy Hash: 3DF1A0B4E01229CFDB64DFA5D884B9DBBB2BF49305F1085AAD50AA7350DB319E81CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F6060 Relevance: .3, Instructions: 321COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2367d4ef02340fd772c82ebedc2b3e34191776b5b51ab8fb9919a5e9fb99f54d
                                                                                                                                    • Instruction ID: 996151f39fa6eda5891946b244a6a16d717f968cb3d44c7c1f3e5818770b7a35
                                                                                                                                    • Opcode Fuzzy Hash: 2367d4ef02340fd772c82ebedc2b3e34191776b5b51ab8fb9919a5e9fb99f54d
                                                                                                                                    • Instruction Fuzzy Hash: F9E1A3B4E00229CFDB65DFA9C850BDDBBB2BF49300F1081AAC50AA7255DB355E85CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F8070 Relevance: .3, Instructions: 309COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3fefee4c3a10e03ef8ca6ae5744b155b9ca39a5e47574f34bb0415e553f4685e
                                                                                                                                    • Instruction ID: e7fc90e0768acc37d1b19875f259b6c30348971f537b192bf145073b5f467d1c
                                                                                                                                    • Opcode Fuzzy Hash: 3fefee4c3a10e03ef8ca6ae5744b155b9ca39a5e47574f34bb0415e553f4685e
                                                                                                                                    • Instruction Fuzzy Hash: 6EE1A0B4E01229CFDB64DF65C994B9DBBB2BF89304F1085EAC50AAB250DB305E85CF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FA3D8 Relevance: .3, Instructions: 295COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3dda1bdf647639556ed240540d81760a36f756128dabd8710668a61450786679
                                                                                                                                    • Instruction ID: 018549c4bd429263a49929bf3020138b1d5b3d68616bc88d7f77be2d4e381884
                                                                                                                                    • Opcode Fuzzy Hash: 3dda1bdf647639556ed240540d81760a36f756128dabd8710668a61450786679
                                                                                                                                    • Instruction Fuzzy Hash: EBD1E534D00318CFCB19EFB5D898A9DBBB2FF8A305F1081A9E54AA7254DB315986CF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FA3E8 Relevance: .3, Instructions: 289COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1b23c90ec4cca003776cb6cb434d8fc26d082322eb99969ed6f1b53019d5b4fb
                                                                                                                                    • Instruction ID: 4b2f2d2a3da077d6bedadc1f4e33f23eb5d16eabab984246f4a11db3da6d5f47
                                                                                                                                    • Opcode Fuzzy Hash: 1b23c90ec4cca003776cb6cb434d8fc26d082322eb99969ed6f1b53019d5b4fb
                                                                                                                                    • Instruction Fuzzy Hash: A5D1E734D00318CFCB18EFB5D89869DBBB2FF8A315F1081A9E50AA7254DB355986CF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04FA7C20 Relevance: .3, Instructions: 279COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2371538854.0000000004FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_4fa0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9d5e9c59cab133c6b854d4dec84099adf13eee615329a8adf3bfa5ad07e95b59
                                                                                                                                    • Instruction ID: 20afb3e7ac2ee3cbab574ad757c59f3be78fe1066d251409f13c4bf4987f64cd
                                                                                                                                    • Opcode Fuzzy Hash: 9d5e9c59cab133c6b854d4dec84099adf13eee615329a8adf3bfa5ad07e95b59
                                                                                                                                    • Instruction Fuzzy Hash: 28C1A574E00218CFDB14DFA9D984A9EBBB6FF89304F10C1A9D409AB355DB34A986CF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F4960 Relevance: .3, Instructions: 276COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3884dd06e1188954452ddbf9bce1dad1cda19f4a80c79dd9f886864d4848d4eb
                                                                                                                                    • Instruction ID: 13d9badc6e9f951b0eb626bb32e12ba4c20d4a7c72c4ed4ec24b0f046f7ae947
                                                                                                                                    • Opcode Fuzzy Hash: 3884dd06e1188954452ddbf9bce1dad1cda19f4a80c79dd9f886864d4848d4eb
                                                                                                                                    • Instruction Fuzzy Hash: F7C1B374E022189FDB44DFA9D594AEEBBF2FF88300F209069E905AB355DB349A41CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F66B8 Relevance: .2, Instructions: 240COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e6b3e0baf267e68bfbbb2ac55f9044efdbbefea94f03d160eb78ee51ebb323f5
                                                                                                                                    • Instruction ID: f27b803c37148b510ca2bc698664d6b4b256fc5add693be60a412f704190df5f
                                                                                                                                    • Opcode Fuzzy Hash: e6b3e0baf267e68bfbbb2ac55f9044efdbbefea94f03d160eb78ee51ebb323f5
                                                                                                                                    • Instruction Fuzzy Hash: CEB1BEB4E01318CFDB68DFA5D944A9DBBB2BF89304F2084A9C509AB355DB359D86CF40
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F494F Relevance: .2, Instructions: 238COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b41633649c43c6c3194ec79134e4f98824bf0e9f0fe8731d31b4e3f3af53ea6e
                                                                                                                                    • Instruction ID: 915d60a2f9303550397e9455d5aefa9b8fd573cd3667b1d0eacb4fd26968dfee
                                                                                                                                    • Opcode Fuzzy Hash: b41633649c43c6c3194ec79134e4f98824bf0e9f0fe8731d31b4e3f3af53ea6e
                                                                                                                                    • Instruction Fuzzy Hash: 31A1C374E022089FDB44DFA9D594AEEBBF2FF89300F209069E505AB365DB349A45CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F6B38 Relevance: .2, Instructions: 234COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b2bc08548773d1023d1df8530b4b7734469730bb88801c0e046ede0d2de536c7
                                                                                                                                    • Instruction ID: 2b51b4f36b6c1f36dc963e6652e12cd4fac3e287e48aec73bebf3cce0da5a260
                                                                                                                                    • Opcode Fuzzy Hash: b2bc08548773d1023d1df8530b4b7734469730bb88801c0e046ede0d2de536c7
                                                                                                                                    • Instruction Fuzzy Hash: 1FA1C274E01318CFDB24DFA9D884A9DBBB2FF8A314F1094A9D509AB354DB359986CF00
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04FA5A43 Relevance: .2, Instructions: 183COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2371538854.0000000004FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_4fa0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3187ba47d2032cdff15a2e318a28d98631e0f56fa2bd4f0402120ab628e6ad9c
                                                                                                                                    • Instruction ID: 9ca087eb93ff694feb030c4d84161ff3733c1b1380d2c1b0e7fc40b182823fd0
                                                                                                                                    • Opcode Fuzzy Hash: 3187ba47d2032cdff15a2e318a28d98631e0f56fa2bd4f0402120ab628e6ad9c
                                                                                                                                    • Instruction Fuzzy Hash: E4616574A00319DFDB04EFB4C9909DEBBF6FF89304B284125D409AB261EB30AD56CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04FA7C12 Relevance: .1, Instructions: 129COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2371538854.0000000004FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_4fa0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: db7894728da37aa8a27c5f4b92f2369c2a9f523a4383a6216d0f92b42d0d8edd
                                                                                                                                    • Instruction ID: 1ac4fefba04a24231e1b0e9dca215aa73215aa596f3d4f36c6bd7da85edd6eae
                                                                                                                                    • Opcode Fuzzy Hash: db7894728da37aa8a27c5f4b92f2369c2a9f523a4383a6216d0f92b42d0d8edd
                                                                                                                                    • Instruction Fuzzy Hash: 7451D975E006188FEB18DFA6D944B9EBBB7BFC8304F14C0A9881DAB359DB3459468F50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062E0D80 Relevance: 20.6, Strings: 16, Instructions: 619COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 294 62e0d80-62e0dcb 299 62e0efd-62e0f10 294->299 300 62e0dd1-62e0dd3 294->300 304 62e1006-62e1011 299->304 305 62e0f16-62e0f25 299->305 301 62e0dd6-62e0de5 300->301 306 62e0e9d-62e0ea1 301->306 307 62e0deb-62e0e1d 301->307 308 62e1019-62e1022 304->308 314 62e0f2b-62e0f51 305->314 315 62e0fd1-62e0fd5 305->315 309 62e0ea3-62e0eae 306->309 310 62e0eb0 306->310 344 62e0e1f-62e0e24 307->344 345 62e0e26-62e0e2d 307->345 313 62e0eb5-62e0eb8 309->313 310->313 313->308 319 62e0ebe-62e0ec2 313->319 341 62e0f5a-62e0f61 314->341 342 62e0f53-62e0f58 314->342 316 62e0fd7-62e0fe2 315->316 317 62e0fe4 315->317 324 62e0fe6-62e0fe8 316->324 317->324 320 62e0ec4-62e0ecf 319->320 321 62e0ed1 319->321 327 62e0ed3-62e0ed5 320->327 321->327 325 62e0fea-62e0ff4 324->325 326 62e1039-62e10b5 324->326 336 62e0ff7-62e1000 325->336 376 62e10bb-62e10bd 326->376 377 62e1189-62e119c 326->377 331 62e0edb-62e0ee5 327->331 332 62e1025-62e1032 327->332 343 62e0ee8-62e0ef2 331->343 332->326 336->304 336->305 349 62e0f86-62e0faa 341->349 350 62e0f63-62e0f84 341->350 348 62e0fc5-62e0fcf 342->348 343->301 347 62e0ef8 343->347 353 62e0e91-62e0e9b 344->353 351 62e0e2f-62e0e50 345->351 352 62e0e52-62e0e76 345->352 347->308 348->336 366 62e0fac-62e0fb2 349->366 367 62e0fc2 349->367 350->348 351->353 368 62e0e8e 352->368 369 62e0e78-62e0e7e 352->369 353->343 371 62e0fb6-62e0fb8 366->371 372 62e0fb4 366->372 367->348 368->353 373 62e0e82-62e0e84 369->373 374 62e0e80 369->374 371->367 372->367 373->368 374->368 378 62e10c0-62e10cf 376->378 381 62e1234-62e123f 377->381 382 62e11a2-62e11b1 377->382 383 62e1129-62e112d 378->383 384 62e10d1-62e10fe 378->384 386 62e1247-62e1250 381->386 389 62e11ff-62e1203 382->389 390 62e11b3-62e11dc 382->390 387 62e112f-62e113a 383->387 388 62e113c 383->388 406 62e1104-62e1106 384->406 392 62e1141-62e1144 387->392 388->392 395 62e1205-62e1210 389->395 396 62e1212 389->396 415 62e11de-62e11e4 390->415 416 62e11f4-62e11fd 390->416 392->386 393 62e114a-62e114e 392->393 398 62e115d 393->398 399 62e1150-62e115b 393->399 400 62e1214-62e1216 395->400 396->400 405 62e115f-62e1161 398->405 399->405 403 62e1218-62e1222 400->403 404 62e1267-62e1284 400->404 419 62e1225-62e122e 403->419 428 62e1298-62e12af 404->428 429 62e1286-62e1295 404->429 409 62e1167-62e1171 405->409 410 62e1253-62e1260 405->410 412 62e111e-62e1127 406->412 413 62e1108-62e110e 406->413 426 62e1174-62e117e 409->426 410->404 412->426 417 62e1112-62e1114 413->417 418 62e1110 413->418 420 62e11e8-62e11ea 415->420 421 62e11e6 415->421 416->419 417->412 418->412 419->381 419->382 420->416 421->416 426->378 430 62e1184 426->430 432 62e12c7-62e12e9 428->432 433 62e12b1-62e12b7 428->433 429->428 430->386 438 62e12ec-62e12f0 432->438 434 62e12bb-62e12bd 433->434 435 62e12b9 433->435 434->432 435->432 439 62e12f9-62e12fe 438->439 440 62e12f2-62e12f7 438->440 441 62e1304-62e1307 439->441 440->441 442 62e130d-62e1322 441->442 443 62e14f8-62e1500 441->443 442->438 445 62e1324 442->445 446 62e132b-62e1350 445->446 447 62e1498-62e14b9 445->447 448 62e13e0-62e1405 445->448 458 62e1356-62e135a 446->458 459 62e1352-62e1354 446->459 452 62e14bf-62e14f3 447->452 460 62e140b-62e140f 448->460 461 62e1407-62e1409 448->461 452->438 463 62e135c-62e1379 458->463 464 62e137b-62e139e 458->464 462 62e13b8-62e13db 459->462 467 62e1430-62e1453 460->467 468 62e1411-62e142e 460->468 466 62e146d-62e1493 461->466 462->438 463->462 484 62e13b6 464->484 485 62e13a0-62e13a6 464->485 466->438 482 62e146b 467->482 483 62e1455-62e145b 467->483 468->466 482->466 486 62e145f-62e1461 483->486 487 62e145d 483->487 484->462 488 62e13aa-62e13ac 485->488 489 62e13a8 485->489 486->482 487->482 488->484 489->484
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372624111.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62e0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                                                                                    • API String ID: 0-2551331179
                                                                                                                                    • Opcode ID: 9915508134854803445d4519833b98834ec7764432d3fcd42951ddbd0305ac62
                                                                                                                                    • Instruction ID: 356c296053a7eaedc9b51769c73503fc638ba814ec5368214eb73c202b7a6e4c
                                                                                                                                    • Opcode Fuzzy Hash: 9915508134854803445d4519833b98834ec7764432d3fcd42951ddbd0305ac62
