Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
G4jZEW68K1.exe

Overview

General Information

Sample name:G4jZEW68K1.exe
renamed because original name is a hash value
Original sample name:caadab8341e6460bf472806fb5f4396d.exe
Analysis ID:1431174
MD5:caadab8341e6460bf472806fb5f4396d
SHA1:ed3ad1338f98090aba0ef3e9a2f6ea979f1c6565
SHA256:b7abfce92efecdb6b034b4474668dc7cc08aaf7a8b6490fd3eb0fb5506024577
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected RedLine Stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Installs new ROOT certificates
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • G4jZEW68K1.exe (PID: 3012 cmdline: "C:\Users\user\Desktop\G4jZEW68K1.exe" MD5: CAADAB8341E6460BF472806FB5F4396D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["103.113.70.99:2630"], "Bot Id": "spoo", "Authorization Header": "a442868c38da8722ebccd4819def00b2"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
G4jZEW68K1.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000000.1987483406.0000000000482000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000000.00000002.2158295604.0000000002AAD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Process Memory Space: G4jZEW68K1.exe PID: 3012JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 1 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  0.0.G4jZEW68K1.exe.480000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:04/24/24-16:36:58.007453
                    SID:2043234
                    Source Port:2630
                    Destination Port:49704
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:04/24/24-16:37:10.949864
                    SID:2043231
                    Source Port:49704
                    Destination Port:2630
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:04/24/24-16:37:03.308831
                    SID:2046056
                    Source Port:2630
                    Destination Port:49704
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:04/24/24-16:36:57.731918
                    SID:2046045
                    Source Port:49704
                    Destination Port:2630
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: G4jZEW68K1.exeMalware Configuration Extractor: RedLine {"C2 url": ["103.113.70.99:2630"], "Bot Id": "spoo", "Authorization Header": "a442868c38da8722ebccd4819def00b2"}
                    Multi AV Scanner detection for submitted file
                    Source: G4jZEW68K1.exeReversingLabs: Detection: 65%
                    Source: G4jZEW68K1.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: G4jZEW68K1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.5:49704 -> 103.113.70.99:2630
                    Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.5:49704 -> 103.113.70.99:2630
                    Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 103.113.70.99:2630 -> 192.168.2.5:49704
                    Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 103.113.70.99:2630 -> 192.168.2.5:49704
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 103.113.70.99:2630
                    Source: global trafficTCP traffic: 192.168.2.5:49704 -> 103.113.70.99:2630
                    Source: Joe Sandbox ViewIP Address: 103.113.70.99 103.113.70.99
                    Source: Joe Sandbox ViewASN Name: NETCONNECTWIFI-ASNetConnectWifiPvtLtdIN NETCONNECTWIFI-ASNetConnectWifiPvtLtdIN
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: unknownTCP traffic detected without corresponding DNS query: 103.113.70.99
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002AAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CAE000.00000004.00000800.00020000.00000000.sdmp, G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: G4jZEW68K1.exeString found in binary or memory: https://api.ip.sb/ip
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp1F99.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp1FAA.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_00F9DC740_2_00F9DC74
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D769480_2_04D76948
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D77C200_2_04D77C20
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D700400_2_04D70040
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D7003F0_2_04D7003F
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D77C100_2_04D77C10
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D75A430_2_04D75A43
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_060C67F30_2_060C67F3
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_060CA3E80_2_060CA3E8
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_060CA3D80_2_060CA3D8
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_060C6FE80_2_060C6FE8
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_060C6FF80_2_060C6FF8
                    Source: G4jZEW68K1.exe, 00000000.00000000.1987527707.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUpspearing.exe8 vs G4jZEW68K1.exe
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs G4jZEW68K1.exe
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs G4jZEW68K1.exe
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $jq,\\StringFileInfo\\000004B0\\OriginalFilename vs G4jZEW68K1.exe
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs G4jZEW68K1.exe
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $jq,\\StringFileInfo\\040904B0\\OriginalFilename vs G4jZEW68K1.exe
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs G4jZEW68K1.exe
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs G4jZEW68K1.exe
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $jq,\\StringFileInfo\\080904B0\\OriginalFilename vs G4jZEW68K1.exe
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs G4jZEW68K1.exe
                    Source: G4jZEW68K1.exe, 00000000.00000002.2157400949.00000000009F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs G4jZEW68K1.exe
                    Source: G4jZEW68K1.exeBinary or memory string: OriginalFilenameUpspearing.exe8 vs G4jZEW68K1.exe
                    Source: G4jZEW68K1.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/5@0/1
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeMutant created: NULL
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp1F99.tmpJump to behavior
                    Source: G4jZEW68K1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: G4jZEW68K1.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: G4jZEW68K1.exeReversingLabs: Detection: 65%
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: esdsip.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: scrrun.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32Jump to behavior
                    Source: Google Chrome.lnk.0.drLNK file: ..\..\..\Program Files\Google\Chrome\Application\chrome.exe
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: G4jZEW68K1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: G4jZEW68K1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: G4jZEW68K1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: G4jZEW68K1.exeStatic PE information: 0xF0DBE6BE [Sun Jan 19 04:14:54 2098 UTC]
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_00F9C0A0 push cs; iretd 0_2_00F9C0AE
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_00F9C1E1 push cs; iretd 0_2_00F9C1EE
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_00F9A858 push ecx; iretd 0_2_00F9A867
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_00F9B548 pushfd ; iretd 0_2_00F9B79E
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_00F9983A push eax; iretd 0_2_00F9983B
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D72479 pushfd ; iretd 0_2_04D72486
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D72560 pushfd ; iretd 0_2_04D7256E
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D72708 pushfd ; iretd 0_2_04D7270E
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D72023 pushfd ; iretd 0_2_04D72024
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D7211D pushfd ; iretd 0_2_04D7211F
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D742B0 pushfd ; iretd 0_2_04D742BE
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D72C08 pushfd ; iretd 0_2_04D72C16
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D70DB8 pushfd ; iretd 0_2_04D70DC6
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D70AF9 pushfd ; iretd 0_2_04D70AFF
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D70AB8 pushfd ; iretd 0_2_04D70AC7
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D7127A pushfd ; iretd 0_2_04D71286
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D71FD0 pushfd ; iretd 0_2_04D71FDE
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_04D71FDF pushfd ; iretd 0_2_04D71FFE
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_060CE060 push es; ret 0_2_060CE070
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeCode function: 0_2_060CECF2 push eax; ret 0_2_060CED01

                    Persistence and Installation Behavior

                    barindex
                    Installs new ROOT certificates
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 BlobJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeMemory allocated: F90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeMemory allocated: 27D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeMemory allocated: 2720000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWindow / User API: threadDelayed 1698Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWindow / User API: threadDelayed 3683Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exe TID: 6528Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exe TID: 6488Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                    Source: G4jZEW68K1.exe, 00000000.00000002.2163655123.0000000006327000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll'N
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.00000000039C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                    Source: G4jZEW68K1.exe, 00000000.00000002.2159810337.0000000003994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Users\user\Desktop\G4jZEW68K1.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: G4jZEW68K1.exe, 00000000.00000002.2164183649.00000000063CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: G4jZEW68K1.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.G4jZEW68K1.exe.480000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1987483406.0000000000482000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: G4jZEW68K1.exe PID: 3012, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002AAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $jq2C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002AAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLRjq
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002AAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLRjqT
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002AAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $jq%appdata%`,jqdC:\Users\user\AppData\Roaming`,jqdC:\Users\user\AppData\Roaming\Binance
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002AAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $jq&%localappdata%\Coinomi\Coinomi\walletsLRjq
                    Source: G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002AAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $jq6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Users\user\Desktop\G4jZEW68K1.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: Yara matchFile source: 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2158295604.0000000002AAD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: G4jZEW68K1.exe PID: 3012, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: G4jZEW68K1.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.G4jZEW68K1.exe.480000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1987483406.0000000000482000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: G4jZEW68K1.exe PID: 3012, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		231
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol3
                    Data from Local System                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                    Virtualization/Sandbox Evasion                    		Security Account Manager241
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Obfuscated Files or Information                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Install Root Certificate                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Timestomp                    		Cached Domain Credentials113
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    G4jZEW68K1.exe66%ReversingLabsByteCode-MSIL.Trojan.Jalapeno

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://tempuri.org/0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id23ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id90%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id80%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id14ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id6ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id50%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id40%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id60%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id70%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id6Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id1ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id5ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id19Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id13ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id9Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id200%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id220%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id210%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id240%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id230%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id21ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id110%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id100%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id10ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id16Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id130%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id120%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id140%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id160%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id150%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id170%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id180%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id190%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id15ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id11ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id8Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id17ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id8ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id1Response0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/ac/?q=G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://tempuri.org/Entity/Id14ResponseDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/Entity/Id23ResponseDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CAE000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://tempuri.org/Entity/Id12ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://tempuri.org/G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://tempuri.org/Entity/Id2ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id21ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id9G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id8G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://tempuri.org/Entity/Id6ResponseDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A96000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://tempuri.org/Entity/Id5G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id4G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id7G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id6G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id19ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id13ResponseDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/faultG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsatG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://tempuri.org/Entity/Id15ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://tempuri.org/Entity/Id5ResponseDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tempuri.org/Entity/Id6ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://api.ip.sb/ipG4jZEW68K1.exefalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2004/04/scG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id1ResponseDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Entity/Id9ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id20G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://tempuri.org/Entity/Id21G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://tempuri.org/Entity/Id22G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id23G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id24G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://tempuri.org/Entity/Id24ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.ecosia.org/newtab/G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id1ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Entity/Id21ResponseDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressingG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trustG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://tempuri.org/Entity/Id10G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://tempuri.org/Entity/Id11G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://tempuri.org/Entity/Id10ResponseDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://tempuri.org/Entity/Id12G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://tempuri.org/Entity/Id16ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id13G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id14G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id15G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id16G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/NonceG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Entity/Id17G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id18G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id5ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id19G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id15ResponseDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002AAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id10ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RenewG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id11ResponseDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002A37000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id8ResponseG4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0G4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2006/02/addressingidentityG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id17ResponseDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002CAE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://schemas.xmlsoap.org/soap/envelope/G4jZEW68K1.exe, 00000000.00000002.2158295604.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id8ResponseDG4jZEW68K1.exe, 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown

                                                                                                                            World Map of Contacted IPs

                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs

                                                                                                                            Public IPs

                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            103.113.70.99
                                                                                                                            		unknownIndia
                                                                                                                            		133973NETCONNECTWIFI-ASNetConnectWifiPvtLtdINtrue

                                                                                                                            General Information

                                                                                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                            Analysis ID:1431174
                                                                                                                            Start date and time:2024-04-24 16:36:09 +02:00
                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                            Overall analysis duration:0h 4m 47s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                            Number of analysed new started processes analysed:4
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:0
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Sample name:G4jZEW68K1.exe
                                                                                                                            renamed because original name is a hash value
                                                                                                                            Original Sample Name:caadab8341e6460bf472806fb5f4396d.exe
                                                                                                                            Detection:MAL
                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@1/5@0/1
                                                                                                                            EGA Information:
                                                                                                                            • Successful, ratio: 100%
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 100%
                                                                                                                            • Number of executed functions: 74
                                                                                                                            • Number of non-executed functions: 16
                                                                                                                            Cookbook Comments:
                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                            Warnings

                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                            • VT rate limit hit for: G4jZEW68K1.exe

                                                                                                                            Simulations

                                                                                                                            Behavior and APIs

                                                                                                                            TimeTypeDescription
                                                                                                                            16:37:06API Interceptor30x Sleep call for process: G4jZEW68K1.exe modified

                                                                                                                            Joe Sandbox View / Context

                                                                                                                            IPs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            103.113.70.99X8K556WeiK.exeGet hashmaliciousRedLineBrowse
                                                                                                                              X8K556WeiK.exeGet hashmaliciousRedLineBrowse
                                                                                                                                dmA2g7xZV7.exeGet hashmaliciousRedLineBrowse
                                                                                                                                  dmA2g7xZV7.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    K2xdxHSWJK.exeGet hashmaliciousRedLineBrowse
                                                                                                                                      XHr735qu8v.exeGet hashmaliciousRedLineBrowse
                                                                                                                                        gm5v3JlTMk.exeGet hashmaliciousRedLineBrowse
                                                                                                                                          o8uKhd6peZ.exeGet hashmaliciousRedLineBrowse
                                                                                                                                            vguZEL1YWf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              djiwhBMknd.exeGet hashmaliciousRedLineBrowse