                                                                                                                                    • Instruction Fuzzy Hash: 3822F330B102059FDB449BA9C948A6EBBF6FF89700B54847AE906CB3A2CF74DC11CB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062E157B Relevance: 7.8, Strings: 6, Instructions: 338COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 490 62e157b-62e1580 491 62e1582-62e158e 490->491 492 62e15f3-62e15f7 490->492 502 62e1598-62e15af 491->502 493 62e15f9-62e1604 492->493 494 62e1606 492->494 496 62e160b-62e160e 493->496 494->496 497 62e1645-62e1747 496->497 498 62e1610-62e1614 496->498 500 62e1616-62e1621 498->500 501 62e1623 498->501 503 62e1625-62e1627 500->503 501->503 505 62e15b5-62e15b7 502->505 507 62e162d-62e1637 503->507 508 62e174a-62e17a7 503->508 509 62e15cf-62e15f1 505->509 510 62e15b9-62e15bf 505->510 518 62e1638-62e163f 507->518 526 62e17bf-62e17e1 508->526 527 62e17a9-62e17af 508->527 509->518 512 62e15c3-62e15c5 510->512 513 62e15c1 510->513 512->509 513->509 518->497 520 62e1571-62e1576 518->520 520->490 532 62e17e4-62e17e8 526->532 528 62e17b3-62e17b5 527->528 529 62e17b1 527->529 528->526 529->526 533 62e17ea-62e17ef 532->533 534 62e17f1-62e17f6 532->534 535 62e17fc-62e17ff 533->535 534->535 536 62e1abf-62e1ac7 535->536 537 62e1805-62e181a 535->537 537->532 539 62e181c 537->539 540 62e18d8-62e198b 539->540 541 62e1a07-62e1a2c 539->541 542 62e1823-62e18d3 539->542 543 62e1990-62e19bd 539->543 540->532 556 62e1a2e-62e1a30 541->556 557 62e1a32-62e1a36 541->557 542->532 562 62e1b36-62e1b73 543->562 563 62e19c3-62e19cd 543->563 561 62e1a94-62e1aba 556->561 564 62e1a38-62e1a55 557->564 565 62e1a57-62e1a7a 557->565 561->532 568 62e19d3-62e1a02 563->568 569 62e1b00-62e1b2f 563->569 564->561 586 62e1a7c-62e1a82 565->586 587 62e1a92 565->587 568->532 569->562 589 62e1a86-62e1a88 586->589 590 62e1a84 586->590 587->561 589->587 590->587
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372624111.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62e0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                                                                                                    • API String ID: 0-3723351465
                                                                                                                                    • Opcode ID: f83362a0015a23aff236bc9b1ca5a0d2cd9108ec3c3193c211b4e839914e5af2
                                                                                                                                    • Instruction ID: 8980c88ea466c323da9042eebfc43f5d3943fb4c776b53fcba7d581c44400648
                                                                                                                                    • Opcode Fuzzy Hash: f83362a0015a23aff236bc9b1ca5a0d2cd9108ec3c3193c211b4e839914e5af2
                                                                                                                                    • Instruction Fuzzy Hash: 50C1F330B102019FDB549B68C858A7E7BEAEF85700F51457AEA028B3A2DFB4DC55C791
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062E0598 Relevance: 1.7, Strings: 1, Instructions: 462COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372624111.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62e0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: }lPj
                                                                                                                                    • API String ID: 0-3992993803
                                                                                                                                    • Opcode ID: 8006a5ac83e1d2940f6f8db2811edfc961149531a96110b0dd53985b12359b65
                                                                                                                                    • Instruction ID: e4e8faad0aed46a1a6be5c41ad1e12ee9815a64a66860bfd524f99391afd21ef
                                                                                                                                    • Opcode Fuzzy Hash: 8006a5ac83e1d2940f6f8db2811edfc961149531a96110b0dd53985b12359b65
                                                                                                                                    • Instruction Fuzzy Hash: 4002CC30B902058FDB549F68D454A6E7BA6FFC9704F414968D9029F3A1CFB9EC06CB92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0289AE30 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0289B086
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350521079.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_2890000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleModule
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                    • Opcode ID: 5cac8a5eeaeb87bf99680257e218983ca1eed0528b12164c1281b7a766696b66
                                                                                                                                    • Instruction ID: 9d95c3ea2523b9bd4da41e067967043c3f746a842af2b145de4afcd1dd73427e
                                                                                                                                    • Opcode Fuzzy Hash: 5cac8a5eeaeb87bf99680257e218983ca1eed0528b12164c1281b7a766696b66
                                                                                                                                    • Instruction Fuzzy Hash: DF7134B8A00B058FDB28DF29D14475ABBF6FF88704F04892DD48AD7A50D775E84ACB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04FA0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 04FA4381
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2371538854.0000000004FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_4fa0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CallProcWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2714655100-0
                                                                                                                                    • Opcode ID: c795fca06559bb7589a822d3fb270b96573cc9fe9d4a27bf7b58519eed5d3055
                                                                                                                                    • Instruction ID: 2c08c7b1b484fa90da6408a51b3e1525373a8501377aca6269b30fc3eca02733
                                                                                                                                    • Opcode Fuzzy Hash: c795fca06559bb7589a822d3fb270b96573cc9fe9d4a27bf7b58519eed5d3055
                                                                                                                                    • Instruction Fuzzy Hash: F04138B5A00309DFDB14DF99C488AAEBBF5FF88314F24C459D519AB361D375A842CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02895935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 028959F1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350521079.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_2890000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Create
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                    • Opcode ID: a12ab71f3211f7855cf51c0a421cab0058c3b99f2ab055a18798a8c7733c5fc4
                                                                                                                                    • Instruction ID: 402e758c253795aa64c42ca4e4c2f3deca87cac6c521c2f3d0878e2fb304a652
                                                                                                                                    • Opcode Fuzzy Hash: a12ab71f3211f7855cf51c0a421cab0058c3b99f2ab055a18798a8c7733c5fc4
                                                                                                                                    • Instruction Fuzzy Hash: 554101B4D00219CFEB24DFA9C984B9DBBF5FF48304F24806AD408AB250DB75694ACF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02894248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 028959F1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350521079.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_2890000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Create
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                    • Opcode ID: 774855e45efd83429d0915356c410dde7815796a3c731f487b8ad1ccbd0dddc5
                                                                                                                                    • Instruction ID: 132860440db8fc615087f8370c4a910426cea071f10151b2b247240d0769a8af
                                                                                                                                    • Opcode Fuzzy Hash: 774855e45efd83429d0915356c410dde7815796a3c731f487b8ad1ccbd0dddc5
                                                                                                                                    • Instruction Fuzzy Hash: EC4102B4D00219CFEB25DFA9C984B9DBBF5FF44304F24805AD408AB250DB75694ACF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0289C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0289D2C6,?,?,?,?,?), ref: 0289D387
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350521079.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_2890000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                    • Opcode ID: 7337970d7ca6bf1987005ad83ae617fa1e3b9b52e396b8530d81ff790e4ed9e2
                                                                                                                                    • Instruction ID: a78052fbaf8f6a8a8125dbcbcf09f8a73774db1a1e85d1ecba95d6f74da1ea12
                                                                                                                                    • Opcode Fuzzy Hash: 7337970d7ca6bf1987005ad83ae617fa1e3b9b52e396b8530d81ff790e4ed9e2
                                                                                                                                    • Instruction Fuzzy Hash: AF21E6B5900208DFDB10DF9AD584AEEBFF9FB48310F14801AE918A3310D378A954CFA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0289D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0289D2C6,?,?,?,?,?), ref: 0289D387
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350521079.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_2890000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                    • Opcode ID: f4bf1b3fee1ef5ef1dad1f8647e94ac9b2f1b916eaafc185da991645f9fa5105
                                                                                                                                    • Instruction ID: be3d6a4410682dfcf58dd60b39bbe0934968b984e9573127c37c4f90b4532617
                                                                                                                                    • Opcode Fuzzy Hash: f4bf1b3fee1ef5ef1dad1f8647e94ac9b2f1b916eaafc185da991645f9fa5105
                                                                                                                                    • Instruction Fuzzy Hash: 2521E3B59002189FDB10DFAAD584AEEBFF5EB48310F14801AE918A3210D378A945CFA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0289B2A0 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0289B101,00000800,00000000,00000000), ref: 0289B312
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350521079.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_2890000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: cb6c11aa629a339d489d338e5a471c08b1ec21cdf7bb76eee12ac8c5e2c44caa
                                                                                                                                    • Instruction ID: f5210f02935d64509db20b477df300b74f09671bad66af1765b640f189df379a
                                                                                                                                    • Opcode Fuzzy Hash: cb6c11aa629a339d489d338e5a471c08b1ec21cdf7bb76eee12ac8c5e2c44caa
                                                                                                                                    • Instruction Fuzzy Hash: 191126B6D002498FDB10DFAAD484ADEFBF4EF48714F14842AD929A7600C379A545CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0289A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0289B101,00000800,00000000,00000000), ref: 0289B312
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350521079.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_2890000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: 6eac2eb3b67eaf5f76155678619155ebc0e1c93b782d82fb9d94009b26d57b00
                                                                                                                                    • Instruction ID: 3c4a6c79e395869c246532455c5071b4428d58978840ef852e99ab3dc68923c6
                                                                                                                                    • Opcode Fuzzy Hash: 6eac2eb3b67eaf5f76155678619155ebc0e1c93b782d82fb9d94009b26d57b00
                                                                                                                                    • Instruction Fuzzy Hash: 401114BA9003499FDB10DF9AD444AAEFBF8EF48314F14842ED919A7200C379A545CFA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0289B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0289B086
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350521079.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_2890000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleModule
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                    • Opcode ID: 5ad1b4faab4c2ab1a38619ba55b552597c3c2bf8ff8558a77536ced5a4ee373b
                                                                                                                                    • Instruction ID: 9780cfd198965330d0c8056b7a54179e6831ce9db5a7aa019694f2f8e9e307a9
                                                                                                                                    • Opcode Fuzzy Hash: 5ad1b4faab4c2ab1a38619ba55b552597c3c2bf8ff8558a77536ced5a4ee373b
                                                                                                                                    • Instruction Fuzzy Hash: A6110FB9C003498FDB20DF9AD444A9EFBF8AF88314F14841AD928A7210C379A545CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079FA560 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 079FA5C5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePost
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 410705778-0
                                                                                                                                    • Opcode ID: 56cf54bd00ddf0a1854d80ef7ef8e6dd0e459ef52aec1c83a10d4ebc0ac756a7
                                                                                                                                    • Instruction ID: 571b5210f239e28ef126ae385506536cd17b817143b85989494f6b3c1c181fbd
                                                                                                                                    • Opcode Fuzzy Hash: 56cf54bd00ddf0a1854d80ef7ef8e6dd0e459ef52aec1c83a10d4ebc0ac756a7
                                                                                                                                    • Instruction Fuzzy Hash: F01106B58003599FDB10DF99C885BDEBFF8EB48324F108419E518A7600C379A544CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F9038 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 079FA5C5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePost
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 410705778-0
                                                                                                                                    • Opcode ID: 7f3a3bfcd181217dcf5a95292291af30419b9aa68910474aabde91155bc1f2ce
                                                                                                                                    • Instruction ID: 2fa0c5804c8fbbd7f2d84381a76aa7ac23d54174c2af2dc88901ee007ade6e11
                                                                                                                                    • Opcode Fuzzy Hash: 7f3a3bfcd181217dcf5a95292291af30419b9aa68910474aabde91155bc1f2ce
                                                                                                                                    • Instruction Fuzzy Hash: 6311F5B58003499FDB10DF99C484BEEBBF8EB49314F108419E518A7600C379A944CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F3DE0 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 4']q
                                                                                                                                    • API String ID: 0-1259897404
                                                                                                                                    • Opcode ID: 412cda977aee3d37b749702bdfbb3b1b0f7d37a0957c7e4bb40d98a8e1856721
                                                                                                                                    • Instruction ID: 808962d81aee0efa1a71d90ee17a60a1e7474f2eea139c942dd111e11dc3662f
                                                                                                                                    • Opcode Fuzzy Hash: 412cda977aee3d37b749702bdfbb3b1b0f7d37a0957c7e4bb40d98a8e1856721
                                                                                                                                    • Instruction Fuzzy Hash: DC313471B542104FCB19A778A49066E7BEBDFCA21070448BAE4498B795CE38EC0BC7D1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F84D8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 4']q
                                                                                                                                    • API String ID: 0-1259897404
                                                                                                                                    • Opcode ID: 8d26ea9811f94d7a2983154567f422e2796ef30ee44484af6730746a6cc1cd8b
                                                                                                                                    • Instruction ID: 7520e81e0ee764648484df9f0db73de5fc392da844c9ae8917f06938c63b70a6
                                                                                                                                    • Opcode Fuzzy Hash: 8d26ea9811f94d7a2983154567f422e2796ef30ee44484af6730746a6cc1cd8b
                                                                                                                                    • Instruction Fuzzy Hash: A3317F35B10205CFCB09EB78A5995AE76E7EFC82147504839E50ACB384EE39AC0787D1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F84C8 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 4']q
                                                                                                                                    • API String ID: 0-1259897404
                                                                                                                                    • Opcode ID: b063d638e70fd3675a301d9e9d59d4e503d9c7d9c76d2d4b948b3097f74f6ab5
                                                                                                                                    • Instruction ID: 2d2646e1739ab4cbcba9ed8ba89ea83f5be545ab8ee70f79a330d3a84a930272
                                                                                                                                    • Opcode Fuzzy Hash: b063d638e70fd3675a301d9e9d59d4e503d9c7d9c76d2d4b948b3097f74f6ab5
                                                                                                                                    • Instruction Fuzzy Hash: C721B134B10215CFCB09AB7895A957E3AE3AFC8204714483DE50ADB385EE38EC0787D2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FB358 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 4']q
                                                                                                                                    • API String ID: 0-1259897404
                                                                                                                                    • Opcode ID: a39dbd9bc9b957d381023672d346d3f5bc58e7084fd760f5947dda15922c0fe1
                                                                                                                                    • Instruction ID: f48f0f303cb294c08ce05180946f7038955b228735d8d654c7a516b42bc148e4
                                                                                                                                    • Opcode Fuzzy Hash: a39dbd9bc9b957d381023672d346d3f5bc58e7084fd760f5947dda15922c0fe1
                                                                                                                                    • Instruction Fuzzy Hash: 6401B134A09249EFCB05EF78E88448CBFB2FF44300B2004A9D586DB351DB305E45CB52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F3EC8 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 4']q
                                                                                                                                    • API String ID: 0-1259897404
                                                                                                                                    • Opcode ID: 780fe5aaa9293386d858611e82f94d6bc5315060db0c155fdc16aceefe59497e
                                                                                                                                    • Instruction ID: 2c53ff1189fbd08fd14b63af6949206388013eb51b4d31189f11d807b7457895
                                                                                                                                    • Opcode Fuzzy Hash: 780fe5aaa9293386d858611e82f94d6bc5315060db0c155fdc16aceefe59497e
                                                                                                                                    • Instruction Fuzzy Hash: 84F06D313401014FC61DBB2DE89496E7BEBEFC96103544969D00A8B2A8EE68FD0A87E1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FB368 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 4']q
                                                                                                                                    • API String ID: 0-1259897404
                                                                                                                                    • Opcode ID: e67683140d9bd173cc51e10b21cc5b61a660652ea4065b2c99350a0665da4ab7
                                                                                                                                    • Instruction ID: 74d9184e0c5bf1c80bbcbcb4325486208e2f9bef3b53a6dda1c9b7374c5265aa
                                                                                                                                    • Opcode Fuzzy Hash: e67683140d9bd173cc51e10b21cc5b61a660652ea4065b2c99350a0665da4ab7
                                                                                                                                    • Instruction Fuzzy Hash: F3F03734A05209EFCB08FFB8E58899CBBB6FF84300B2045A9D90ADB754EB345E45CB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062E2078 Relevance: 1.0, Instructions: 1043COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372624111.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62e0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 60d4029dd677f4b3171ef0bce022eb4aa615b991b601744dad9f2d8c55373e7b
                                                                                                                                    • Instruction ID: edad990e2a21cc0a2e1140f09544ddf7d37df68785ce8f130785930e59be5497
                                                                                                                                    • Opcode Fuzzy Hash: 60d4029dd677f4b3171ef0bce022eb4aa615b991b601744dad9f2d8c55373e7b
                                                                                                                                    • Instruction Fuzzy Hash: E3926F70B402198FDB149B64CC50BEEBBB6EF88700F104599EA0AAB3A5DF719E41DF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062E1EC8 Relevance: .7, Instructions: 733COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372624111.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62e0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0044302de515f90b10541c34f274596141a0815abbe14b536df1289d626b8a4c
                                                                                                                                    • Instruction ID: 6af90d564fa1945f98baa1168327d6790e64f1612e4fcc740ba59141dca32f40
                                                                                                                                    • Opcode Fuzzy Hash: 0044302de515f90b10541c34f274596141a0815abbe14b536df1289d626b8a4c
                                                                                                                                    • Instruction Fuzzy Hash: 6052B070B502158FDB149B24C994EAE77B6EFC8704F118499ED069B3A5CFB1EE42CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062E00D8 Relevance: .7, Instructions: 676COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372624111.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62e0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dd42677fe3368f8d3f9c66aaa254a8d68bfc04f6e7004a21e679914bfea11cfa
                                                                                                                                    • Instruction ID: 90648f0682c671f8b1758aa86f930a28796b87150e8b2b6589392ec1e2866916
                                                                                                                                    • Opcode Fuzzy Hash: dd42677fe3368f8d3f9c66aaa254a8d68bfc04f6e7004a21e679914bfea11cfa
                                                                                                                                    • Instruction Fuzzy Hash: E742DE30B906158FCB65AF78D444A6E7AB6FFC5714B01096CC9039B394CFB9EC068B86
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F48B8 Relevance: .6, Instructions: 590COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f31bd592f750eb4f34c04fff4f3143b40bcbd1364c11842d282c5e3ad73edddd
                                                                                                                                    • Instruction ID: b0af399e8d2b5f401ec8ce15b78bdec0a043a1409ca03abb84dd9d456f27ecca
                                                                                                                                    • Opcode Fuzzy Hash: f31bd592f750eb4f34c04fff4f3143b40bcbd1364c11842d282c5e3ad73edddd
                                                                                                                                    • Instruction Fuzzy Hash: 23326D347206018FDB54EF29D598A5ABBF6FF88300B1584B9E906CB3A6DB74EC45CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062E0610 Relevance: .5, Instructions: 481COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372624111.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62e0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3df30caa84d81f831e22aa182387d53c08da37745be6c5104b44620e7607588d
                                                                                                                                    • Instruction ID: e07697b8f994fdeac66e80d21a22775c19c70e78ba41314063bdb66cdb84d023
                                                                                                                                    • Opcode Fuzzy Hash: 3df30caa84d81f831e22aa182387d53c08da37745be6c5104b44620e7607588d
                                                                                                                                    • Instruction Fuzzy Hash: 8B02DF30B902058FDB549B68C954B6E7BA6FFC9704F414869D9029F3A1CFB9EC06CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062E0700 Relevance: .4, Instructions: 365COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372624111.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62e0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2fd8a9a4522a6a3bc4c6385f573b63de29b1455f26998ecd6a356d3530ef902b
                                                                                                                                    • Instruction ID: e04c12be228d8761ed1ed9bcad7c72b1ac01d178f8b187d0b6edd124c7e47f67
                                                                                                                                    • Opcode Fuzzy Hash: 2fd8a9a4522a6a3bc4c6385f573b63de29b1455f26998ecd6a356d3530ef902b
                                                                                                                                    • Instruction Fuzzy Hash: B2D1A034B602058FDB449B64C958B6A7BA6FFC9704F418469D9029F3A1CFB9EC02CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062E00B8 Relevance: .3, Instructions: 340COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372624111.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62e0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2d0ea71f464ad72c5a5d80e249efb02e16eb327d37dc61f81963772d6ae4ad1e
                                                                                                                                    • Instruction ID: acfccf76dc33a69f0023356663ee1ac08a1029d54afb629e9d8232c6a0439486
                                                                                                                                    • Opcode Fuzzy Hash: 2d0ea71f464ad72c5a5d80e249efb02e16eb327d37dc61f81963772d6ae4ad1e
                                                                                                                                    • Instruction Fuzzy Hash: 9BC19334B602059FDB849B64C958B6A7BA6FF89704F414065E902DF3A1CFF5DC12CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062E067A Relevance: .3, Instructions: 329COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372624111.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62e0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a83d2f94e1dcf892656e0f0a47395f5ec8290d6095d3fc8e3aa42b17e56ea048
                                                                                                                                    • Instruction ID: c0fc538e2061bd2edd27e8a054ee9a9d234ef36453595b52a9c6a4205916d316
                                                                                                                                    • Opcode Fuzzy Hash: a83d2f94e1dcf892656e0f0a47395f5ec8290d6095d3fc8e3aa42b17e56ea048