                                                                                                                                                Domains

                                                                                                                                                No context

                                                                                                                                                ASNs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                NETCONNECTWIFI-ASNetConnectWifiPvtLtdINX8K556WeiK.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 103.113.70.99
                                                                                                                                                X8K556WeiK.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 103.113.70.99
                                                                                                                                                dmA2g7xZV7.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 103.113.70.99
                                                                                                                                                dmA2g7xZV7.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 103.113.70.99
                                                                                                                                                K2xdxHSWJK.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 103.113.70.99
                                                                                                                                                XHr735qu8v.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 103.113.70.99
                                                                                                                                                gm5v3JlTMk.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 103.113.70.99
                                                                                                                                                o8uKhd6peZ.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 103.113.70.99
                                                                                                                                                vguZEL1YWf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 103.113.70.99
                                                                                                                                                djiwhBMknd.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 103.113.70.99

                                                                                                                                                JA3 Fingerprints

                                                                                                                                                No context

                                                                                                                                                Dropped Files

                                                                                                                                                No context

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\Users\Public\Desktop\Google Chrome.lnk

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\G4jZEW68K1.exe
                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 13:16:54 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2104
                                                                                                                                                Entropy (8bit):3.4465908111784267
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:8SyIl2dfTXd3RYrnvPdAKRkdAGdAKRFdAKRE:8S7lOw
                                                                                                                                                MD5:9AA458A719923B311615413FC3A9EC3D
                                                                                                                                                SHA1:B3074B037C11DE205777540276730FCA1E7C95FC
                                                                                                                                                SHA-256:78B393B26229E17BDC53ED662B08584D6A1393C545BEF53B458E8860FBC6CB4C
                                                                                                                                                SHA-512:4D22B7AA262DE0EC742C8BFA99CD7AD54DACB400EF1DFB00B66631C9A2B4C6BB16248842260719F8CFE307CE0D3225DE30F440FA8E3749964E073B64D5ED3AD6
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:L..................F.@.. ......,.......l.......q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDW.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDWUl....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDWUl....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDWUl..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VDW.r..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\G4jZEW68K1.exe.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\G4jZEW68K1.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):3274
                                                                                                                                                Entropy (8bit):5.3318368586986695
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY
                                                                                                                                                MD5:0B2E58EF6402AD69025B36C36D16B67F
                                                                                                                                                SHA1:5ECC642327EF5E6A54B7918A4BD7B46A512BF926
                                                                                                                                                SHA-256:4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7
                                                                                                                                                SHA-512:1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Tmp1F99.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\G4jZEW68K1.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2662
                                                                                                                                                Entropy (8bit):7.8230547059446645
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                                                                                                MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                                                                                                SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                                                                                                SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                                                                                                SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Tmp1FAA.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\G4jZEW68K1.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2662
                                                                                                                                                Entropy (8bit):7.8230547059446645
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                                                                                                MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                                                                                                SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                                                                                                SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                                                                                                SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\G4jZEW68K1.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2251
                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3::
                                                                                                                                                MD5:0158FE9CEAD91D1B027B795984737614
                                                                                                                                                SHA1:B41A11F909A7BDF1115088790A5680AC4E23031B
                                                                                                                                                SHA-256:513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
                                                                                                                                                SHA-512:C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                Entropy (8bit):5.051732200697524
                                                                                                                                                TrID:
                                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                File name:G4jZEW68K1.exe
                                                                                                                                                File size:313'767 bytes
                                                                                                                                                MD5:caadab8341e6460bf472806fb5f4396d
                                                                                                                                                SHA1:ed3ad1338f98090aba0ef3e9a2f6ea979f1c6565
                                                                                                                                                SHA256:b7abfce92efecdb6b034b4474668dc7cc08aaf7a8b6490fd3eb0fb5506024577
                                                                                                                                                SHA512:bbe2fe8082d40109d807846f5d01d27eb3dd4bf7136d14d0c247262b340fff8a3fef3bf22aaa9a173ce78425566db059857a6983d6c4943faef28a6a5e0228ff
                                                                                                                                                SSDEEP:6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
                                                                                                                                                TLSH:DF645C1823EC8911E27F4B7994A1E274D375ED56A452E30F4ED06CAB3E32741FA11AB2
                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ... ....@.. ....................... ............@................................

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:4d8ea38d85a38e6d

                                                                                                                                                Static PE Info

                                                                                                                                                General

                                                                                                                                                Entrypoint:0x42b9ae
                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                Digitally signed:false
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                Subsystem:windows gui
                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                Time Stamp:0xF0DBE6BE [Sun Jan 19 04:14:54 2098 UTC]
                                                                                                                                                TLS Callbacks:
                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                OS Version Major:4
                                                                                                                                                OS Version Minor:0
                                                                                                                                                File Version Major:4
                                                                                                                                                File Version Minor:0
                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                Entrypoint Preview

                                                                                                                                                Instruction
                                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                                popad
                                                                                                                                                add byte ptr [ebp+00h], dh
                                                                                                                                                je 00007FFB7CC65C52h
                                                                                                                                                outsd
                                                                                                                                                add byte ptr [esi+00h], ah
                                                                                                                                                imul eax, dword ptr [eax], 006C006Ch
                                                                                                                                                xor eax, 59007400h
                                                                                                                                                add byte ptr [edi+00h], dl
                                                                                                                                                push edx
                                                                                                                                                add byte ptr [ecx+00h], dh
                                                                                                                                                popad
                                                                                                                                                add byte ptr [edi+00h], dl
                                                                                                                                                push esi
                                                                                                                                                add byte ptr [edi+00h], ch
                                                                                                                                                popad
                                                                                                                                                add byte ptr [ebp+00h], ch
                                                                                                                                                push 61006800h
                                                                                                                                                add byte ptr [ebp+00h], ch
                                                                                                                                                dec edx
                                                                                                                                                add byte ptr [eax], bh
                                                                                                                                                add byte ptr [edi+00h], dl
                                                                                                                                                push edi
                                                                                                                                                add byte ptr [ecx], bh
                                                                                                                                                add byte ptr [ecx+00h], bh
                                                                                                                                                bound eax, dword ptr [eax]
                                                                                                                                                xor al, byte ptr [eax]
                                                                                                                                                insb
                                                                                                                                                add byte ptr [eax+00h], bl
                                                                                                                                                pop ecx
                                                                                                                                                add byte ptr [edi+00h], dl
                                                                                                                                                js 00007FFB7CC65C52h
                                                                                                                                                jnc 00007FFB7CC65C52h
                                                                                                                                                pop edx
                                                                                                                                                add byte ptr [eax+00h], bl
                                                                                                                                                push ecx
                                                                                                                                                add byte ptr [ebx+00h], cl
                                                                                                                                                popad
                                                                                                                                                add byte ptr [edi+00h], dl
                                                                                                                                                dec edx
                                                                                                                                                add byte ptr [ebp+00h], dh
                                                                                                                                                pop edx
                                                                                                                                                add byte ptr [edi+00h], dl
                                                                                                                                                jo 00007FFB7CC65C52h
                                                                                                                                                imul eax, dword ptr [eax], 5Ah
                                                                                                                                                add byte ptr [ebp+00h], ch
                                                                                                                                                jo 00007FFB7CC65C52h
                                                                                                                                                je 00007FFB7CC65C52h
                                                                                                                                                bound eax, dword ptr [eax]
                                                                                                                                                push edi
                                                                                                                                                add byte ptr [eax+eax+77h], dh
                                                                                                                                                add byte ptr [ecx+00h], bl
                                                                                                                                                xor al, byte ptr [eax]
                                                                                                                                                xor eax, 63007300h
                                                                                                                                                add byte ptr [edi+00h], al
                                                                                                                                                push esi
                                                                                                                                                add byte ptr [ecx+00h], ch
                                                                                                                                                popad
                                                                                                                                                add byte ptr [edx], dh
                                                                                                                                                add byte ptr [eax+00h], bh
                                                                                                                                                je 00007FFB7CC65C52h
                                                                                                                                                bound eax, dword ptr [eax]
                                                                                                                                                insd
                                                                                                                                                add byte ptr [eax+eax+76h], dh
                                                                                                                                                add byte ptr [edx+00h], bl
                                                                                                                                                push edi
                                                                                                                                                add byte ptr [ecx], bh
                                                                                                                                                add byte ptr [eax+00h], dh
                                                                                                                                                popad
                                                                                                                                                add byte ptr [edi+00h], al
                                                                                                                                                cmp dword ptr [eax], eax
                                                                                                                                                insd
                                                                                                                                                add byte ptr [edx+00h], bl
                                                                                                                                                push edi
                                                                                                                                                add byte ptr [esi+00h], cl
                                                                                                                                                cmp byte ptr [eax], al
                                                                                                                                                push esi
                                                                                                                                                add byte ptr [eax+00h], cl
                                                                                                                                                dec edx
                                                                                                                                                add byte ptr [esi+00h], dh
                                                                                                                                                bound eax, dword ptr [eax]
                                                                                                                                                insd
                                                                                                                                                add byte ptr [eax+00h], bh
                                                                                                                                                jo 00007FFB7CC65C52h
                                                                                                                                                bound eax, dword ptr [eax]
                                                                                                                                                insd
                                                                                                                                                add byte ptr [ebx+00h], dh

                                                                                                                                                Data Directories

                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x2b95c0x4f.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x320000x1c9d4.rsrc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x500000xc.reloc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x2b9400x1c.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                Sections

                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                .text0x20000x2e9940x2ec0064c48738b5efa1379746874c338807d5False0.4696168950534759data6.205450376900145IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                .rsrc0x320000x1c9d40x1cc005b3e8f48de8a05507379330b3cf331a7False0.23725373641304348data2.6063301335912525IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .reloc0x500000xc0x400f921873e0b7f3fe3399366376917ef43False0.025390625data0.05390218305374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                Resources

                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                RT_ICON0x321a00x3d04PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9934058898847631
                                                                                                                                                RT_ICON0x35eb40x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.09013072282030049
                                                                                                                                                RT_ICON0x466ec0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.13905290505432216
                                                                                                                                                RT_ICON0x4a9240x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.17033195020746889
                                                                                                                                                RT_ICON0x4cedc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.2045028142589118
                                                                                                                                                RT_ICON0x4df940x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.24645390070921985
                                                                                                                                                RT_GROUP_ICON0x4e40c0x5adata0.7666666666666667
                                                                                                                                                RT_VERSION0x4e4780x35adata0.4417249417249417
                                                                                                                                                RT_MANIFEST0x4e7e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                Imports

                                                                                                                                                DLLImport
                                                                                                                                                mscoree.dll_CorExeMain

                                                                                                                                                Network Behavior

                                                                                                                                                Snort IDS Alerts

                                                                                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                04/24/24-16:36:58.007453TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response263049704103.113.70.99192.168.2.5
                                                                                                                                                04/24/24-16:37:10.949864TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497042630192.168.2.5103.113.70.99
                                                                                                                                                04/24/24-16:37:03.308831TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)263049704103.113.70.99192.168.2.5
                                                                                                                                                04/24/24-16:36:57.731918TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)497042630192.168.2.5103.113.70.99