                                                                                                                                    • Instruction Fuzzy Hash: F2C1A334B602059FEB849B64C958B6976A6FFC9704F408065ED029F3A1CFF9EC52CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F48A8 Relevance: .3, Instructions: 277COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1b5b5334f9e74b705dc1a94287707b5553ee22b32bf7ba31749acf594e3cfc88
                                                                                                                                    • Instruction ID: 2cafdde00fc5bce3924494d7dc929a57ab994342f6dfe51e0e46290e62af5dc4
                                                                                                                                    • Opcode Fuzzy Hash: 1b5b5334f9e74b705dc1a94287707b5553ee22b32bf7ba31749acf594e3cfc88
                                                                                                                                    • Instruction Fuzzy Hash: B6B14834B206058FDB44EF39D598A6ABBF6FF88304B1540A8E506DB3A6DB70EC45CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F7D58 Relevance: .1, Instructions: 147COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 50e965dd0ddf8fc78575c822b2f5fcefeae22095b51023687f8962349c3ce86f
                                                                                                                                    • Instruction ID: d2d3d2ee581415d80a212c11b134d878896a97a47def8d4ae84c30084f33eced
                                                                                                                                    • Opcode Fuzzy Hash: 50e965dd0ddf8fc78575c822b2f5fcefeae22095b51023687f8962349c3ce86f
                                                                                                                                    • Instruction Fuzzy Hash: F8513971E20219CFDB54DFA9E880BEEFBF6AF88700F14852AD915A7244DB749841CF80
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062E34D8 Relevance: .1, Instructions: 143COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372624111.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62e0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1f6ceb1bc74ddce8f9f1e0decf05db5ffd154ad8124528a9ed403ee223bdd84c
                                                                                                                                    • Instruction ID: 825fa747b55991264e051f8c1001dad17cf81b38d3e12d48bf7725cc1503f409
                                                                                                                                    • Opcode Fuzzy Hash: 1f6ceb1bc74ddce8f9f1e0decf05db5ffd154ad8124528a9ed403ee223bdd84c
                                                                                                                                    • Instruction Fuzzy Hash: 60514735B506159FCB44CF69C88499EBBF2FF88710B118069E90AAB365DB70EC05CB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F7D4C Relevance: .1, Instructions: 128COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: db3437972b7d555b4729485c2d8bcb095dac3d95e8cef1b8c7a19f9566811059
                                                                                                                                    • Instruction ID: 97dddd552a2eccabf0a3e39c3ef336f97573df508af0e32f4a407d337f4c43a5
                                                                                                                                    • Opcode Fuzzy Hash: db3437972b7d555b4729485c2d8bcb095dac3d95e8cef1b8c7a19f9566811059
                                                                                                                                    • Instruction Fuzzy Hash: E25148B1D20219CFDB54CFA9E985BEDFBF5AF48700F14852AD915AB280DB749842CF81
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F59C8 Relevance: .1, Instructions: 117COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c2ba9268d9263ce823c01727b20927ddc6d4cbeeb3df860e7509e6431dfb224b
                                                                                                                                    • Instruction ID: 07d6735ed1c80249fdd8fd4b8f84f90419d91992783d72ece0830a18f3ae21ec
                                                                                                                                    • Opcode Fuzzy Hash: c2ba9268d9263ce823c01727b20927ddc6d4cbeeb3df860e7509e6431dfb224b
                                                                                                                                    • Instruction Fuzzy Hash: 3D415A35A20606DFCB14CF59C48096AFBF6FF89310B19C9A9EA55AB261D730F811CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F5579 Relevance: .1, Instructions: 101COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c9d0cd270fa057c55298c85860a75270baa5f4cb6b869a653b513bdf42a423bb
                                                                                                                                    • Instruction ID: c89135e57f0b9f20319148016a2518957897130085103cfbcede5b70eff87281
                                                                                                                                    • Opcode Fuzzy Hash: c9d0cd270fa057c55298c85860a75270baa5f4cb6b869a653b513bdf42a423bb
                                                                                                                                    • Instruction Fuzzy Hash: 91318835B152119FDB05DF38D89496EBFB6BF89200B008469F9068B3A6DB34ED45CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F5588 Relevance: .1, Instructions: 96COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0ea73fde203b51eeafa33acfd242a6f301ece9ceb3df98229296c5e1691eee3d
                                                                                                                                    • Instruction ID: 4f8cc03aaf3e5da29fec08df2108583a483811e24b688e1cc39b1e123a15518e
                                                                                                                                    • Opcode Fuzzy Hash: 0ea73fde203b51eeafa33acfd242a6f301ece9ceb3df98229296c5e1691eee3d
                                                                                                                                    • Instruction Fuzzy Hash: 05317534B112119FDB19DF38D89896EBBB6BF89301B018469F906CB3A5DB34ED45CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F87A0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 59f1a4582c77e62614961ff1de4b4583d30f9a50c03906c35830703213471ac9
                                                                                                                                    • Instruction ID: d941869c096874a03a1e008ef578a6e3480524f5d574352900ff7fbd19851869
                                                                                                                                    • Opcode Fuzzy Hash: 59f1a4582c77e62614961ff1de4b4583d30f9a50c03906c35830703213471ac9
                                                                                                                                    • Instruction Fuzzy Hash: 0F41F2B1D1120CDFDB54DFAAD940ADEFFB6AF88310F10802AD919A7250DB34A945CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F8797 Relevance: .1, Instructions: 78COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 701e08d3d63c37fef40da45d10ead2311c0607769ab048caee7f405e39c078d5
                                                                                                                                    • Instruction ID: b0c388ff3c549f18e2c2d5a3ded0f8bd455f93daa6b10f36399d0307d34c06fb
                                                                                                                                    • Opcode Fuzzy Hash: 701e08d3d63c37fef40da45d10ead2311c0607769ab048caee7f405e39c078d5
                                                                                                                                    • Instruction Fuzzy Hash: 8731F2B1D11209DFDB14DFA9D984ADEFFB6AF88300F14802AD515B7250DB389945CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0278D654 Relevance: .1, Instructions: 77COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350164070.000000000278D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0278D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_278d000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3a4b6e8ff4cae2f2ac1e2ec42d5a030c58df90e1ea57e989bf4fd60765d8d2d7
                                                                                                                                    • Instruction ID: f4af3b4f8e3c76627215b9bc12f4f9e0185ce0ee2630aadcc9f64aeeddf5a7ca
                                                                                                                                    • Opcode Fuzzy Hash: 3a4b6e8ff4cae2f2ac1e2ec42d5a030c58df90e1ea57e989bf4fd60765d8d2d7
                                                                                                                                    • Instruction Fuzzy Hash: 85214871640244DFDF25EF24D9C0F26BFA5FB88314F20C669E9091B296C33AD416CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F8A98 Relevance: .1, Instructions: 77COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 33af426ee77bc792df11340d63edd3207c96c5d6bc5e626accf988f03e460cc4
                                                                                                                                    • Instruction ID: 343a324298f1ba41f6e33b1bcc4b9cfdbba3827fcee82123107cf5308ac4a302
                                                                                                                                    • Opcode Fuzzy Hash: 33af426ee77bc792df11340d63edd3207c96c5d6bc5e626accf988f03e460cc4
                                                                                                                                    • Instruction Fuzzy Hash: 1D3114B1D21218DFDF54DFA9D890ADEFBF9AF48310F14842AE909E7240C778A841CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0278D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350164070.000000000278D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0278D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_278d000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d59c0f4bc0d44f1857189ccf7844c69457174039848e0f3de6a2ce36cf432610
                                                                                                                                    • Instruction ID: a10d77156b15a2140bc648e10dd763bdbf03ad5833f96ca017df99750bd273d4
                                                                                                                                    • Opcode Fuzzy Hash: d59c0f4bc0d44f1857189ccf7844c69457174039848e0f3de6a2ce36cf432610
                                                                                                                                    • Instruction Fuzzy Hash: EC2106B1580204DFDB29EF64D9C0F16BF65FB98324F20C569DD0D0B296C33AE456C6A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0279D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350201676.000000000279D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0279D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_279d000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 426585c743f58a83994f03b57cd19b3fe6b8114dc3e2893bcd8dc0880c5738df
                                                                                                                                    • Instruction ID: 53ac3126af1f619624cb708b2b3962aaaa8462ce82fd28d670f5502fb1c80e8c
                                                                                                                                    • Opcode Fuzzy Hash: 426585c743f58a83994f03b57cd19b3fe6b8114dc3e2893bcd8dc0880c5738df
                                                                                                                                    • Instruction Fuzzy Hash: 3521F271604304DFDF24EF28E9C4B26BF65FB88314F20C569D94A4B256C33AD407CA61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F8A8C Relevance: .1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 059b8656ea4c0c7c85d6e26f3ba59d41abb6419bc02dc32fc8c8f31625fb4a04
                                                                                                                                    • Instruction ID: e4e9742dbdbcb96f194560b738e8198b4118323fbdd6292e0ba1c533fbf550ab
                                                                                                                                    • Opcode Fuzzy Hash: 059b8656ea4c0c7c85d6e26f3ba59d41abb6419bc02dc32fc8c8f31625fb4a04
                                                                                                                                    • Instruction Fuzzy Hash: 492113B1D212589FDB14CFA9C894B9EFFF9AF48300F14842AE505E7240D7789845CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0279D007 Relevance: .1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350201676.000000000279D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0279D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_279d000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cf8dae75349ada00d977c492a2fe1bd4629512b1018676f82883c98f02189735
                                                                                                                                    • Instruction ID: bc21485207319bb1153311aeb1cdffc33100779a4d3652fb74c9a7c9a223c4e6
                                                                                                                                    • Opcode Fuzzy Hash: cf8dae75349ada00d977c492a2fe1bd4629512b1018676f82883c98f02189735
                                                                                                                                    • Instruction Fuzzy Hash: CC216F755093C08FDB12DF24D994715BF71EB46214F28C5DAD8898F6A7C33A980ACB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0278D64F Relevance: .1, Instructions: 58COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350164070.000000000278D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0278D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_278d000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
                                                                                                                                    • Instruction ID: 5fb6ce95eda25cf2281a45074d08ad44176806c6fc15b39bc2bfa43077c86e13
                                                                                                                                    • Opcode Fuzzy Hash: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
                                                                                                                                    • Instruction Fuzzy Hash: EB21AF76544280DFDF16DF10D9C4B16BF72FB88314F24C6A9D9490B296C33AD426DBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FBC5F Relevance: .1, Instructions: 58COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ce60b4d0df5c0b0c6240fc9f83428cd15d69f2121c044c7f35762063f50825ee