                                                                                                                                                Network Port Distribution

                                                                                                                                                TCP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Apr 24, 2024 16:36:57.244498014 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:36:57.464332104 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:36:57.464574099 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:36:57.476285934 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:36:57.696710110 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:36:57.731918097 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:36:58.004333019 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:36:58.007452965 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:36:58.057890892 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:03.080893040 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:03.308830976 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:03.308897972 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:03.308937073 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:03.308970928 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:03.308975935 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:03.309016943 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:03.309024096 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:03.354779005 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:03.436655998 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:03.657205105 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:03.675158024 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:03.895831108 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:03.901760101 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:04.122137070 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:04.128825903 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:04.383877993 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:04.414897919 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:04.638087034 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:04.652527094 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:04.872987032 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:04.873011112 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:04.873344898 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:04.879415989 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:04.932888031 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.009066105 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.233036041 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.233057976 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.233068943 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.233081102 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.233093023 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.233148098 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.233292103 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.233367920 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.233378887 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.233390093 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.233433008 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.233515024 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.286251068 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.286333084 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.459069967 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.459094048 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.459187031 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.459230900 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.459295988 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.459675074 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.459687948 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.459698915 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.459709883 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.459721088 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.459902048 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.460117102 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.460128069 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.460139990 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.460150957 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.460175991 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.460231066 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.510803938 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.511099100 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.681569099 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681598902 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681608915 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681621075 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681632042 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681644917 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681654930 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681667089 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681677103 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681687117 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681948900 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681961060 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681981087 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.681988001 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.682010889 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682020903 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682032108 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682043076 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682053089 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682118893 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682523012 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682534933 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682544947 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682555914 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682564974 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682575941 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682600021 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682652950 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.682903051 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.723056078 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.723593950 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.723690987 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.737052917 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.737076998 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.737091064 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903171062 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903215885 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903222084 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903235912 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903242111 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903248072 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903254986 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903259993 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903265953 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903470993 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903481960 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903491974 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903502941 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903736115 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903747082 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.903939962 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.904335022 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.904455900 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.943701029 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.943721056 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.943731070 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.943986893 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.944015026 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.944025993 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.944061995 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.944075108 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.944134951 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.944235086 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.944451094 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.944663048 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.944714069 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.944725037 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.945074081 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.945085049 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.945095062 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.945106030 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.945116997 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.945266962 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.945312977 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.945323944 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.945384026 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.945430040 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.945626974 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.988703012 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:05.989100933 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:05.989209890 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:06.124315977 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.124381065 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.124418974 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.125046015 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.125255108 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.125288010 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.125320911 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.125358105 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.125503063 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.125586033 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.125665903 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.125696898 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.125729084 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.125802040 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.126080036 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.126116037 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.126235962 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.126270056 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.126302004 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.126333952 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.126367092 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.126454115 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.126487970 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.126581907 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.126903057 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:06.127028942 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:06.209014893 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209065914 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209098101 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209134102 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209166050 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209212065 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209249973 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209283113 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209314108 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209507942 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209541082 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209573984 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209759951 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.209992886 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.210026026 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.210057974 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.210145950 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.210232019 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.210264921 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.210295916 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.210367918 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.210702896 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.210772991 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.210803986 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.255765915 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.258430004 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:06.258605957 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:06.347177029 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347250938 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347284079 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347316027 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347348928 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347381115 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347415924 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347449064 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347480059 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347512007 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347543955 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347688913 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347723007 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347754002 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347784996 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.347989082 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.348021030 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.348052025 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.348083973 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.348143101 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.348174095 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.348206997 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.348361969 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.348396063 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.348428011 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.348665953 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.348699093 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.348875046 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.414633036 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.415222883 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:06.415354013 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:06.478652000 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.478735924 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.478975058 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.479191065 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.479363918 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.479434967 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.482891083 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.482927084 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.482958078 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.483238935 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.483294010 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:06.483455896 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:06.639209032 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639283895 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639333963 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639368057 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639400959 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639432907 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639463902 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639493942 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639524937 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639555931 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639590025 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639620066 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639651060 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639681101 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639729023 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639760017 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639791965 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639822006 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639853954 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639883041 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639914036 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639944077 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.639974117 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.640005112 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.692287922 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.692672014 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:06.703355074 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.703558922 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.703692913 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.703785896 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.703877926 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.704118013 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.704149008 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.704252958 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.704410076 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.704442978 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.704530954 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.704741955 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.704847097 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.705008984 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.705261946 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.705446959 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.705478907 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.705615997 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.705899000 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.705930948 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.706273079 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.706305027 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.706336975 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.706479073 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.706680059 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.754049063 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.912457943 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.912528038 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.912586927 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.912621975 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.912911892 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.912945032 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.913041115 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.913074017 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.913376093 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.913408995 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.913531065 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.913590908 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.913805962 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.913837910 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.915231943 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:06.964148045 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:07.014197111 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:07.236845016 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:07.239942074 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:07.485678911 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:07.526606083 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:08.259970903 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:08.482177973 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:08.486790895 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:08.708642960 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:08.711843967 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:08.932121038 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:08.976978064 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:09.210047960 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:09.260993004 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:09.334717989 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:09.597738028 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:09.614831924 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:09.667256117 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:09.680366993 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:09.900197983 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:09.900346994 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:09.900382996 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:09.900572062 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:09.900779009 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:09.900918007 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:09.901221991 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:09.903018951 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:09.904968977 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:10.125165939 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:10.128155947 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:10.350785017 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:10.352083921 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:10.572906971 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:10.596523046 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:10.863442898 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:10.948273897 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:10.949863911 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:11.223486900 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:11.244609118 CEST263049704103.113.70.99192.168.2.5
                                                                                                                                                Apr 24, 2024 16:37:11.292283058 CEST497042630192.168.2.5103.113.70.99
                                                                                                                                                Apr 24, 2024 16:37:12.455552101 CEST497042630192.168.2.5103.113.70.99

                                                                                                                                                Statistics

                                                                                                                                                CPU Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                Memory Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                System Behavior

                                                                                                                                                General

                                                                                                                                                Target ID:0
                                                                                                                                                Start time:16:36:54
                                                                                                                                                Start date:24/04/2024
                                                                                                                                                Path:C:\Users\user\Desktop\G4jZEW68K1.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\Desktop\G4jZEW68K1.exe"
                                                                                                                                                Imagebase:0x480000
                                                                                                                                                File size:313'767 bytes
                                                                                                                                                MD5 hash:CAADAB8341E6460BF472806FB5F4396D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.1987483406.0000000000482000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2158295604.0000000002877000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2158295604.0000000002AAD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                Disassembly

                                                                                                                                                Reset < >

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:7.9%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                  Total number of Nodes:94
                                                                                                                                                  Total number of Limit Nodes:10
                                                                                                                                                  execution_graph 40662 f9d0b8 40663 f9d0fe 40662->40663 40667 f9d298 40663->40667 40670 f9d297 40663->40670 40664 f9d1eb 40673 f9c9a0 40667->40673 40671 f9d2c6 40670->40671 40672 f9c9a0 DuplicateHandle 40670->40672 40671->40664 40672->40671 40674 f9d300 DuplicateHandle 40673->40674 40675 f9d2c6 40674->40675 40675->40664 40676 f9ad38 40680 f9ae30 40676->40680 40688 f9ae20 40676->40688 40677 f9ad47 40681 f9ae41 40680->40681 40682 f9ae64 40680->40682 40681->40682 40696 f9b0c8 40681->40696 40700 f9b0b8 40681->40700 40682->40677 40683 f9ae5c 40683->40682 40684 f9b068 GetModuleHandleW 40683->40684 40685 f9b095 40684->40685 40685->40677 40689 f9ae41 40688->40689 40691 f9ae64 40688->40691 40689->40691 40694 f9b0c8 LoadLibraryExW 40689->40694 40695 f9b0b8 LoadLibraryExW 40689->40695 40690 f9ae5c 40690->40691 40692 f9b068 GetModuleHandleW 40690->40692 40691->40677 40693 f9b095 40692->40693 40693->40677 40694->40690 40695->40690 40697 f9b0dc 40696->40697 40699 f9b101 40697->40699 40704 f9a870 40697->40704 40699->40683 40701 f9b0dc 40700->40701 40702 f9b101 40701->40702 40703 f9a870 LoadLibraryExW 40701->40703 40702->40683 40703->40702 40705 f9b2a8 LoadLibraryExW 40704->40705 40707 f9b321 40705->40707 40707->40699 40708 f94668 40709 f94684 40708->40709 40710 f94696 40709->40710 40712 f947a0 40709->40712 40713 f947c5 40712->40713 40717 f948a1 40713->40717 40721 f948b0 40713->40721 40719 f948b0 40717->40719 40718 f949b4 40718->40718 40719->40718 40725 f94248 40719->40725 40722 f948d7 40721->40722 40723 f94248 CreateActCtxA 40722->40723 40724 f949b4 40722->40724 40723->40724 40726 f95940 CreateActCtxA 40725->40726 40728 f95a03 40726->40728 40729 cad01c 40730 cad034 40729->40730 40731 cad08e 40730->40731 40734 4d72c17 40730->40734 40743 4d70ad4 40730->40743 40737 4d72c45 40734->40737 40735 4d72c79 40768 4d70bfc 40735->40768 40737->40735 40738 4d72c69 40737->40738 40752 4d72d90 40738->40752 40757 4d72e6c 40738->40757 40763 4d72da0 40738->40763 40739 4d72c77 40739->40739 40744 4d70adf 40743->40744 40745 4d72c79 40744->40745 40747 4d72c69 40744->40747 40746 4d70bfc CallWindowProcW 40745->40746 40748 4d72c77 40746->40748 40749 4d72d90 CallWindowProcW 40747->40749 40750 4d72da0 CallWindowProcW 40747->40750 40751 4d72e6c CallWindowProcW 40747->40751 40748->40748 40749->40748 40750->40748 40751->40748 40754 4d72db4 40752->40754 40753 4d72e40 40753->40739 40772 4d72e58 40754->40772 40775 4d72e48 40754->40775 40758 4d72e2a 40757->40758 40759 4d72e7a 40757->40759 40761 4d72e58 CallWindowProcW 40758->40761 40762 4d72e48 CallWindowProcW 40758->40762 40760 4d72e40 40760->40739 40761->40760 40762->40760 40764 4d72db4 40763->40764 40766 4d72e58 CallWindowProcW 40764->40766 40767 4d72e48 CallWindowProcW 40764->40767 40765 4d72e40 40765->40739 40766->40765 40767->40765 40769 4d70c07 40768->40769 40770 4d7435a CallWindowProcW 40769->40770 40771 4d74309 40769->40771 40770->40771 40771->40739 40773 4d72e69 40772->40773 40778 4d742a0 40772->40778 40773->40753 40776 4d72e69 40775->40776 40777 4d742a0 CallWindowProcW 40775->40777 40776->40753 40777->40776 40779 4d70bfc CallWindowProcW 40778->40779 40780 4d742aa 40779->40780 40780->40773