                                                                                                                                    • Instruction ID: 38b881ff33a6243cc590fcd410e8e09e011c697c12e7ab142d2f1f59eaf5126d
                                                                                                                                    • Opcode Fuzzy Hash: ce60b4d0df5c0b0c6240fc9f83428cd15d69f2121c044c7f35762063f50825ee
                                                                                                                                    • Instruction Fuzzy Hash: 0211E9312502088FC7967738E55486D7BEBEEC23507244868D24BCFE54CE39698ACB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0278D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350164070.000000000278D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0278D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_278d000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                    • Instruction ID: 9fdab25284a90a49e1afb5860e7081ce4b113ac264151f902df9be4ed2cf4178
                                                                                                                                    • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                    • Instruction Fuzzy Hash: 5B112672444240DFCB16DF10D5C4B16BF72FB84324F24C6A9DD090B256C33AE45ACBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F8350 Relevance: .0, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c40f16eee70579fa031612129e1cccd78ee9429d5c724c6bef5e5d5954cda2f1
                                                                                                                                    • Instruction ID: c5138327538877c46f6a810c0058e875d3fdc189f67f4011a2969fa0877ac41a
                                                                                                                                    • Opcode Fuzzy Hash: c40f16eee70579fa031612129e1cccd78ee9429d5c724c6bef5e5d5954cda2f1
                                                                                                                                    • Instruction Fuzzy Hash: 66017172B101199FDF10DAA9AC44ABFFBBAFB84651B148036EA14D3240DB349D1997A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FC499 Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3b185da479ad6e1966184dc0743b541d1ba8025a5916a2070adb267b5275b06c
                                                                                                                                    • Instruction ID: df705ab9d41372edc70278a78b72cac46eb6079cba21808dc706f74d981a24d2
                                                                                                                                    • Opcode Fuzzy Hash: 3b185da479ad6e1966184dc0743b541d1ba8025a5916a2070adb267b5275b06c
                                                                                                                                    • Instruction Fuzzy Hash: DE1104312082008FE325AF69E40862A7BE3EFC5315B208A39D14A8BA45DF749C0ECF91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FBC70 Relevance: .0, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b41ac6738b8f18bbd69d83557b32b5ef7f234ea4760a045489a528e3f794e549
                                                                                                                                    • Instruction ID: d158c5e861a96f75479ce5d51ec282fcfe06984cd26501ef7015578c0c9f910d
                                                                                                                                    • Opcode Fuzzy Hash: b41ac6738b8f18bbd69d83557b32b5ef7f234ea4760a045489a528e3f794e549
                                                                                                                                    • Instruction Fuzzy Hash: 7501B5312402094F8689B738E55492D3ADBEEC12547644828D10B8FA14DD3ABC8BCB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0278DAC5 Relevance: .0, Instructions: 45COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350164070.000000000278D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0278D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_278d000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 67df61b030e8553527eaf68753ccec28ece44c032cc6f84569b311bd16f10125
                                                                                                                                    • Instruction ID: 4a7f3063d071cb5f4ddda44d1748aae589d8a3166609c8c156d2866b7fb403cc
                                                                                                                                    • Opcode Fuzzy Hash: 67df61b030e8553527eaf68753ccec28ece44c032cc6f84569b311bd16f10125
                                                                                                                                    • Instruction Fuzzy Hash: FE01A2311483449EE730AA2AC984B67BFECEF45724F18C46AED091A2C6D3799841CA75
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FE8B0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 302e90fbd7a52e2993ff504f00a3ec652b0392dde22d7fdd368b75ce778cb4cc
                                                                                                                                    • Instruction ID: 3479ef40ee12595aa5e857508db0cc8c78932581faf8a33f91872c05f269cfe1
                                                                                                                                    • Opcode Fuzzy Hash: 302e90fbd7a52e2993ff504f00a3ec652b0392dde22d7fdd368b75ce778cb4cc
                                                                                                                                    • Instruction Fuzzy Hash: FF012634618308DFCB06AF78D8148697FBAEF8620071084F9E940CB272DA32DC11D780
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FC4A8 Relevance: .0, Instructions: 42COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: db00af32c5e8c68c23667f061006b57cdaa4b928bfe76d754aa03643327d019a
                                                                                                                                    • Instruction ID: d604d7b67b0821d0c6bfad4caa487cf7ee0275c6996ed2bdbe91ce95df527e48
                                                                                                                                    • Opcode Fuzzy Hash: db00af32c5e8c68c23667f061006b57cdaa4b928bfe76d754aa03643327d019a
                                                                                                                                    • Instruction Fuzzy Hash: 2201B1302442048FE329BF69E40866A7BE7EFC4715F108A38D14B8BB44DF74AC0ACB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F5508 Relevance: .0, Instructions: 42COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 24523de34358b41ea5a9b5092f4afd175b54045fe6bb7b620efd20efdfd0faa2
                                                                                                                                    • Instruction ID: e172767a6ae4249752fc2332c6af97206e6d91e2b9fe660e06a3d9191504c3a1
                                                                                                                                    • Opcode Fuzzy Hash: 24523de34358b41ea5a9b5092f4afd175b54045fe6bb7b620efd20efdfd0faa2
                                                                                                                                    • Instruction Fuzzy Hash: 2E01F430A31702CFDBA88B39E504523F7F7BF94205B04883CEA0392654DBB5E880CB80
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F6E90 Relevance: .0, Instructions: 41COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9e53058a2b1432b40cef1e987cadb0c5a9541299a25df0828f923361fe85880e
                                                                                                                                    • Instruction ID: 9547588e6bf309586676cc957905d9c524c237c04ee3395373c29041e655ea3e
                                                                                                                                    • Opcode Fuzzy Hash: 9e53058a2b1432b40cef1e987cadb0c5a9541299a25df0828f923361fe85880e
                                                                                                                                    • Instruction Fuzzy Hash: A4F096632081D93EDB525EAA5C11DFB7FEDDB8D161B084056FEA8C1141C428C951A770
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F8F43 Relevance: .0, Instructions: 38COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e6647b6586f3d7e766138d1d33d344275673794977897ac5d814538b9091b8a1
                                                                                                                                    • Instruction ID: 2c1de0d0b954ebdd5ab8563d9781a62d1373eedbcfd7703e4225bbd4664d4a61
                                                                                                                                    • Opcode Fuzzy Hash: e6647b6586f3d7e766138d1d33d344275673794977897ac5d814538b9091b8a1
                                                                                                                                    • Instruction Fuzzy Hash: EE0104B4D6421AEFDB40DFA4E9447AEFBB0FB48301F5081A9E915A3340E7780A41DB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F8F50 Relevance: .0, Instructions: 37COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2f1ea68f395c6029bd5f5b7824d4ce3ad6e8ba5142cbca5f6ed3c7209727b3d8
                                                                                                                                    • Instruction ID: 76d9dafdb1dd1c94a70e4ad8db308969b273452b3f65f85b3e93d175b6baa941
                                                                                                                                    • Opcode Fuzzy Hash: 2f1ea68f395c6029bd5f5b7824d4ce3ad6e8ba5142cbca5f6ed3c7209727b3d8
                                                                                                                                    • Instruction Fuzzy Hash: A501C0B4D2420AEFDB84DFA9D9446AEFBF1FB48301F5085AA9915A3350E7780A41DF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0278DAC4 Relevance: .0, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350164070.000000000278D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0278D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_278d000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: faf1e29911cb5e669e5be037432768366cb8d13cc9e1c4d394d9147e6d9de162
                                                                                                                                    • Instruction ID: 3f09aacc04847b5d3e7957e61ec0d0a874537625108aacb5c1f3260fbce44dcf
                                                                                                                                    • Opcode Fuzzy Hash: faf1e29911cb5e669e5be037432768366cb8d13cc9e1c4d394d9147e6d9de162
                                                                                                                                    • Instruction Fuzzy Hash: 99F06272404384AEE7249E16D8C4B66FFE8EF45624F18C55AED484A286D3799844CA71
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FC170 Relevance: .0, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f8c7203555584d5d60d31550b5bc35524df078b1185eddf1da070abf6545ef42
                                                                                                                                    • Instruction ID: 436cab7bf1d9889cbd56340ad602dc7671198c39b60603e5f1105d15455f0ae5
                                                                                                                                    • Opcode Fuzzy Hash: f8c7203555584d5d60d31550b5bc35524df078b1185eddf1da070abf6545ef42
                                                                                                                                    • Instruction Fuzzy Hash: 2B01D135509B049FD722EF25E448452BBF6FF49340710CA6EE58A86A10DB30A54ACF84
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F6EA0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 548d5ddd15fd21609394ac15166f64f09a80cb3b99559456175271dcebda388a
                                                                                                                                    • Instruction ID: 9ea560c10c03744f38846f8248f451e73a5dfcc7b4452ac5571f7e10a2aab61a
                                                                                                                                    • Opcode Fuzzy Hash: 548d5ddd15fd21609394ac15166f64f09a80cb3b99559456175271dcebda388a
                                                                                                                                    • Instruction Fuzzy Hash: 8BF0A7722041E83F8B115E9A5C10CFB7FEDDA8E1617084056FEE8D2141C43DCD21ABB0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FACB8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a695cec0535540b478f15b625cfe595c66ef37558a4942f0b116bb54d29ca2bd
                                                                                                                                    • Instruction ID: 0ad7fc7d23dd4e6f622559599256b7e05c537927131b87edc69ad1dc2ecdb7ea
                                                                                                                                    • Opcode Fuzzy Hash: a695cec0535540b478f15b625cfe595c66ef37558a4942f0b116bb54d29ca2bd
                                                                                                                                    • Instruction Fuzzy Hash: 3FF09E717183558FC72717786C5447D7F6AEDC669130440EAF68BCB291CA144903C3E1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F67C8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5e5b80a7e028375103f059d6e88145a6db944363c6f2bec0ef033e6a51294147
                                                                                                                                    • Instruction ID: aee7205274d7211ee8f274e5bdda4b15e9254b3bd1e9c52aec68ce7c6695622c
                                                                                                                                    • Opcode Fuzzy Hash: 5e5b80a7e028375103f059d6e88145a6db944363c6f2bec0ef033e6a51294147
                                                                                                                                    • Instruction Fuzzy Hash: 47F09031B683006FD7208B68E851F957FE9DB82761F14817AF614CB1E2D6A1E849D740
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FC110 Relevance: .0, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: eb2c6586d35ae237408981da01d681352322d8090913b04b2b48d30354098f65
                                                                                                                                    • Instruction ID: 4e253db39a8bdc6916fa93dfae8c74974a2cfd26f092dc5613bfb97da7432745
                                                                                                                                    • Opcode Fuzzy Hash: eb2c6586d35ae237408981da01d681352322d8090913b04b2b48d30354098f65
                                                                                                                                    • Instruction Fuzzy Hash: D6F096302497D45FC312A738F91879B7FEADF82214B0404AEE286CB652CA656905C7A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FADE9 Relevance: .0, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f5bb1b1e5770a5c3af8e8c10a44192e7c404b583ecc545d1a2a6915fcb8ee8f5
                                                                                                                                    • Instruction ID: 422124e00bddbd4b133bee086cc0f181c896166ec2d49a7d93233c1531b8b209
                                                                                                                                    • Opcode Fuzzy Hash: f5bb1b1e5770a5c3af8e8c10a44192e7c404b583ecc545d1a2a6915fcb8ee8f5
                                                                                                                                    • Instruction Fuzzy Hash: 68F02731204101ABC3202B6EF858A9FBFDBEFCA761F004138F11EC3242CE66284597A5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F8FC0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: decff067c259495d90ceeda23ce00a97bdf3dce202b8cd1f6be53b9dc1b3dec0
                                                                                                                                    • Instruction ID: 638908444936d2c00a6fdf17a9b58ecfb254c1d2d0006012d6946b4f0e19d5ac
                                                                                                                                    • Opcode Fuzzy Hash: decff067c259495d90ceeda23ce00a97bdf3dce202b8cd1f6be53b9dc1b3dec0
                                                                                                                                    • Instruction Fuzzy Hash: 87F0AFB4C281499FDB40CFA4D4045ADFFB0EB5A201F4042E6ED02E7261E6794A01DB40
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F8341 Relevance: .0, Instructions: 32COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1acf4bf5fc05bcc62a103325041eb4ed57eab8d824711b55a399e143b8edb588
                                                                                                                                    • Instruction ID: f448119ab17a068ff72fb0ea98f9cb4056b4f190f23bf9db90cea64d48649bb6
                                                                                                                                    • Opcode Fuzzy Hash: 1acf4bf5fc05bcc62a103325041eb4ed57eab8d824711b55a399e143b8edb588
                                                                                                                                    • Instruction Fuzzy Hash: C8F0A732F2411A5B8B109A69AC449BFBFB9EB95151B080037E914C3141FB34891997A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F54F8 Relevance: .0, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0c93ea4406227834d86bcc40e2dcb070f27f2f7f86eef4dbdf3c0d1b06ca3464
                                                                                                                                    • Instruction ID: c810fc3657f97c856eaa54b84084119e611a7a917288b73075207ac8ed2a2c24
                                                                                                                                    • Opcode Fuzzy Hash: 0c93ea4406227834d86bcc40e2dcb070f27f2f7f86eef4dbdf3c0d1b06ca3464
                                                                                                                                    • Instruction Fuzzy Hash: 0BF0B4355307428FDBA5CF21D9007A7BBF2BF80319F08897DD88656A65D7B9E489CB40
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FADF8 Relevance: .0, Instructions: 28COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 73ac4511194aed56425933443f64191bc6dccc58741f94044be7f40009b0474d
                                                                                                                                    • Instruction ID: b849e014462d4c7c7d8ccc9d524989db0445306b7f74a13f29daea04ec888ddc
                                                                                                                                    • Opcode Fuzzy Hash: 73ac4511194aed56425933443f64191bc6dccc58741f94044be7f40009b0474d
                                                                                                                                    • Instruction Fuzzy Hash: 9DE092312002006BC3142A6AF888A9E7ADFEBCA761B40403CF20ED3241CE69680597B5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FC180 Relevance: .0, Instructions: 27COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8c0aba2ba29df8240cba5c2a2d4ee6791e4f2d6a4c1b1f6c6147982f49e8ee9b
                                                                                                                                    • Instruction ID: b83f42d5de74e35f06e334fb56055d83e6bf3e3728ef22c9814caef9e1bf7d57
                                                                                                                                    • Opcode Fuzzy Hash: 8c0aba2ba29df8240cba5c2a2d4ee6791e4f2d6a4c1b1f6c6147982f49e8ee9b
                                                                                                                                    • Instruction Fuzzy Hash: 97F09A74504B018FD725EF26E448552BBF7FB88304710C62EEA8B82A10DB70A54ACF84
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FB500 Relevance: .0, Instructions: 26COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 80bd0ba4d64a71e8162d650b151a24fe47fed68b1e558d2dbd6ddac8aa156d8a
                                                                                                                                    • Instruction ID: b2c4fb7bc7ec9a5708abfff2dc9283ca47a84df5f247e72f44d792cc56d2d868
                                                                                                                                    • Opcode Fuzzy Hash: 80bd0ba4d64a71e8162d650b151a24fe47fed68b1e558d2dbd6ddac8aa156d8a
                                                                                                                                    • Instruction Fuzzy Hash: F0F01535D0520CBFCB01DFB4D9498DEBBB9EB44240F1082AAA905E7240EA315B45DB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FC120 Relevance: .0, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 73de430a07b2325468c5e29f1f928445bc9de0f061a32a1124614a247e062ec8
                                                                                                                                    • Instruction ID: ef9ef02dde484a772050d7e1b10e45af43c49966e5a61d5923dbe975dd4e8060
                                                                                                                                    • Opcode Fuzzy Hash: 73de430a07b2325468c5e29f1f928445bc9de0f061a32a1124614a247e062ec8
                                                                                                                                    • Instruction Fuzzy Hash: E4E0A0302047505FC211A72DF51879E7BEBDF81314F040429E2468BA00CBA5A806CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FCC38 Relevance: .0, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6055f8ae9204c18fe3503291836f8ab97e8a4358129e520b70800b4c4dd4deb6
                                                                                                                                    • Instruction ID: 831957f11bdb5e704ea767ab55f864c36840eaf368f62a146f037961476da5a4
                                                                                                                                    • Opcode Fuzzy Hash: 6055f8ae9204c18fe3503291836f8ab97e8a4358129e520b70800b4c4dd4deb6
                                                                                                                                    • Instruction Fuzzy Hash: A4E0D8322092448FC712FF15F8505897BB1EF81760B204276C186CF665D730480ACB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FCE88 Relevance: .0, Instructions: 24COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 30e7dafed4233d2bf168335fd3483ebcc007c1049e362795488cf1338f6eff12
                                                                                                                                    • Instruction ID: 60c56e2e5bc12cce69bcc19f5ecbefe8e1f66850c780c0d1c393ccf697866bb8
                                                                                                                                    • Opcode Fuzzy Hash: 30e7dafed4233d2bf168335fd3483ebcc007c1049e362795488cf1338f6eff12
                                                                                                                                    • Instruction Fuzzy Hash: 77E0D87415D341EFE703F724F4455593FB5DF0172072001A9D8468F959EA34CC45C791
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F5698 Relevance: .0, Instructions: 23COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 863d8aefedaad1e3119ab99b02dd88d0bc9ebf7b36ddda6004edae596f430221
                                                                                                                                    • Instruction ID: 8adf1b047e521bd95037a39205597a08e9e26013428c68cb1d03cae59d12d37c
                                                                                                                                    • Opcode Fuzzy Hash: 863d8aefedaad1e3119ab99b02dd88d0bc9ebf7b36ddda6004edae596f430221
                                                                                                                                    • Instruction Fuzzy Hash: 34E092B210D3119FE304DB20E840896BBE4EF91320B05886EF480D7281E731E841C7A5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FE1FF Relevance: .0, Instructions: 22COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 09afbdc7d09f38ec4472e2d3fe0cea86f04d4afad0a6077015897e3a771b160e
                                                                                                                                    • Instruction ID: 40de9073c87db5574adb8fc088503aef2f279e148e6cf148080484a733955fb0
                                                                                                                                    • Opcode Fuzzy Hash: 09afbdc7d09f38ec4472e2d3fe0cea86f04d4afad0a6077015897e3a771b160e
                                                                                                                                    • Instruction Fuzzy Hash: 6BE0DF71A49208EFCB01DF68E8009AE3BB6DB8221073043DAD80AEB6A0E6304F15D751
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FAC80 Relevance: .0, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c89ceec3658f166210283173a135496e430b9174031bf792203c7dc38a966408
                                                                                                                                    • Instruction ID: 72dd2c52cb6b0884d93e2a29efe98969ec06d66bb27569829fce3e090b415426
                                                                                                                                    • Opcode Fuzzy Hash: c89ceec3658f166210283173a135496e430b9174031bf792203c7dc38a966408
                                                                                                                                    • Instruction Fuzzy Hash: AFD05B3130021557CA09376DF4584AE77AFDBC56613004039F70BD3240DE755D0687D6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FE8F8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: aa0d2adfc705bc73f868fb66a98077656a04208e943cf25e644d5ca7777cb62e
                                                                                                                                    • Instruction ID: 4b1cccab4600fa3cbbfc5aee51fbf17933efcc513a525405b769a89f119da720
                                                                                                                                    • Opcode Fuzzy Hash: aa0d2adfc705bc73f868fb66a98077656a04208e943cf25e644d5ca7777cb62e
                                                                                                                                    • Instruction Fuzzy Hash: 55E0123A164248DFC7529F54D8508557FB5FF4965035550C5F6C48F272D731D821DB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FB510 Relevance: .0, Instructions: 19COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3e2cb68e4b47d9b3bb227be6efd3d07db6438a8f9bdef61436e4c920955d4b87
                                                                                                                                    • Instruction ID: 3c004daa3a7647c641911670045b1ddc9fe9a46bc5626442079772b9cc487aa3
                                                                                                                                    • Opcode Fuzzy Hash: 3e2cb68e4b47d9b3bb227be6efd3d07db6438a8f9bdef61436e4c920955d4b87
                                                                                                                                    • Instruction Fuzzy Hash: DCE07575D0420CFFCB40DFA4D5448DDBBB9EB48240F1082A6D905A3200EA315B55DB80
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FE280 Relevance: .0, Instructions: 18COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 87556ce2da2e05425b7e5a229031f13d3b5e2d26a91d232ac5cc342c91bd0852
                                                                                                                                    • Instruction ID: c1b77f2f9e60f292cfe24b8baaf492e95c2e4cd3c74c4f2b46187c171fd1b3de
                                                                                                                                    • Opcode Fuzzy Hash: 87556ce2da2e05425b7e5a229031f13d3b5e2d26a91d232ac5cc342c91bd0852
                                                                                                                                    • Instruction Fuzzy Hash: B7E026311041028FE70CFB14FD9AA44B3A6E748B04F100218C8070FA68E7705A29CBC0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FE210 Relevance: .0, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9d9f9d85d5892a29e25cd7a58932bab2536f98f301bbb7ae0fd6f601b51ca040
                                                                                                                                    • Instruction ID: 638477acdc15bb4d1a9e087364f5d7547c7e28ddabf633ac2254f47686ec4062
                                                                                                                                    • Opcode Fuzzy Hash: 9d9f9d85d5892a29e25cd7a58932bab2536f98f301bbb7ae0fd6f601b51ca040
                                                                                                                                    • Instruction Fuzzy Hash: 6CD01771A0420CFF8B40EFA8E90195DBBBAEB44214B2041A9D50AEB600EA316F009B90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FF8EB Relevance: .0, Instructions: 14COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d25952c85d2ce43360393e450955a83046773626f6ebcd00415d01c50d7b0d28
                                                                                                                                    • Instruction ID: 0e379c4eb3c5066abf7f73e2635b6a8da90e353c63ebd7fa9086cff836e03156
                                                                                                                                    • Opcode Fuzzy Hash: d25952c85d2ce43360393e450955a83046773626f6ebcd00415d01c50d7b0d28