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 04D76948 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2162836889.0000000004D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d70000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7836f3f751c91d0aea49c5f1819a981f474fe5993b2e4a49845e9dcfd615941e
                                                                                                                                                  • Instruction ID: bc7186c49160565ffdea50184245845692cfe31f9e04aaa65ab199ec35e0bf37
                                                                                                                                                  • Opcode Fuzzy Hash: 7836f3f751c91d0aea49c5f1819a981f474fe5993b2e4a49845e9dcfd615941e
                                                                                                                                                  • Instruction Fuzzy Hash: 9A221474A01228DFDB65DF64C954BD9BBB2FF4A310F0090E9D509A72A1EB35AE84DF40
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C67F3 Relevance: .4, Instructions: 401COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 05001815135398abb4e8fd8dca9d2b8c4e06a21045723d9fde35be8accb2beb4
                                                                                                                                                  • Instruction ID: d892d5cc0d9897fc0af726f34511ff62ca131204ce8bee0d1e5ab53e713d6095
                                                                                                                                                  • Opcode Fuzzy Hash: 05001815135398abb4e8fd8dca9d2b8c4e06a21045723d9fde35be8accb2beb4
                                                                                                                                                  • Instruction Fuzzy Hash: 0DE1DF30A002099FDF55DF68D880BAEBBF6EF88310F148569E505AB361DB31ED45CB90
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CA3D8 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 337264cf20b2791c27c6479424632cd14d50cdd33ee1ca5dc79388fd6a628990
                                                                                                                                                  • Instruction ID: a5e27c593506a76ed54804dd61bbb4e3cad419b4cc8c80a5d542051f9aeea884
                                                                                                                                                  • Opcode Fuzzy Hash: 337264cf20b2791c27c6479424632cd14d50cdd33ee1ca5dc79388fd6a628990
                                                                                                                                                  • Instruction Fuzzy Hash: 44D1E674D00258CFCB18EFB4D858A9DBBB2FF8A301F5081A9D54AAB354DB355989CF11
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CA3E8 Relevance: .3, Instructions: 289COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 159894cde2905427df198dcbaa77ce31cbe8bcde0e41dc56a28f3c4f39f0e768
                                                                                                                                                  • Instruction ID: 95bf17db808652651aaff2c07d80968c3738dc02ea0816576a955cae7b32d49a
                                                                                                                                                  • Opcode Fuzzy Hash: 159894cde2905427df198dcbaa77ce31cbe8bcde0e41dc56a28f3c4f39f0e768
                                                                                                                                                  • Instruction Fuzzy Hash: 3FD1E570E00258CFCB18EFB4D858A9DBBB2FF8A301F1081A9D54AAB354DB355989DF11
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 04D77C20 Relevance: .3, Instructions: 279COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2162836889.0000000004D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d70000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: cd1a6a901953b40f4901b9fd4af1f61c8909aae085f63881fd9d46dd9f7bfdb1
                                                                                                                                                  • Instruction ID: e8030d344f6e32b4422930b3dd6caf4c031fc682bc55bfdbec16dbd08a2f0ffa
                                                                                                                                                  • Opcode Fuzzy Hash: cd1a6a901953b40f4901b9fd4af1f61c8909aae085f63881fd9d46dd9f7bfdb1
                                                                                                                                                  • Instruction Fuzzy Hash: 1DC1A474E002188FDB14DFA5D984A9EBBB6BF89300F10C5A9D809A7365EB34A985CF51
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 04D75A43 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2162836889.0000000004D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d70000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3fb3dcb82bf2382a14de7b33e7a8107d9fdcd2c0b0078bf7edc4450cf36c54d8
                                                                                                                                                  • Instruction ID: 30768d9bf3bca399b0446012d04962c34896c2007319179e3cc920262d5d3ef8
                                                                                                                                                  • Opcode Fuzzy Hash: 3fb3dcb82bf2382a14de7b33e7a8107d9fdcd2c0b0078bf7edc4450cf36c54d8
                                                                                                                                                  • Instruction Fuzzy Hash: 36614A30A0030ADFDF05EFA0C994ADEBBF6FF89304B644169D405AB664EB30AD46CB51
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 04D77C10 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2162836889.0000000004D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d70000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: fe342fe8b6c1f679f306b0dd7056f5758c3e01b299c5ccb92acd420ad9e761e9
                                                                                                                                                  • Instruction ID: fbb8e201b5ba574bbb6a6ce0dd7005cce3b9a1fc9e1c59b5f12128dc0db46566
                                                                                                                                                  • Opcode Fuzzy Hash: fe342fe8b6c1f679f306b0dd7056f5758c3e01b299c5ccb92acd420ad9e761e9
                                                                                                                                                  • Instruction Fuzzy Hash: 13510B74E002188FDB18DF66D94179EBBB7BFC8300F14C0699819AB369EB3459469F50
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00F9AE30 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 358 f9ae30-f9ae3f 359 f9ae6b-f9ae6f 358->359 360 f9ae41-f9ae4e call f99838 358->360 362 f9ae71-f9ae7b 359->362 363 f9ae83-f9aec4 359->363 366 f9ae50 360->366 367 f9ae64 360->367 362->363 369 f9aed1-f9aedf 363->369 370 f9aec6-f9aece 363->370 415 f9ae56 call f9b0c8 366->415 416 f9ae56 call f9b0b8 366->416 367->359 371 f9aee1-f9aee6 369->371 372 f9af03-f9af05 369->372 370->369 374 f9aee8-f9aeef call f9a814 371->374 375 f9aef1 371->375 377 f9af08-f9af0f 372->377 373 f9ae5c-f9ae5e 373->367 376 f9afa0-f9afb7 373->376 379 f9aef3-f9af01 374->379 375->379 391 f9afb9-f9b018 376->391 380 f9af1c-f9af23 377->380 381 f9af11-f9af19 377->381 379->377 382 f9af30-f9af39 call f9a824 380->382 383 f9af25-f9af2d 380->383 381->380 389 f9af3b-f9af43 382->389 390 f9af46-f9af4b 382->390 383->382 389->390 392 f9af69-f9af76 390->392 393 f9af4d-f9af54 390->393 409 f9b01a-f9b060 391->409 400 f9af99-f9af9f 392->400 401 f9af78-f9af96 392->401 393->392 394 f9af56-f9af66 call f9a834 call f9a844 393->394 394->392 401->400 410 f9b068-f9b093 GetModuleHandleW 409->410 411 f9b062-f9b065 409->411 412 f9b09c-f9b0b0 410->412 413 f9b095-f9b09b 410->413 411->410 413->412 415->373 416->373
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00F9B086
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2158117286.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_f90000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                  • Opcode ID: 8319a99d220d7381c86d1c0e66cd3431aa78097f02bf72094fc3f27be54004ec
                                                                                                                                                  • Instruction ID: 225a9424d21c8d59b66c902815856c1e36d777fed1ea430d3c9c2090048aa663
                                                                                                                                                  • Opcode Fuzzy Hash: 8319a99d220d7381c86d1c0e66cd3431aa78097f02bf72094fc3f27be54004ec
                                                                                                                                                  • Instruction Fuzzy Hash: 1A7168B0A00B058FEB24DF2AD54575ABBF1FF88314F00892DE44AD7A50D739E94ACB91
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C3F50 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 417 60c3f50-60c3f84 420 60c3f86-60c3f8f 417->420 421 60c3f92-60c3fa5 417->421 420->421 422 60c3fab-60c3fae 421->422 423 60c4215-60c4219 421->423 427 60c3fbd-60c3fc9 422->427 428 60c3fb0-60c3fb5 422->428 425 60c422e-60c4238 423->425 426 60c421b-60c422b 423->426 426->425 429 60c3fcf-60c3fe1 427->429 430 60c4253-60c4299 427->430 428->427 435 60c414d-60c415b 429->435 436 60c3fe7-60c403a 429->436 437 60c42a8-60c42d0 430->437 438 60c429b-60c42a5 430->438 443 60c41e0-60c41e2 435->443 444 60c4161-60c416f 435->444 467 60c403c-60c4048 call 60c3c88 436->467 468 60c404a 436->468 460 60c4425-60c4443 437->460 461 60c42d6-60c42ef 437->461 438->437 448 60c41e4-60c41ea 443->448 449 60c41f0-60c41fc 443->449 446 60c417e-60c418a 444->446 447 60c4171-60c4176 444->447 446->430 453 60c4190-60c41bf 446->453 447->446 451 60c41ec 448->451 452 60c41ee 448->452 457 60c41fe-60c420f 449->457 451->449 452->449 470 60c41d0-60c41de 453->470 471 60c41c1-60c41ce 453->471 457->422 457->423 478 60c44ae-60c44b8 460->478 479 60c4445-60c4467 460->479 476 60c42f5-60c430b 461->476 477 60c4406-60c441f 461->477 473 60c404c-60c405c 467->473 468->473 470->423 471->470 485 60c405e-60c4075 473->485 486 60c4077-60c4079 473->486 476->477 496 60c4311-60c435f 476->496 477->460 477->461 498 60c44b9-60c450a 479->498 499 60c4469-60c4485 479->499 485->486 488 60c407b-60c4089 486->488 489 60c40c2-60c40c4 486->489 488->489 503 60c408b-60c409d 488->503 492 60c40c6-60c40d0 489->492 493 60c40d2-60c40e2 489->493 492->493 507 60c411b-60c4127 492->507 508 60c410d-60c4113 call 60c48a8 493->508 509 60c40e4-60c40f2 493->509 545 60c4389-60c43ad 496->545 546 60c4361-60c4387 496->546 533 60c450c-60c4528 498->533 534 60c452a-60c4568 498->534 510 60c44a9-60c44ac 499->510 513 60c409f-60c40a1 503->513 514 60c40a3-60c40a7 503->514 507->457 521 60c412d-60c4148 507->521 519 60c4119 508->519 524 60c40f4-60c4103 509->524 525 60c4105-60c4108 509->525 510->478 516 60c4493-60c4496 510->516 520 60c40ad-60c40bc 513->520 514->520 516->498 523 60c4498-60c44a8 516->523 519->507 520->489 532 60c4239-60c424c 520->532 521->423 523->510 524->507 525->423 532->430 533->534 555 60c43df-60c43f8 545->555 556 60c43af-60c43c6 545->556 546->545 559 60c43fa 555->559 560 60c4403-60c4404 555->560 563 60c43c8-60c43cb 556->563 564 60c43d2-60c43dd 556->564 559->560 560->477 563->564 564->555 564->556
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $jq
                                                                                                                                                  • API String ID: 0-2886413773
                                                                                                                                                  • Opcode ID: 1abd92c64c41988275f5f11917c1ea2c61263c4d284e6c9414c65ab48f834445
                                                                                                                                                  • Instruction ID: 3d92baa37de1bb258b4f572f498509292b1a43961ca575f3361227ee6e25dce0
                                                                                                                                                  • Opcode Fuzzy Hash: 1abd92c64c41988275f5f11917c1ea2c61263c4d284e6c9414c65ab48f834445
                                                                                                                                                  • Instruction Fuzzy Hash: B2E12B34F402158FDB54DF69C9A4AAEBBF6BF88710B248169D906EB365DB31DC01CB90
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00F95935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 567 f95935-f9593b 568 f95944-f95a01 CreateActCtxA 567->568 570 f95a0a-f95a64 568->570 571 f95a03-f95a09 568->571 578 f95a73-f95a77 570->578 579 f95a66-f95a69 570->579 571->570 580 f95a79-f95a85 578->580 581 f95a88 578->581 579->578 580->581 583 f95a89 581->583 583->583
                                                                                                                                                  APIs
                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 00F959F1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2158117286.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_f90000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Create
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                  • Opcode ID: c94ccbb7f10a154b309dcf7d3d07e4c7945124c5f2b7a4d5d31f7c84a6bdea67
                                                                                                                                                  • Instruction ID: 0a26b84754325456b22a625fb1e06937695884e40008e57aee162d372e02d602
                                                                                                                                                  • Opcode Fuzzy Hash: c94ccbb7f10a154b309dcf7d3d07e4c7945124c5f2b7a4d5d31f7c84a6bdea67
                                                                                                                                                  • Instruction Fuzzy Hash: EB4112B0C00619CFDB25CFA9C88478DBBB6FF49304F20816AC418AB254DB79694ACF90
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 04D70BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 584 4d70bfc-4d742fc 587 4d74302-4d74307 584->587 588 4d743ac-4d743cc call 4d70ad4 584->588 589 4d7435a-4d74392 CallWindowProcW 587->589 590 4d74309-4d74340 587->590 595 4d743cf-4d743dc 588->595 593 4d74394-4d7439a 589->593 594 4d7439b-4d743aa 589->594 598 4d74342-4d74348 590->598 599 4d74349-4d74358 590->599 593->594 594->595 598->599 599->595
                                                                                                                                                  APIs
                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 04D74381
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2162836889.0000000004D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d70000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CallProcWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2714655100-0
                                                                                                                                                  • Opcode ID: b63f53a86aed4d340ad551c1586873155d0642eb83ea403a175c3f6ae0e60a16
                                                                                                                                                  • Instruction ID: ca00d8f0d62f42f718bc25c4fa7ccba62a4b4b86db3099806b3a675df9effd8a
                                                                                                                                                  • Opcode Fuzzy Hash: b63f53a86aed4d340ad551c1586873155d0642eb83ea403a175c3f6ae0e60a16
                                                                                                                                                  • Instruction Fuzzy Hash: BB4126B4A00205DFDB15CF99C848AAABBF5FF88314F248559D519AB321E334E841CBA0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00F94248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 601 f94248-f95a01 CreateActCtxA 604 f95a0a-f95a64 601->604 605 f95a03-f95a09 601->605 612 f95a73-f95a77 604->612 613 f95a66-f95a69 604->613 605->604 614 f95a79-f95a85 612->614 615 f95a88 612->615 613->612 614->615 617 f95a89 615->617 617->617
                                                                                                                                                  APIs
                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 00F959F1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2158117286.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_f90000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Create
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                  • Opcode ID: b749b06d294af7ccb42af9e2575c803552d824314382dbbf8a93ccc3c27a8aff
                                                                                                                                                  • Instruction ID: bcab78c693456fb767dcd8634886545550ccbca5bf5855d55c731fec6bfbb90a
                                                                                                                                                  • Opcode Fuzzy Hash: b749b06d294af7ccb42af9e2575c803552d824314382dbbf8a93ccc3c27a8aff
                                                                                                                                                  • Instruction Fuzzy Hash: 0241F2B0D00619CBEB25CFA9C884B9DBBB5FF49704F20816AD408AB255DB796946CF90
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00F9C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 618 f9c9a0-f9d394 DuplicateHandle 620 f9d39d-f9d3ba 618->620 621 f9d396-f9d39c 618->621 621->620
                                                                                                                                                  APIs
                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F9D2C6,?,?,?,?,?), ref: 00F9D387
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2158117286.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_f90000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                  • Opcode ID: d41292fc20d35a97314a82fbd07df38867defb3dfe85d38b00f3d09edcf13fd6
                                                                                                                                                  • Instruction ID: 627b54473c4b312099693f7b7cdb8f495ad553b30291269f5a17c264d0bfc59f
                                                                                                                                                  • Opcode Fuzzy Hash: d41292fc20d35a97314a82fbd07df38867defb3dfe85d38b00f3d09edcf13fd6
                                                                                                                                                  • Instruction Fuzzy Hash: D021E9B5900248DFDB10CF9AD984ADEFBF5FB48310F14841AE914A7310D379A954DFA5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00F9D2F9 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 624 f9d2f9-f9d394 DuplicateHandle 625 f9d39d-f9d3ba 624->625 626 f9d396-f9d39c 624->626 626->625
                                                                                                                                                  APIs
                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F9D2C6,?,?,?,?,?), ref: 00F9D387
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2158117286.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_f90000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                  • Opcode ID: cc449c37f2ff47342727abab5fd736f33a353fa2394dcfcc98d4f42ce510a3ae
                                                                                                                                                  • Instruction ID: a35f6fa8982d85505414125f64d881ac94901fe9caf3a82ec88f0a89ddb53f80
                                                                                                                                                  • Opcode Fuzzy Hash: cc449c37f2ff47342727abab5fd736f33a353fa2394dcfcc98d4f42ce510a3ae
                                                                                                                                                  • Instruction Fuzzy Hash: DC21E2B5900209DFDB10CFAAE584ADEBBF5FB48314F24841AE918A3250D378A950CFA5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00F9B2A0 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 629 f9b2a0-f9b2e8 630 f9b2ea-f9b2ed 629->630 631 f9b2f0-f9b31f LoadLibraryExW 629->631 630->631 632 f9b328-f9b345 631->632 633 f9b321-f9b327 631->633 633->632
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F9B101,00000800,00000000,00000000), ref: 00F9B312
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2158117286.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_f90000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                  • Opcode ID: 44d518532e8b2f13cfcfe0cd261e5fdbb09a5b6c367a86a66398fc1699d4add0
                                                                                                                                                  • Instruction ID: f82273c2a246ac00e094dc1e25fa0c63a393ed1863ccc74e24cb74b0faaccd36
                                                                                                                                                  • Opcode Fuzzy Hash: 44d518532e8b2f13cfcfe0cd261e5fdbb09a5b6c367a86a66398fc1699d4add0
                                                                                                                                                  • Instruction Fuzzy Hash: FD11F6B6D002498FDB10CFAAD945ADEFBF5EB48720F10842ED519A7610C379A545CFA1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00F9A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 636 f9a870-f9b2e8 638 f9b2ea-f9b2ed 636->638 639 f9b2f0-f9b31f LoadLibraryExW 636->639 638->639 640 f9b328-f9b345 639->640 641 f9b321-f9b327 639->641 641->640
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F9B101,00000800,00000000,00000000), ref: 00F9B312
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2158117286.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_f90000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                  • Opcode ID: 4827e985291239cb0cecc500249b716bf4380a887a1f8fce286f8b126783ea60
                                                                                                                                                  • Instruction ID: 713db25d6e576ccbce0038e191f05c6641510c67591108310baf2597d20bd018
                                                                                                                                                  • Opcode Fuzzy Hash: 4827e985291239cb0cecc500249b716bf4380a887a1f8fce286f8b126783ea60
                                                                                                                                                  • Instruction Fuzzy Hash: D811E4B6D003499FDB10DF9AD544A9EFBF9EB48310F10842ED519A7200D379A945CFA5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C59C8 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 644 60c59c8-60c59c9 645 60c59aa-60c59b1 644->645 646 60c59cb-60c59f3 644->646 647 60c59b8-60c59c7 645->647 648 60c59b3 call 60c5098 645->648 649 60c59ff-60c5a0e 646->649 650 60c59f5-60c59f7 646->650 648->647 651 60c5a1a-60c5a2a 649->651 652 60c5a10 649->652 650->649 654 60c5a2d-60c5a4f 651->654 652->651 655 60c5c88-60c5ccf 654->655 656 60c5a55-60c5a5b 654->656 684 60c5ce5-60c5cf1 655->684 685 60c5cd1 655->685 657 60c5b34-60c5b38 656->657 658 60c5a61-60c5a67 656->658 661 60c5b3a-60c5b43 657->661 662 60c5b5b-60c5b64 657->662 658->655 660 60c5a6d-60c5a7a 658->660 664 60c5a80-60c5a89 660->664 665 60c5b13-60c5b1c 660->665 661->655 666 60c5b49-60c5b59 661->666 667 60c5b89-60c5b8c 662->667 668 60c5b66-60c5b86 662->668 664->655 671 60c5a8f-60c5ab0 664->671 665->655 670 60c5b22-60c5b2e 665->670 669 60c5b8f-60c5b95 666->669 667->669 668->667 669->655 673 60c5b9b-60c5bae 669->673 670->657 670->658 675 60c5abc-60c5ad7 671->675 676 60c5ab2 671->676 673->655 677 60c5bb4-60c5bc4 673->677 675->665 682 60c5ad9-60c5adf 675->682 676->675 677->655 680 60c5bca-60c5bd7 677->680 680->655 683 60c5bdd-60c5c02 680->683 686 60c5aeb-60c5af1 682->686 687 60c5ae1 682->687 683->655 700 60c5c08-60c5c20 683->700 688 60c5cfd-60c5d19 684->688 689 60c5cf3 684->689 690 60c5cd4-60c5cd6 685->690 686->655 693 60c5af7-60c5b10 686->693 687->686 689->688 691 60c5cd8-60c5ce3 690->691 692 60c5d1a-60c5d36 690->692 691->684 691->690 700->655 703 60c5c22-60c5c2d 700->703 704 60c5c7e-60c5c85 703->704 705 60c5c2f-60c5c39 703->705 705->704 707 60c5c3b-60c5c51 705->707 709 60c5c5d-60c5c76 707->709 710 60c5c53 707->710 709->704 710->709
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: d
                                                                                                                                                  • API String ID: 0-2564639436
                                                                                                                                                  • Opcode ID: ca6f0cdc67a7497f06188e822286ac7e3da6a11d53f1c589bdc17c44bd7c69c7
                                                                                                                                                  • Instruction ID: 69879b3cf736af21461922e1d1ae9ad2aa526941a39b76251e478571c9327f17
                                                                                                                                                  • Opcode Fuzzy Hash: ca6f0cdc67a7497f06188e822286ac7e3da6a11d53f1c589bdc17c44bd7c69c7
                                                                                                                                                  • Instruction Fuzzy Hash: ACC15A39600602CFC765CF19C9C096ABBF2FF88320B15CA69D45A9B665D730FC56CB90
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00F9B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 713 f9b020-f9b060 714 f9b068-f9b093 GetModuleHandleW 713->714 715 f9b062-f9b065 713->715 716 f9b09c-f9b0b0 714->716 717 f9b095-f9b09b 714->717 715->714 717->716
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00F9B086
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2158117286.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_f90000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                  • Opcode ID: 264a671df6e90cb21550bb705b2e04834c7341dbf6f3dff4a559222301142e67
                                                                                                                                                  • Instruction ID: 470597ca052d20bbd2fd3b650c6bd103da84f47cf642432d1c81f5bacb396cdb
                                                                                                                                                  • Opcode Fuzzy Hash: 264a671df6e90cb21550bb705b2e04834c7341dbf6f3dff4a559222301142e67
                                                                                                                                                  • Instruction Fuzzy Hash: 0911DFB5C00349CFDB20DF9AD544A9EFBF8EB89324F10841AD569A7210D379A545CFA1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C3721 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: (nq
                                                                                                                                                  • API String ID: 0-2756854522
                                                                                                                                                  • Opcode ID: 9283ea2fbe99e019135eb0c8fab815e8ed012e51dfc8d5aca1891b044184f7ea
                                                                                                                                                  • Instruction ID: 174231fac9444e5bfd3b4dccc74515dae267e41c172c4bc663bb5775336ef136
                                                                                                                                                  • Opcode Fuzzy Hash: 9283ea2fbe99e019135eb0c8fab815e8ed012e51dfc8d5aca1891b044184f7ea
                                                                                                                                                  • Instruction Fuzzy Hash: 8A416635A106458FDB58DF19C484A6EFBF2FF89324B16C95DD85AAB361CB34E801CB90
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C3DE0 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'jq
                                                                                                                                                  • API String ID: 0-3676250632
                                                                                                                                                  • Opcode ID: 209d01ae27fedf067e609909e002fac3aeb611faf482fe5056020e23a6d0ed25
                                                                                                                                                  • Instruction ID: 50042d7c69cfc95e41430ff12cc0826107c1afee316dae3442e33f1be1f4dcdf
                                                                                                                                                  • Opcode Fuzzy Hash: 209d01ae27fedf067e609909e002fac3aeb611faf482fe5056020e23a6d0ed25
                                                                                                                                                  • Instruction Fuzzy Hash: D63104317442508FC719AB78A4605AE7BF6DFCA31031548AED84A8F356EE34EC07C7A1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C84D8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'jq
                                                                                                                                                  • API String ID: 0-3676250632
                                                                                                                                                  • Opcode ID: 19fdfe07d5495ec290927d48cad2b4fd3ebb33150ba9e27042c92431f8df9390
                                                                                                                                                  • Instruction ID: 867ba05888e4cd8403ac9f7f1fc97d09de4f4595bb46142a69e140e994bc11f6
                                                                                                                                                  • Opcode Fuzzy Hash: 19fdfe07d5495ec290927d48cad2b4fd3ebb33150ba9e27042c92431f8df9390
                                                                                                                                                  • Instruction Fuzzy Hash: E8318030B402088BDB08BB78A5A45AFB7E7AFC8210B50453DD516DB394EF39DE0687E5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C84C8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'jq
                                                                                                                                                  • API String ID: 0-3676250632
                                                                                                                                                  • Opcode ID: bfecb76270fe40637d2bad25cf6d0f2cfbaadd0953e7f6580e8297760b946892
                                                                                                                                                  • Instruction ID: d134bdc0ad00c759942d82919a8118adcd59bab5dafc5693700773bd32bb6ff5
                                                                                                                                                  • Opcode Fuzzy Hash: bfecb76270fe40637d2bad25cf6d0f2cfbaadd0953e7f6580e8297760b946892
                                                                                                                                                  • Instruction Fuzzy Hash: 5C21A0307402058FDB48BB78A5A026E7AE3AFC8200B50443DC527DB399EF38DE068795
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CB358 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'jq
                                                                                                                                                  • API String ID: 0-3676250632
                                                                                                                                                  • Opcode ID: c0ad02bcb1b0171059d2af5fae229b8b0f9d1497e525744d903569fee96ed22d
                                                                                                                                                  • Instruction ID: 5504e4e0a1840bac31ae6e374a899f3d6209af8fb387c332afae44d52df24a67
                                                                                                                                                  • Opcode Fuzzy Hash: c0ad02bcb1b0171059d2af5fae229b8b0f9d1497e525744d903569fee96ed22d
                                                                                                                                                  • Instruction Fuzzy Hash: 2101D434902249AFCF09EFB8E8458DD7FB6FF45200B1441AAE406DB655DB301F88DB61
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C3EC8 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'jq
                                                                                                                                                  • API String ID: 0-3676250632
                                                                                                                                                  • Opcode ID: e7675b134526e3e596f8b33b00bff7f05889a534052de9f92560cb146e7deccb
                                                                                                                                                  • Instruction ID: 552779720462662e95d898e5497cb8efb19ec6ab353b15010f03f5b6f52f3392
                                                                                                                                                  • Opcode Fuzzy Hash: e7675b134526e3e596f8b33b00bff7f05889a534052de9f92560cb146e7deccb
                                                                                                                                                  • Instruction Fuzzy Hash: 0BF090313802018FC608EB69E95096E77DBEFC9250310892DD04A9B368EF74ED0A83A1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CB368 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'jq
                                                                                                                                                  • API String ID: 0-3676250632
                                                                                                                                                  • Opcode ID: 319634248cc7d9cf89e73058fc2e68846b0f23488dca0d3ec8614ecf99b10859
                                                                                                                                                  • Instruction ID: 9b4a981364467a07147d4ab786958601a5a4d39d61abe7c8e26964a2fd24c09c
                                                                                                                                                  • Opcode Fuzzy Hash: 319634248cc7d9cf89e73058fc2e68846b0f23488dca0d3ec8614ecf99b10859
                                                                                                                                                  • Instruction Fuzzy Hash: 7CF08C30E02209EFCF08EFB8E54985CBBB6FF84200B1041A9D8069B354DB705E48EB40
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C48A8 Relevance: .5, Instructions: 503COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 62eba35a0c6c1b5921c5c966202ae1c662fc788832e6a3136df9eac83940e4ba