                                                                                                                                    • Instruction Fuzzy Hash: EDC012B2B481200B4284B66CB01406E66D782C86A33A7406BE60EC7388CD708C428794
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FDFD1 Relevance: .0, Instructions: 9COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4f7be34b6c0244eced063ced219034cbcccc3d6c6ccc9ec041bc03db3875d20f
                                                                                                                                    • Instruction ID: 2bdb6014766b7c8d8e817dee05e518f1f188d68665668ef5a9c265d4980eb44d
                                                                                                                                    • Opcode Fuzzy Hash: 4f7be34b6c0244eced063ced219034cbcccc3d6c6ccc9ec041bc03db3875d20f
                                                                                                                                    • Instruction Fuzzy Hash: B7C08C3418F3D02EDB0203348C0D4853E219B8221031100DAA200CF0A2DA110001C791
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F3721 Relevance: .0, Instructions: 8COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dce9e25ea69cb5769fd58a194a024bdd8274d1549dfc40996af59a3505741366
                                                                                                                                    • Instruction ID: a30c3e22b4b386a2463da85451018ada71d35786444a62ab68435547895745da
                                                                                                                                    • Opcode Fuzzy Hash: dce9e25ea69cb5769fd58a194a024bdd8274d1549dfc40996af59a3505741366
                                                                                                                                    • Instruction Fuzzy Hash: 33C09272A5A2415BE700DBA0BC1AFA13E60AB94B02F065111E78286093C7A9519ACBA6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 079F21D8 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Haq
                                                                                                                                    • API String ID: 0-725504367
                                                                                                                                    • Opcode ID: 45aa843cf3240a3e926ac7c8126ccbf8375da2feebe236c53b59e1e9dbb2dcfb
                                                                                                                                    • Instruction ID: 4f6c64634d8f8597be97579d9d26656d2581d8109e6bfb592d3e0e9932ec4fc5
                                                                                                                                    • Opcode Fuzzy Hash: 45aa843cf3240a3e926ac7c8126ccbf8375da2feebe236c53b59e1e9dbb2dcfb
                                                                                                                                    • Instruction Fuzzy Hash: DFE1E0B4E002298FDB14CFA9C884BEEBBB2FF89314F1481A9D518B7255D7749A85CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F21C8 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Haq
                                                                                                                                    • API String ID: 0-725504367
                                                                                                                                    • Opcode ID: 20bb29ab84f50af3959f234b2250a9c70f107036d1c634fe3dde408e65823e14
                                                                                                                                    • Instruction ID: 3d609fca27be3db4aed8d9e31146deff6fb0a4b4893531ae18ca84c3fcd51cf8
                                                                                                                                    • Opcode Fuzzy Hash: 20bb29ab84f50af3959f234b2250a9c70f107036d1c634fe3dde408e65823e14
                                                                                                                                    • Instruction Fuzzy Hash: 4B611AB1D002298FDB14CFAAC884BEEFBF6BF88314F0485A9D518A7251D7745A86CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F2AF0 Relevance: .9, Instructions: 868COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a975e4c2597e5d535ede98c066e147478b1191ce80899e05f8220900cd7e358e
                                                                                                                                    • Instruction ID: d9adf49b9a01003aba601f80c40e1d9fa0467e75761d61574e02986e6b80a733
                                                                                                                                    • Opcode Fuzzy Hash: a975e4c2597e5d535ede98c066e147478b1191ce80899e05f8220900cd7e358e
                                                                                                                                    • Instruction Fuzzy Hash: C2920DB4A101168FC754DF68C991BAEB7B2FF88304F55C6A9D609AB346C734E981CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F6FE8 Relevance: .8, Instructions: 784COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7c510b7efa41c7f00d2e721a336c58491d7ccfa8cf8e2ccd6b3ea18fdedc9ccb
                                                                                                                                    • Instruction ID: be56fef0f19d2934a2ad5c43997a17f29ba22d76459e64106858cee7e0a64527
                                                                                                                                    • Opcode Fuzzy Hash: 7c510b7efa41c7f00d2e721a336c58491d7ccfa8cf8e2ccd6b3ea18fdedc9ccb
                                                                                                                                    • Instruction Fuzzy Hash: FB624FB06402009FD749EF19D45871A7AEAEF84308F64C89CC10D9F296DFBAD90BCB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062F6FF8 Relevance: .8, Instructions: 780COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 47027ab00a16dbff0f23774a9e2dc7f98eb0d3ebd666849ceeb3c8c0186e32b4
                                                                                                                                    • Instruction ID: 011371b30e7c21860908c60a28da5fd6a849bacf66b59ac67f944657e374185c
                                                                                                                                    • Opcode Fuzzy Hash: 47027ab00a16dbff0f23774a9e2dc7f98eb0d3ebd666849ceeb3c8c0186e32b4
                                                                                                                                    • Instruction Fuzzy Hash: 56623FB06402009FD749EF19D45871A7AEAEF84308F64C99CC10D9F396DFBAD90B8B95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F2AE0 Relevance: .5, Instructions: 500COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 32e4b8ec22d9ba557d73ba6a0c733e12cb03ad6a821e287f2619e4dea4142a6b
                                                                                                                                    • Instruction ID: b8616c97908e5816ef015606eb0c0040bdca51acbfd149bd83ef6e529502ecca
                                                                                                                                    • Opcode Fuzzy Hash: 32e4b8ec22d9ba557d73ba6a0c733e12cb03ad6a821e287f2619e4dea4142a6b
                                                                                                                                    • Instruction Fuzzy Hash: 77320DB4A001259FD754DF68C990BADBBB2FF88304F55C6A9D509AB346C734E981CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04FA0040 Relevance: .3, Instructions: 315COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2371538854.0000000004FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_4fa0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 93da33d5d8ccdf9cbd196ec9e39c1e4b69ed9816eba519e07dc8c78b65288cb1
                                                                                                                                    • Instruction ID: eb345b6fb284dbc69a3f4596d8faa56a53ac2fbad601b481fbb77c85ffb461b0
                                                                                                                                    • Opcode Fuzzy Hash: 93da33d5d8ccdf9cbd196ec9e39c1e4b69ed9816eba519e07dc8c78b65288cb1
                                                                                                                                    • Instruction Fuzzy Hash: 531296B8C817458AEB10CF25F94C1893BB1B751718BF04A29D2613B6E5DBBC35AACF44
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0289DC74 Relevance: .3, Instructions: 264COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350521079.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_2890000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bf8f0cecf29579dc3d7d70be4e8b60f24e85104bda1e5d6ed4597058cbcdf866
                                                                                                                                    • Instruction ID: fc3fd57b7c64c441648f14a28dc1a52d133b1af31dcb42e9af8504926f4873c6
                                                                                                                                    • Opcode Fuzzy Hash: bf8f0cecf29579dc3d7d70be4e8b60f24e85104bda1e5d6ed4597058cbcdf866
                                                                                                                                    • Instruction Fuzzy Hash: FCA17E3AE002198FCF09DFB8C94059EB7B2FF85304B19856AE905EB265DB75E915CF80
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F93C8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f715ddb5a1194e8fcca1d7d959b333d32834f1802ab53859c8c2d9c0b9054176
                                                                                                                                    • Instruction ID: ff9c56bf74412b019dd1fe17501882f87f141e57e7e621441a6f2172b2562da4
                                                                                                                                    • Opcode Fuzzy Hash: f715ddb5a1194e8fcca1d7d959b333d32834f1802ab53859c8c2d9c0b9054176
                                                                                                                                    • Instruction Fuzzy Hash: E3C19F74E01218CFDB54DFA9D890B9DBBB2FF89304F1085A9D409AB354DB349986CF41
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F93D8 Relevance: .3, Instructions: 257COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a5c0b31a7d573a589103e5bc1a43d44a5776971ed7ae1ab89d470d32fe4068dd
                                                                                                                                    • Instruction ID: 3036322bfc5c8878772bdc647a435ef4122660dcf157a3e311a1048c9e8d8e52
                                                                                                                                    • Opcode Fuzzy Hash: a5c0b31a7d573a589103e5bc1a43d44a5776971ed7ae1ab89d470d32fe4068dd
                                                                                                                                    • Instruction Fuzzy Hash: F8C17E74E01218CFDB55DFA9D890B9DBBB2FF89300F2085AAD409AB355DB349986CF41
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F4FB8 Relevance: .2, Instructions: 238COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2c8b011972962e005884b44c00f5c54ac837903ed59b63d7b5b29ebb1828ec0d
                                                                                                                                    • Instruction ID: fedcb97022c02dc6467fd033442329972a68cb12da2677bae5be77197c306fc5
                                                                                                                                    • Opcode Fuzzy Hash: 2c8b011972962e005884b44c00f5c54ac837903ed59b63d7b5b29ebb1828ec0d
                                                                                                                                    • Instruction Fuzzy Hash: 59B1E674A01209DFDB10CFA8C584A8EFBF5FF49319F5AC1A5E514AB216D730E985CB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04FA001C Relevance: .2, Instructions: 234COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2371538854.0000000004FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_4fa0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5b816d26cabaa90ade94ca3c2d6a28addaa8e3cc8820defb526b4c8d78724d54
                                                                                                                                    • Instruction ID: 8fefa92ce6dea329abdedac9b6d44b61812aaf79be6834208328a6eeb6389418
                                                                                                                                    • Opcode Fuzzy Hash: 5b816d26cabaa90ade94ca3c2d6a28addaa8e3cc8820defb526b4c8d78724d54
                                                                                                                                    • Instruction Fuzzy Hash: 01C1F9B8C807458BEB10CF25E8481897BB1FB95314FB04A29D2617B2D5DBBC35AACF44
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 028925D8 Relevance: .1, Instructions: 110COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2350521079.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_2890000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9fa030e4f065f082ee448d39e9d31b89799dddc3919a6871cbceede8168cf24e
                                                                                                                                    • Instruction ID: 1612d40ca0092452f70757039196d8837dc80668f3c50112f1fbc9dab66da287
                                                                                                                                    • Opcode Fuzzy Hash: 9fa030e4f065f082ee448d39e9d31b89799dddc3919a6871cbceede8168cf24e
                                                                                                                                    • Instruction Fuzzy Hash: 8731611A899BF06FCB139A7A58700C13F60DC5722D70953C7C5A4CA6FFE549458BC3A6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F6050 Relevance: .1, Instructions: 98COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f844fb02a64601d6b1a95cf797f3f293e01b14bb6e8ecdc789451dcc82799fd0
                                                                                                                                    • Instruction ID: f2997bb129974ef01d5c7bc94c43380859dcb0fd4172042474665d40c7c37d6b
                                                                                                                                    • Opcode Fuzzy Hash: f844fb02a64601d6b1a95cf797f3f293e01b14bb6e8ecdc789451dcc82799fd0