                                                                                                                                                  • Instruction ID: 7b2ff35ab17eba5a8b78f276164f9a0b80c958054e6b070df006cd74b751f5b1
                                                                                                                                                  • Opcode Fuzzy Hash: 62eba35a0c6c1b5921c5c966202ae1c662fc788832e6a3136df9eac83940e4ba
                                                                                                                                                  • Instruction Fuzzy Hash: E8122334B406018FDB94DF29C5A8A6EBBF6FF89210B1584A9E506CB366DB34EC45CB50
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C7D58 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 053dbfc118ba949dbfdfdb9117d1e31df8cf0c7965665a786e31b7133e3fcb82
                                                                                                                                                  • Instruction ID: 4c784adc8fe42986b2f56b7e37998189ea2f7ecae19e3904fefc27e609337aa2
                                                                                                                                                  • Opcode Fuzzy Hash: 053dbfc118ba949dbfdfdb9117d1e31df8cf0c7965665a786e31b7133e3fcb82
                                                                                                                                                  • Instruction Fuzzy Hash: B85126B1E40218CFDB55CFA9C881BDEBFF5AF48310F14842AE415AB244EB749842CF80
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C7D4C Relevance: .1, Instructions: 126COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: db0c27a14497603bb1897911d7087b1fd948d328b3033a326f45e987941ff780
                                                                                                                                                  • Instruction ID: 689ed8c4abbc6ee0ef9b7debcfd44a1a71b7831dcdcd2463a187d122bbd588be
                                                                                                                                                  • Opcode Fuzzy Hash: db0c27a14497603bb1897911d7087b1fd948d328b3033a326f45e987941ff780
                                                                                                                                                  • Instruction Fuzzy Hash: F85123B1E40219CFDB95CFA9C9817DDBFF6AF48310F14842AE415AB294EB749942CF80
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C5579 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 169fc4288c59699b05ab2cd0551a99d38d3f19db28dd1a26a451581eff5a2ef4
                                                                                                                                                  • Instruction ID: 6249739c7ca2ed94a84c7736f108fa17bdd8cf5d4f50ebc8be805adb9ed0a2a2
                                                                                                                                                  • Opcode Fuzzy Hash: 169fc4288c59699b05ab2cd0551a99d38d3f19db28dd1a26a451581eff5a2ef4
                                                                                                                                                  • Instruction Fuzzy Hash: E4317E35B012109FCB56EF35D85496E7BB2FF89350B008469E906CB365DB35ED15CB90
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C5588 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: fa9e11f9deadda3c98c8481e8e6a98d308d29ae793cbb6959ea98922d4574988
                                                                                                                                                  • Instruction ID: ffdcfd008e542a9a29dde130e0948d0019c43bc952e0291ef0710b6c44f2f279
                                                                                                                                                  • Opcode Fuzzy Hash: fa9e11f9deadda3c98c8481e8e6a98d308d29ae793cbb6959ea98922d4574988
                                                                                                                                                  • Instruction Fuzzy Hash: E8318B35B012109FCB46EF39D89496EBBB6FF89350B008469E906CB365DB35ED05CBA0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C87A0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7b919686146ca3800c77c43e9b8e15259dca477aeb965ea7adeefe87d9aee403
                                                                                                                                                  • Instruction ID: 621a992f5113a815f3484d4e0b46e5134f10607234a473aefe3855fc8fbc8fd6
                                                                                                                                                  • Opcode Fuzzy Hash: 7b919686146ca3800c77c43e9b8e15259dca477aeb965ea7adeefe87d9aee403
                                                                                                                                                  • Instruction Fuzzy Hash: B041F0B1D01208DFDB54DFAAD940ADEFFF6AF88310F10802AE419A7250DB75A949CF94
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C8795 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 28b15d097fdeb8c92ec01eb6bc5bafbd4e876b0a14d51731ab9875ca84f81c83
                                                                                                                                                  • Instruction ID: 70e470155aa43b753031389fa31ae510e9056f6701e291436b03abce6aea9914
                                                                                                                                                  • Opcode Fuzzy Hash: 28b15d097fdeb8c92ec01eb6bc5bafbd4e876b0a14d51731ab9875ca84f81c83
                                                                                                                                                  • Instruction Fuzzy Hash: 043111B1D002489BDB58CFAAC940BDEFFF6AF48300F14802AD405BB250EB799949CF94
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C8A98 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f462bc9eab49efacc54f9c9849c2f33dbfa923dc1dda353f9b0f0a2412a47018
                                                                                                                                                  • Instruction ID: 1c2a7f3f7d38516bb5f06552e7d787528c91df6a623f352944c03c4427f36bd0
                                                                                                                                                  • Opcode Fuzzy Hash: f462bc9eab49efacc54f9c9849c2f33dbfa923dc1dda353f9b0f0a2412a47018
                                                                                                                                                  • Instruction Fuzzy Hash: 353111B1D01218DFDB54CFA9D894ADEBFF9EF48320F24842AE409A7240DB34A845CB94
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C9D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2157832673.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_c9d000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: aa2c1519161e5ccf1cab0fb5a10e98791aee9448e0a71953531e687db02ec21c
                                                                                                                                                  • Instruction ID: 554d353273d52c2a2152fbad78f76f3cdf0ef13667b66cf256b3e9531f159576
                                                                                                                                                  • Opcode Fuzzy Hash: aa2c1519161e5ccf1cab0fb5a10e98791aee9448e0a71953531e687db02ec21c
                                                                                                                                                  • Instruction Fuzzy Hash: 1A212571500204DFDF05DF14D9C8F26BF65FB98324F20C569E90A2B25AC33AE856DBA2
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00CAD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2157872223.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_cad000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: dd9c7a77876f7c6a912d1971a51db7e5164d5c732371d4681f819a7aac559bc3
                                                                                                                                                  • Instruction ID: e4560d9b8d7a6772098eb5752df8b6097ee4671fae2fcf6e602522a353b5e87b
                                                                                                                                                  • Opcode Fuzzy Hash: dd9c7a77876f7c6a912d1971a51db7e5164d5c732371d4681f819a7aac559bc3
                                                                                                                                                  • Instruction Fuzzy Hash: 4621F271604205DFCB14DF24D9C4B26BF65FB89318F20C569E94B4B696C33AD807CA62
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C6E73 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4ca3e67ad8869f6a3d0bea1bd4a497fb504e78976f3b846b051e163a02eadf89
                                                                                                                                                  • Instruction ID: 39a7ca778fdbb5c857081c88a44a732dfc9d4cfa179fd7f3b60c6ec91832fedd
                                                                                                                                                  • Opcode Fuzzy Hash: 4ca3e67ad8869f6a3d0bea1bd4a497fb504e78976f3b846b051e163a02eadf89
                                                                                                                                                  • Instruction Fuzzy Hash: 751149A360C2D46FDB624B9A6C608FB7FFCEA8E225709009BF9C4C6143D419CA12D771
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C8A8C Relevance: .1, Instructions: 62COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ca9a818656c7a91f0749dc8b434910c3f9cad7bfee5aea0418b85f87d4350928
                                                                                                                                                  • Instruction ID: 5d86de1f39642935d76a7ecf85235d6ac9b5a985e6c684d07b4186b03686a27f
                                                                                                                                                  • Opcode Fuzzy Hash: ca9a818656c7a91f0749dc8b434910c3f9cad7bfee5aea0418b85f87d4350928
                                                                                                                                                  • Instruction Fuzzy Hash: 5B21F3B1D40248DFDB54CFA9C894B9EBFF9AF48310F14842AE409AB250DB749946CB94
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00CAD005 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2157872223.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_cad000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: fcedfef530252ad162394041ac3712d858f290e697791c263d186655efb4ff60
                                                                                                                                                  • Instruction ID: d0cc208c91d0600a129be518fa982881806770f294ca815bb6d2a14f86c67351
                                                                                                                                                  • Opcode Fuzzy Hash: fcedfef530252ad162394041ac3712d858f290e697791c263d186655efb4ff60
                                                                                                                                                  • Instruction Fuzzy Hash: 532165755093C08FDB12CF24D594715BF71EB46314F28C5DAD84A8F6A7C33A990ACB62
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CBC5F Relevance: .1, Instructions: 60COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c57491119da06c011dd7d05b7599da821594d80027be6d33b93c12448bec7469
                                                                                                                                                  • Instruction ID: 5585978639348013017709750bf82c4da707ceaf1fa76f108fa47dc7dd509fe9
                                                                                                                                                  • Opcode Fuzzy Hash: c57491119da06c011dd7d05b7599da821594d80027be6d33b93c12448bec7469
                                                                                                                                                  • Instruction Fuzzy Hash: 3A11E5312002045FCE8D6774F8559BE7BAFFFC22507441429E1078BA90CEA4AD0A97A5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C9D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2157832673.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_c9d000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                  • Instruction ID: 170007338b27a706eddf212543aa28f7e63a385e5520b51c9a6617b898405b49
                                                                                                                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                  • Instruction Fuzzy Hash: 33112672404240CFCF02CF00D5C4B16BF71FB94324F24C6A9D90A1B256C33AE95ACBA2
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CC499 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3cbcf57b0c7abd00b4207ed91ba5081071ac2d85f95529e566c97cbff3924d62
                                                                                                                                                  • Instruction ID: 5cbb951888b882518ce0200b4d92df5fc9eaac791fac9c942e7652463ada69be
                                                                                                                                                  • Opcode Fuzzy Hash: 3cbcf57b0c7abd00b4207ed91ba5081071ac2d85f95529e566c97cbff3924d62
                                                                                                                                                  • Instruction Fuzzy Hash: 8F01E5302047044FD729AF35E40856E3BE7EFC9311B108629D0468BA45CFB4990EDBE1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C8350 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: cf4ed659bbfd43754c2fb76200ae69b668828c0af0a406fb6e1da35ebe931c29
                                                                                                                                                  • Instruction ID: 49ea8bb16c16c60a30ee61ff92439c6393bf2d7607b0b4ee352123bec7fabcc9
                                                                                                                                                  • Opcode Fuzzy Hash: cf4ed659bbfd43754c2fb76200ae69b668828c0af0a406fb6e1da35ebe931c29
                                                                                                                                                  • Instruction Fuzzy Hash: 92018471B001199FDF10DEA9EC44ABFBBFAEBC4261B14813AE514D3240EB359D1587A5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C54F8 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6c5cfe35932657633ea55efc1210ba088eee26e8c52289e9fee18001f5874e3a
                                                                                                                                                  • Instruction ID: 1384568a2f2babf4f2567c2b1681590aa7c3922c14e8c6ab7fff8c2286e22feb
                                                                                                                                                  • Opcode Fuzzy Hash: 6c5cfe35932657633ea55efc1210ba088eee26e8c52289e9fee18001f5874e3a
                                                                                                                                                  • Instruction Fuzzy Hash: A301F538A41701CFDBAA8B36A92416B7BF3FF84224704882CD04386525DA34F495CB40
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CBC70 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 638087846f00a71652676d42f12455d23953e2fde0f26559d493165bbc8c55fe
                                                                                                                                                  • Instruction ID: e2d9ab66360e37a92fecf15ccf0b97b27434b8d251c4d147ec733dbc4c8ca512
                                                                                                                                                  • Opcode Fuzzy Hash: 638087846f00a71652676d42f12455d23953e2fde0f26559d493165bbc8c55fe
                                                                                                                                                  • Instruction Fuzzy Hash: 4101B1312001054B8E8CA778E55992E7BEBFFC02507445828E1078B694DEF4BD5EA795
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CE8B0 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ff6e43e3b1eecc85e5a049488df73f2de7ee9adfb714497e1b33a7bc7d7d6d9d
                                                                                                                                                  • Instruction ID: 86d59e1ee60cf6f8ab6a2d0325ca4a93fb7693cc6804d8ee636615d868a8bee9
                                                                                                                                                  • Opcode Fuzzy Hash: ff6e43e3b1eecc85e5a049488df73f2de7ee9adfb714497e1b33a7bc7d7d6d9d
                                                                                                                                                  • Instruction Fuzzy Hash: 9001D634609348AFCB059F74DC14CAA7FBEEF86310B1484E9E505CB662DA32DD05D791
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C9DAC5 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2157832673.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_c9d000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6ce1e72968ce03b441b512f65f49cfff1a71753529826732af982ed31603f6c5
                                                                                                                                                  • Instruction ID: 5a2cdceff73955f1a9025e025df11603d95f4ad1a8f0028ae4bd9df5c453477e
                                                                                                                                                  • Opcode Fuzzy Hash: 6ce1e72968ce03b441b512f65f49cfff1a71753529826732af982ed31603f6c5
                                                                                                                                                  • Instruction Fuzzy Hash: 99012B31004340DBEB208A1ACDC8B67FFDCEF55320F18C46AED1A2A286C6799C00DA71
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CC4A8 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 88a6d310f9e21930d0a698978dbd41a1079009d1862ae981f53cbf9c1ba76bc6
                                                                                                                                                  • Instruction ID: 41c0d0133656c8ea766073f5da778c035fb34069f4908d755951b1a8e65702f4
                                                                                                                                                  • Opcode Fuzzy Hash: 88a6d310f9e21930d0a698978dbd41a1079009d1862ae981f53cbf9c1ba76bc6
                                                                                                                                                  • Instruction Fuzzy Hash: 930192306006058FD728AF75E00866E7BE7EFC8315B108A28D14A8B748CFB4E90EDB91
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CC170 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1a67bbdc0734677f1373953eabc1b53e86a51bfed4a85ce22290b92cabbf8a02
                                                                                                                                                  • Instruction ID: 4c56f9d9b35756a1093411642c2a38748575328d250d2558f28eb34061aeb605
                                                                                                                                                  • Opcode Fuzzy Hash: 1a67bbdc0734677f1373953eabc1b53e86a51bfed4a85ce22290b92cabbf8a02
                                                                                                                                                  • Instruction Fuzzy Hash: 5E01D131505B04AFD725EF22E8094A6BFFAFB49350700C61AE48A8AA14CB70A54DCFD5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C8F50 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 62a8fe94196c024c8f44bc66d63d32dcbac9ae52e4220af265116f8be12ce744
                                                                                                                                                  • Instruction ID: ad11d43d17a39798ab791e81ff06b239b84c0cd0b347c1dc27a56f1afa4be9b4
                                                                                                                                                  • Opcode Fuzzy Hash: 62a8fe94196c024c8f44bc66d63d32dcbac9ae52e4220af265116f8be12ce744
                                                                                                                                                  • Instruction Fuzzy Hash: C80100B4D4420AEFCB44DFA8D9446EEBFF1BB48311F1080AA9814A3350E7740A41CF90
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CADE9 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5eb3846ac41c8a3502cf438df722979e53ca106ea9ccd23ce670525eb0b9b90a
                                                                                                                                                  • Instruction ID: e3d94c591e634282015e7d8369aae2b55ba1f5620b639ab6f6fb9742a0d96664
                                                                                                                                                  • Opcode Fuzzy Hash: 5eb3846ac41c8a3502cf438df722979e53ca106ea9ccd23ce670525eb0b9b90a
                                                                                                                                                  • Instruction Fuzzy Hash: 4AF02E312051507FC7202769AC59EEF7FDEEFC6760B040069F14AC3243CA651C0883B5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CACB8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4999d1dccb9bd313a59dff2f3177e951935275d572c01e741d2a2f59a74cdd2b
                                                                                                                                                  • Instruction ID: d40755821db6f3d7bd83638cbcb0c228ed80aa6073a9d58688fe28ebc8909eb1
                                                                                                                                                  • Opcode Fuzzy Hash: 4999d1dccb9bd313a59dff2f3177e951935275d572c01e741d2a2f59a74cdd2b
                                                                                                                                                  • Instruction Fuzzy Hash: 47F059B13092B41FC71617386C184AE3FADD9C6AA130404DEE182C7251DB444906D3E5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C9DAC4 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2157832673.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_c9d000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2022a5fd42ff69905a37975b422deece32283af1cadee9cae0329ea3d88b3338
                                                                                                                                                  • Instruction ID: 6fa5b606cebb8233d20435a05244cb313381ccc5a45d0bedc0ba3e457c99e9b3
                                                                                                                                                  • Opcode Fuzzy Hash: 2022a5fd42ff69905a37975b422deece32283af1cadee9cae0329ea3d88b3338
                                                                                                                                                  • Instruction Fuzzy Hash: A1F0C272004344ABEB208E06CCC8B62FFA8EF61334F18C45AED491A286C2799844CA70
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CC110 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6e97c7d971690f9d6041d8e0426f7dc386da0dacf28e5a396808812d4e90f2f1
                                                                                                                                                  • Instruction ID: 5695e6f99ce04936c31f16f3a8573cfa47025257c21e8f7017db4e71c639d321
                                                                                                                                                  • Opcode Fuzzy Hash: 6e97c7d971690f9d6041d8e0426f7dc386da0dacf28e5a396808812d4e90f2f1
                                                                                                                                                  • Instruction Fuzzy Hash: B4F0F6311097E05FC7269729F819ADB3FEADF82214B04045AE146CB652CBA55908C7A1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C6EA0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f5edfbbb3b2db907656c153f36c6786d8a4b441166a1b1df7ad1c1ff119f2420
                                                                                                                                                  • Instruction ID: 0e9ab8f4f0c55ee8aff249cf2d65ec25e5cfaa2fbd28446d467edafba89333f1
                                                                                                                                                  • Opcode Fuzzy Hash: f5edfbbb3b2db907656c153f36c6786d8a4b441166a1b1df7ad1c1ff119f2420
                                                                                                                                                  • Instruction Fuzzy Hash: A0F012622041E83F8B515E9B5C14CFB7FEDDA8E2657084156FE98D2242C429CD21ABB0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C8F43 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 513b5f5ef5848c1ef890c5af5e868a2946a244f822e25379369227f44f5b1651
                                                                                                                                                  • Instruction ID: 2b7565c3f667c69c439219bf33bade3dfa37464b2de53ec5dd28b62db9d5437f
                                                                                                                                                  • Opcode Fuzzy Hash: 513b5f5ef5848c1ef890c5af5e868a2946a244f822e25379369227f44f5b1651
                                                                                                                                                  • Instruction Fuzzy Hash: FC018BB4D4828ADFCB45CFA4D5486EDBFB1FB4A324F10819EE851A7392D7740A42CB94
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C8FC0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 975bdb6b28f8ccc280796cc2f69afc1e9e3ca4b1497ab26f08936b60b79f6786
                                                                                                                                                  • Instruction ID: 325b8a5e2f792d938aa9a9ad29398441bab99198e07da3ce31fcf9cdce6a4ffb
                                                                                                                                                  • Opcode Fuzzy Hash: 975bdb6b28f8ccc280796cc2f69afc1e9e3ca4b1497ab26f08936b60b79f6786
                                                                                                                                                  • Instruction Fuzzy Hash: DEF0CDB0C49159EFDB40CFA0C8145BDBFB0EF5A311F0081DAE806E7361E2398A42DB40
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CAC60 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0a982bd689fe80298ba5d5fa605c57c7c952d6e19daa7fefc5f4651fac591d63
                                                                                                                                                  • Instruction ID: b172397713abbba2094b4f48e696fb9d52b32e5d112323c5558dd3f20570aa30
                                                                                                                                                  • Opcode Fuzzy Hash: 0a982bd689fe80298ba5d5fa605c57c7c952d6e19daa7fefc5f4651fac591d63
                                                                                                                                                  • Instruction Fuzzy Hash: 84F0A7712082F41FC61717386C248EE3F6EDEC6565704009BE185C7293DE550E09D7E9
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C8341 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1e2168888f0f8ff20f8c9e5e1b8aaa4a30d65bd162322f317b0300d46b3599ec
                                                                                                                                                  • Instruction ID: b74935fc88cd531672ec12f219fb4ef92b691ae0b92ab4a6aee4e0676715df0f
                                                                                                                                                  • Opcode Fuzzy Hash: 1e2168888f0f8ff20f8c9e5e1b8aaa4a30d65bd162322f317b0300d46b3599ec
                                                                                                                                                  • Instruction Fuzzy Hash: 3EF0A071F101198FCB519BA8A8445BE7BBAEB88262B08413BDA24C3280EB348815CB58
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C5508 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 46a896d6b0a090e7ab0eef5922619ab7ea6b6e99afc331cb40636903627ac53b
                                                                                                                                                  • Instruction ID: 19e483a724f255e70d80f359f19f66309e06eb63ae2a201cd31346cfe6cb14ec
                                                                                                                                                  • Opcode Fuzzy Hash: 46a896d6b0a090e7ab0eef5922619ab7ea6b6e99afc331cb40636903627ac53b
                                                                                                                                                  • Instruction Fuzzy Hash: 6BF0A734640711CFD7A6CF16DD1096BBBFAFF80224B44882CD04246A14DBB5F495CB80
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CADF8 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 09d9d7b8038a4f3c71714be46674210ba0ed6b8338bfd843b2c5007630dae328
                                                                                                                                                  • Instruction ID: ec7456384412258b24d116c5bec57d362fb4a1611679407ab1d05d63e8163b91
                                                                                                                                                  • Opcode Fuzzy Hash: 09d9d7b8038a4f3c71714be46674210ba0ed6b8338bfd843b2c5007630dae328
                                                                                                                                                  • Instruction Fuzzy Hash: DCE012312001116BCB146B9AA44DA9E7BDEEBC9B61B40452DF20EC3342DBA55C0997A9
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CC180 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 98019ec210b98b3d3ae0a4b560f4e1c2a4472f0678fdf88d2bddd5fba7feb5cd
                                                                                                                                                  • Instruction ID: ef4af01bcf97e8d701d190ff0840e109699a2300764dad67c2edf7d9b550a015
                                                                                                                                                  • Opcode Fuzzy Hash: 98019ec210b98b3d3ae0a4b560f4e1c2a4472f0678fdf88d2bddd5fba7feb5cd
                                                                                                                                                  • Instruction Fuzzy Hash: FBF09034500B058FDB29DF26E408516BBF6FB8C300B00C62EE48B86B14DBB0A509CF84
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CCC38 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9e50ed85f07d5418e6f1425b814f2dcbad638c0e94fd20f06a3b9632d826afb6
                                                                                                                                                  • Instruction ID: 94837d0042ce9da39cc5d8e7aebbdec52740be5b3d7d546c972bf09ec720a45f
                                                                                                                                                  • Opcode Fuzzy Hash: 9e50ed85f07d5418e6f1425b814f2dcbad638c0e94fd20f06a3b9632d826afb6
                                                                                                                                                  • Instruction Fuzzy Hash: 8AE0D8322032505FCA01BA25F8819DA3F75DBC3631B018166E109C7A09C639091E8BE2
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CB500 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a14ea8d1397261fd060dc5143b6c8e3fddb6eb6b29fca107cbf208bba429cadd
                                                                                                                                                  • Instruction ID: 0cd12f822954d0156976144626a15a359c5febcb7a4c5a128b74ea21d88b0144
                                                                                                                                                  • Opcode Fuzzy Hash: a14ea8d1397261fd060dc5143b6c8e3fddb6eb6b29fca107cbf208bba429cadd
                                                                                                                                                  • Instruction Fuzzy Hash: 6DF03975D0120CBFCF11EFB4E9488CEBFB9EB44240F1042A6E809E7240EA305B89DB91
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C5698 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8dd04eb8e3bf13f3305a125ca2a4152f0a4428e8bf70a8189c33f30bb1d4ca90
                                                                                                                                                  • Instruction ID: 3a46e1a3be8c966d6e1e7fbaf9aa18c10845efe721f0668258089436e67c6d9a
                                                                                                                                                  • Opcode Fuzzy Hash: 8dd04eb8e3bf13f3305a125ca2a4152f0a4428e8bf70a8189c33f30bb1d4ca90
                                                                                                                                                  • Instruction Fuzzy Hash: 1BE06DB220C2009FC345DB24E80089ABBE8EF95320B02C87EE481C7141E731E841C755
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CC120 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8353a79af3ca6fcc777155d112db460cb736019ddbe496e2c7c40baed08c7af7
                                                                                                                                                  • Instruction ID: 64847fd651c6c6b83d507131a52df4d0064d92d7eed8741f800de4e05af3e0a9
                                                                                                                                                  • Opcode Fuzzy Hash: 8353a79af3ca6fcc777155d112db460cb736019ddbe496e2c7c40baed08c7af7
                                                                                                                                                  • Instruction Fuzzy Hash: 59E0E531200B504FCB24A72DF408B9E7BEADFC5304F04042DE246CB701CBB5AC098795
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CCE88 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d630d01b5f9475cb3d8e447adc7eea159ecb5c7cf9003ff49d2e30040bf33359
                                                                                                                                                  • Instruction ID: 54caafe932ea0e0eddb43a95173149f948c67dac6a838c2113cd37d16261a6f0
                                                                                                                                                  • Opcode Fuzzy Hash: d630d01b5f9475cb3d8e447adc7eea159ecb5c7cf9003ff49d2e30040bf33359
                                                                                                                                                  • Instruction Fuzzy Hash: 58E0D830007391BFCB46B320F4459DA3FB8DB832307018055E84A8B909C6384E45C7E1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CE8F8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 93826366fff7be42d3958680d23538f75e2d49d0d9fda96991d9584a5c72117c