                                                                                                                                    • Instruction Fuzzy Hash: C441E9B1E002188FDB18DFAAD8507DEBBF2BF89304F14C1AAC509A7251DB345985CF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F5878 Relevance: .1, Instructions: 94COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9e945c4b48b757076dc7eafa83e7206f30b8bd4978f3f376a01ee8e1b682e6b6
                                                                                                                                    • Instruction ID: 18c0ddc5841c5576b4ef9101736d9ffdd2c7cf582039d381265307841bbee8bd
                                                                                                                                    • Opcode Fuzzy Hash: 9e945c4b48b757076dc7eafa83e7206f30b8bd4978f3f376a01ee8e1b682e6b6
                                                                                                                                    • Instruction Fuzzy Hash: 5441E7B1E002298FDB18DFAAD8447DEBBF2BF88314F14C16AC519AB294DB344946CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 079F6B28 Relevance: .1, Instructions: 82COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2375981114.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_79f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2905d4d9bad9f838e118234dbd5a44bcd108fac1fa13f0536a23c1f999e586cc
                                                                                                                                    • Instruction ID: 66b3fc4ce17e58a93c13bbd2cc7e0ecbc0474bdd68432db58d5ab6b41a0db270
                                                                                                                                    • Opcode Fuzzy Hash: 2905d4d9bad9f838e118234dbd5a44bcd108fac1fa13f0536a23c1f999e586cc
                                                                                                                                    • Instruction Fuzzy Hash: 6F31D1B1E003188BDB18DFAAD8446DEFBF6AF88314F14C13AC409AB265EB345946CF40
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FE2C7 Relevance: 46.6, Strings: 37, Instructions: 387COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj
                                                                                                                                    • API String ID: 0-3332464785
                                                                                                                                    • Opcode ID: 869746a2becfb8d91e6a221e5935053aa027d2734059e6e871ee3e8e80d0a6b8
                                                                                                                                    • Instruction ID: 867798b237b4f1212c15368f59647e4f4e950e02640b87c0bf9a36dd52b9a327
                                                                                                                                    • Opcode Fuzzy Hash: 869746a2becfb8d91e6a221e5935053aa027d2734059e6e871ee3e8e80d0a6b8
                                                                                                                                    • Instruction Fuzzy Hash: EDD1D1303406156BC20B76A4EE55ABDA697FF87704B904838D1084F7A9DF79AC1F9B82
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FE2D8 Relevance: 46.6, Strings: 37, Instructions: 383COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj
                                                                                                                                    • API String ID: 0-3332464785
                                                                                                                                    • Opcode ID: 52453e8d5d1c2ca01f06cd98f1f6ae22c7f140a13c657a54416f9397e5909174
                                                                                                                                    • Instruction ID: ec90f291a01b50249fb6998716c91e25f87671f7068580df126ebbcd749cc0eb
                                                                                                                                    • Opcode Fuzzy Hash: 52453e8d5d1c2ca01f06cd98f1f6ae22c7f140a13c657a54416f9397e5909174
                                                                                                                                    • Instruction Fuzzy Hash: 5DD1C0303406146BC20B76A4EE54ABDA697FF8B704B904838D1084F799DF79AC1F9B83
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FCC7F Relevance: 16.4, Strings: 13, Instructions: 151COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj
                                                                                                                                    • API String ID: 0-2675541404
                                                                                                                                    • Opcode ID: 87a30283f5f50f959bde0c38d9f8dfcce5848f7654fdb804578a7d989613b849
                                                                                                                                    • Instruction ID: 01d8b6cdf22c81ec4f429185b6a2589d339a7bb1c11f0df0dcb6e47d292a751f
                                                                                                                                    • Opcode Fuzzy Hash: 87a30283f5f50f959bde0c38d9f8dfcce5848f7654fdb804578a7d989613b849
                                                                                                                                    • Instruction Fuzzy Hash: 8D41A4303406156BD20677A4EE45AAE6697FB87700B504838D2084F79ADF79AD0F8B97
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FCC90 Relevance: 16.4, Strings: 13, Instructions: 143COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj
                                                                                                                                    • API String ID: 0-2675541404
                                                                                                                                    • Opcode ID: e72e289499e8c2f75dabaac62d38020ca0830c4a31683253e9688017357d0fe4
                                                                                                                                    • Instruction ID: 8250e0f6140405d5730580aa7f5eaef8db59e74418139e2919ca146d65219468
                                                                                                                                    • Opcode Fuzzy Hash: e72e289499e8c2f75dabaac62d38020ca0830c4a31683253e9688017357d0fe4
                                                                                                                                    • Instruction Fuzzy Hash: BF41B5303406152BD20676A4EE45ABE669BFB8B700F504838D2084F799CF79AD0F8B96
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FCED1 Relevance: 10.1, Strings: 8, Instructions: 104COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj
                                                                                                                                    • API String ID: 0-975092858
                                                                                                                                    • Opcode ID: 4446d512f7b88c05a3febc11633194350b6853661e8a673a04833b9c8564c7ff
                                                                                                                                    • Instruction ID: eb621a7e0d2a1c0c1bea0781fe76db1a6f1a56db98e2ccac4fb2f1d05b1bd511
                                                                                                                                    • Opcode Fuzzy Hash: 4446d512f7b88c05a3febc11633194350b6853661e8a673a04833b9c8564c7ff
                                                                                                                                    • Instruction Fuzzy Hash: 5631E6303402116FC7077AA4E944ABDB69BFB87710B504838D1088F79ADF79AD0F8B96
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FCEE0 Relevance: 10.1, Strings: 8, Instructions: 93COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj
                                                                                                                                    • API String ID: 0-975092858
                                                                                                                                    • Opcode ID: 34e19f8609688273f1d866152230a67d04aa126b50a929f2e4617080a89eea10
                                                                                                                                    • Instruction ID: 8021c150cbbef9be4cfb1f1348f73f816bd99907fa501e4667e047ae0bce7c90
                                                                                                                                    • Opcode Fuzzy Hash: 34e19f8609688273f1d866152230a67d04aa126b50a929f2e4617080a89eea10
                                                                                                                                    • Instruction Fuzzy Hash: 2021D7307402152BC70676A4E944ABDA69BFB87714F904838D20C4F799DF79AC0F8B96
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FC968 Relevance: 8.8, Strings: 7, Instructions: 88COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj
                                                                                                                                    • API String ID: 0-3690536320
                                                                                                                                    • Opcode ID: 52234d6d713fef057169d39decbd9c1aebb75be4d5ecd5b9011fa5ac7b68832b
                                                                                                                                    • Instruction ID: d4269d7d37296601a66a4abe4cb631d08322d1a4a229f3f096f4c71a53a4a825
                                                                                                                                    • Opcode Fuzzy Hash: 52234d6d713fef057169d39decbd9c1aebb75be4d5ecd5b9011fa5ac7b68832b
                                                                                                                                    • Instruction Fuzzy Hash: 8431F131340256AFCB062BA4EC549AD7BA7FF867047104478E1098FAA9CE785D4FCBC2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FC978 Relevance: 8.8, Strings: 7, Instructions: 83COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Dsj$Dsj$Dsj$Dsj$Dsj$Dsj$Dsj
                                                                                                                                    • API String ID: 0-3690536320
                                                                                                                                    • Opcode ID: cf4d81c95988cb2797711aac973075bce65bbf635076c9e8b698232ad4ba95c1
                                                                                                                                    • Instruction ID: bc926aa5d1bebcd44648ad93d7b7ab0c9d97884e757fbee1fb84cacdf7c1a994
                                                                                                                                    • Opcode Fuzzy Hash: cf4d81c95988cb2797711aac973075bce65bbf635076c9e8b698232ad4ba95c1
                                                                                                                                    • Instruction Fuzzy Hash: 2221A031740116ABCB063BA5E9548AE77A7FF867047104038E1098FBA9CE785D4F8FC2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FD538 Relevance: 7.6, Strings: 6, Instructions: 82COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Dsj$Dsj$Dsj$Dsj$Dsj$Dsj
                                                                                                                                    • API String ID: 0-118940947
                                                                                                                                    • Opcode ID: f6aecb45beca92a2ff8e34bf460ee3b65dd3f1b88b9a9d9d9c43bfed83137f6f
                                                                                                                                    • Instruction ID: ee46a38f7e4d0fb8eda93b8f2bec3ecdbca9e1e2237b452cdc7ae1887e3b1e18
                                                                                                                                    • Opcode Fuzzy Hash: f6aecb45beca92a2ff8e34bf460ee3b65dd3f1b88b9a9d9d9c43bfed83137f6f
                                                                                                                                    • Instruction Fuzzy Hash: 2221C7307402102BD30776A4E994AADB69BEB87714F504938D1088F796CF796D1E87A2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FD548 Relevance: 7.6, Strings: 6, Instructions: 73COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Dsj$Dsj$Dsj$Dsj$Dsj$Dsj
                                                                                                                                    • API String ID: 0-118940947
                                                                                                                                    • Opcode ID: e6efcf10f345782233ebb0a694a3ccc58b1452a717ade03b856f6fce20555d51
                                                                                                                                    • Instruction ID: 718b063b40a3b416c236add06a847142669606dc31a535b0076b0b7a79847f78
                                                                                                                                    • Opcode Fuzzy Hash: e6efcf10f345782233ebb0a694a3ccc58b1452a717ade03b856f6fce20555d51
                                                                                                                                    • Instruction Fuzzy Hash: AD11EB307402142BC20677A5E984AADA69BFB87714F904938D1084F79ACF7AAD1F8793
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 062FED10 Relevance: 5.2, Strings: 4, Instructions: 241COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2372647743.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_62f0000_ExAXLXWP9K.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: (_]q$(_]q$(_]q$(_]q
                                                                                                                                    • API String ID: 0-2651352888
                                                                                                                                    • Opcode ID: 07880e1e590e22dbcbd7fc8f5a2dcfb33cedfb5038b310b7ea9127df2bcb43b3
                                                                                                                                    • Instruction ID: 0bf4fc4d98ec8260b2f2926d46f573374eadbbf86daa9c46fe92709f2844c3f8
                                                                                                                                    • Opcode Fuzzy Hash: 07880e1e590e22dbcbd7fc8f5a2dcfb33cedfb5038b310b7ea9127df2bcb43b3
                                                                                                                                    • Instruction Fuzzy Hash: 5E91CC34B18304AFCB09AF68C4545AEBBB2FF85310F2584AADD46DB391DA35DD06CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%