                                                                                                                                                  • Instruction ID: 1ca7d2606ff58c7f46b1f16a673ef8786bd7f9b737b1121e0fa08eddaacffde5
                                                                                                                                                  • Opcode Fuzzy Hash: 93826366fff7be42d3958680d23538f75e2d49d0d9fda96991d9584a5c72117c
                                                                                                                                                  • Instruction Fuzzy Hash: BAE0EC3A116244BFC7029A55DC41CE63F7DEF4A6603044086F5418F972C6229D21DBB1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CE1FF Relevance: .0, Instructions: 22COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 98f04427a2dadbde3f11fc850c72811a4dd503a7d7d08e0a4b7ef05181eb4c26
                                                                                                                                                  • Instruction ID: eb14792e2fc544eca963321c523d3088fed8ecdc9cd8cd0e77915c6f8880e5d6
                                                                                                                                                  • Opcode Fuzzy Hash: 98f04427a2dadbde3f11fc850c72811a4dd503a7d7d08e0a4b7ef05181eb4c26
                                                                                                                                                  • Instruction Fuzzy Hash: 4AE0DFB1A49344FFCF05DF64ED419AE7BB5DBC2200B2041DAE809DB292D6704F24D791
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CE280 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3ecc149da088b63fe266b9ac1af79c4420c2bb87a48aee822210e22f64bd40d1
                                                                                                                                                  • Instruction ID: 7edfecf8cfc895a1e19c89b6def4716625f6446dafc960bc209bb9b1b8694ce8
                                                                                                                                                  • Opcode Fuzzy Hash: 3ecc149da088b63fe266b9ac1af79c4420c2bb87a48aee822210e22f64bd40d1
                                                                                                                                                  • Instruction Fuzzy Hash: 6BE0D8304027128BC725F714FDC6A557BF5E78A710B018019D8430B5A9C7B81A59CBD5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CAC80 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9151b5f6dbb51e3f8c049cee2b8ad0c6fc822c7570530f54606ece00362209b2
                                                                                                                                                  • Instruction ID: 00f0fe7d3571eb4d3e1d6f7155776c3c072f741f0172114c2a291a7ca508023c
                                                                                                                                                  • Opcode Fuzzy Hash: 9151b5f6dbb51e3f8c049cee2b8ad0c6fc822c7570530f54606ece00362209b2
                                                                                                                                                  • Instruction Fuzzy Hash: B0D05E71300139578A0A2769F4188AE7BAFEBC5AA2300042AE60BC3340DFA55D0A97D9
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CB510 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 793fcb04f3ffedd591ccd132eea2512667c58cbc197b6d434ca448f5ba37a8d6
                                                                                                                                                  • Instruction ID: fa668146812b47af3233c2353d25088f7d0ffbcbc0adf01573b4d3b87b02971b
                                                                                                                                                  • Opcode Fuzzy Hash: 793fcb04f3ffedd591ccd132eea2512667c58cbc197b6d434ca448f5ba37a8d6
                                                                                                                                                  • Instruction Fuzzy Hash: 6DE09A75D0020CEFCF54DFE4D5448DDBBB9EB48200F1082A6D905A3200EB705B55DF80
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CE210 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: dce986a9971b3ce7e66d7571c7c47f0a00e1e95e6abc054d145bd373ab0c405d
                                                                                                                                                  • Instruction ID: b1d94ba9181e529563045521f4ca269839e221a2a5ab0d07f4253d5c23678563
                                                                                                                                                  • Opcode Fuzzy Hash: dce986a9971b3ce7e66d7571c7c47f0a00e1e95e6abc054d145bd373ab0c405d
                                                                                                                                                  • Instruction Fuzzy Hash: 8CD012B1A01208FF8F44DFA8E94195D77B9EB85204B1041A9D409D7200DA715F149790
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CF8EA Relevance: .0, Instructions: 15COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bf2802b074d7e56adb3a4d55575464f4a65b8e9b826dfd34060a8db02cf1e978
                                                                                                                                                  • Instruction ID: c265a2fcefab08c59090f8284f4474a24734d50f60ab4ec156a611ac9ba5fd69
                                                                                                                                                  • Opcode Fuzzy Hash: bf2802b074d7e56adb3a4d55575464f4a65b8e9b826dfd34060a8db02cf1e978
                                                                                                                                                  • Instruction Fuzzy Hash: 8DC012327001201B0A88A66CB0250AD7AD7D3C86E7389402BF60EC3348EEA28C466395
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CDFD1 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d825437ba68b30db26e01977aaf42e00e7eaea76dd4284980b5392c322778a3f
                                                                                                                                                  • Instruction ID: 79680abde4bd039325379431e4c96e417c9d9ea964ac769d6178ec0140165cbd
                                                                                                                                                  • Opcode Fuzzy Hash: d825437ba68b30db26e01977aaf42e00e7eaea76dd4284980b5392c322778a3f
                                                                                                                                                  • Instruction Fuzzy Hash: C3C09B7155B7D05EDF0617749C0D8C53F169F5277171640C7E3458E063D5614049CFD1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 060C6FE8 Relevance: .8, Instructions: 783COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4c08c2c55d451eeaf4f90e2edf142a3c27925dc0edbe6ed5ff2b16c9bce5c2f9
                                                                                                                                                  • Instruction ID: 61277bc398c953a682fe0cfbc96fccd9072d24e6346e87fda6b0d9c2682d180d
                                                                                                                                                  • Opcode Fuzzy Hash: 4c08c2c55d451eeaf4f90e2edf142a3c27925dc0edbe6ed5ff2b16c9bce5c2f9
                                                                                                                                                  • Instruction Fuzzy Hash: 50622EB06402009FE748DF59D55971A7AEAEF84308F24C45CD00E9F396DBBAED0B8B95
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060C6FF8 Relevance: .8, Instructions: 780COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 447fc63555068e75731939c076d5834a2c29e6530469d3d7a6025d04d57484c5
                                                                                                                                                  • Instruction ID: 3fe5c6549847768de64e6f5278157b5885a2448300a2a2b36b024db756861b92
                                                                                                                                                  • Opcode Fuzzy Hash: 447fc63555068e75731939c076d5834a2c29e6530469d3d7a6025d04d57484c5
                                                                                                                                                  • Instruction Fuzzy Hash: DF621EB06402009FE748DF19D55971A7AEAEF84308F24C55CD00E9F396DBBAED0B8B95
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 04D70040 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2162836889.0000000004D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d70000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 99447ade69f8275c88a7930c90dfa0041433291d68d7b6b60af9eb5b18c98d1d
                                                                                                                                                  • Instruction ID: 058b294f5eccb326182501a332f3c2e54e6d996381f022b3c1e9ec8938b5287f
                                                                                                                                                  • Opcode Fuzzy Hash: 99447ade69f8275c88a7930c90dfa0041433291d68d7b6b60af9eb5b18c98d1d
                                                                                                                                                  • Instruction Fuzzy Hash: 4D1285F8501765AAD310CF65FA4C3893BB2FB95318B904209D2616F2E5DBBD398ACF44
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00F9DC74 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2158117286.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_f90000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 66f8380fecba4393d485f09a21c3000f61b1bfa64b38b0dd639c7fe9ccd663a6
                                                                                                                                                  • Instruction ID: e0061d03d9de9843c9658dd1c0448f0e2ddf293489acda89f899a2e47fede9d2
                                                                                                                                                  • Opcode Fuzzy Hash: 66f8380fecba4393d485f09a21c3000f61b1bfa64b38b0dd639c7fe9ccd663a6
                                                                                                                                                  • Instruction Fuzzy Hash: 5CA17A36E002098FDF05DFB9C98059EB7B2FF84310B25857AE805AB265DB75ED19DB80
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 04D7003F Relevance: .2, Instructions: 217COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2162836889.0000000004D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d70000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d6785dcc2dabfc2f5353d00dd17d29dcb8a16667e958a20373418ea1115f204f
                                                                                                                                                  • Instruction ID: 63c5adbec5e1f1f35ca7f3b2896850bc97bc49acc19b5a1400deae56b78fa568
                                                                                                                                                  • Opcode Fuzzy Hash: d6785dcc2dabfc2f5353d00dd17d29dcb8a16667e958a20373418ea1115f204f
                                                                                                                                                  • Instruction Fuzzy Hash: CFC1EBB8911765ABD710CF65EA483897BB2FB99324F504309D1616B2E4DBBC388ACF44
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CE2C7 Relevance: 46.6, Strings: 37, Instructions: 390COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j
                                                                                                                                                  • API String ID: 0-189579961
                                                                                                                                                  • Opcode ID: 4e88715b47aefe3be8c791509074eded70f82bf6dfd1b17bf62393836c15a433
                                                                                                                                                  • Instruction ID: 9275a0f249ab52f07d3736ef8aa5dcbc3c06d99cbd6f2d42af43276d53d33b4b
                                                                                                                                                  • Opcode Fuzzy Hash: 4e88715b47aefe3be8c791509074eded70f82bf6dfd1b17bf62393836c15a433
                                                                                                                                                  • Instruction Fuzzy Hash: 23D191307006026BD60676B4ED57EBDA657BBCA300B808838D1084FBA9DF796D1E97D6
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CE2D8 Relevance: 46.6, Strings: 37, Instructions: 383COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j
                                                                                                                                                  • API String ID: 0-189579961
                                                                                                                                                  • Opcode ID: f18f742e7da1aab89160582220a2e5ef67083e253380d39de4778bce876cd86b
                                                                                                                                                  • Instruction ID: 9fb07b10823b65366fc01a34c7f72d4dbfe62d81914d34d3b4258dbb258e386e
                                                                                                                                                  • Opcode Fuzzy Hash: f18f742e7da1aab89160582220a2e5ef67083e253380d39de4778bce876cd86b
                                                                                                                                                  • Instruction Fuzzy Hash: 9FD191307006026BD60676B4ED53EBDA657BBCA300B808838D1084FBA9DF796D1E97D6
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CCC7F Relevance: 16.4, Strings: 13, Instructions: 152COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j
                                                                                                                                                  • API String ID: 0-1067073240
                                                                                                                                                  • Opcode ID: 0b3a8f090ab52c5acced4884cabadab4a5e47cdbddc1f5e10a504e721ef2f881
                                                                                                                                                  • Instruction ID: d75dd10bcbd132c8d56cb5ac8c765ff2dbbf61ae0889c781dcb1b2942e185bef
                                                                                                                                                  • Opcode Fuzzy Hash: 0b3a8f090ab52c5acced4884cabadab4a5e47cdbddc1f5e10a504e721ef2f881
                                                                                                                                                  • Instruction Fuzzy Hash: FE41BB313006022BD60676B4D987EBDA657FBCA300B804938D2084FAA9DF796D5983D7
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CCC90 Relevance: 16.4, Strings: 13, Instructions: 143COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j
                                                                                                                                                  • API String ID: 0-1067073240
                                                                                                                                                  • Opcode ID: a5ccc3d738de00f02740c4d586d8eb1f4fe684aaa3ff9cf4072330d25926f54a
                                                                                                                                                  • Instruction ID: fe40f119a9413b58b719a8e943e6dd306f12c8646c1573f32d503f06a489f393
                                                                                                                                                  • Opcode Fuzzy Hash: a5ccc3d738de00f02740c4d586d8eb1f4fe684aaa3ff9cf4072330d25926f54a
                                                                                                                                                  • Instruction Fuzzy Hash: A841A8303006026BD60676B4D987EBDA557FBCA300B808938D2084FAA9DF796D5987DB
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CCED1 Relevance: 10.1, Strings: 8, Instructions: 106COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j
                                                                                                                                                  • API String ID: 0-946470519
                                                                                                                                                  • Opcode ID: 538359dd627d7d384a08ff7232dd5106668e470bc3ebbb1c744f0d86c024754c
                                                                                                                                                  • Instruction ID: 3c66d27aef5e6c0733f2db781ef238e9470af6fe65a0c5168f7b61873b521d1f
                                                                                                                                                  • Opcode Fuzzy Hash: 538359dd627d7d384a08ff7232dd5106668e470bc3ebbb1c744f0d86c024754c
                                                                                                                                                  • Instruction Fuzzy Hash: 6D31AA317402022BD60676B4AD46EBEBA5BFBC6300B804939E1084FA99DF796D4983D7
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CCEE0 Relevance: 10.1, Strings: 8, Instructions: 93COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: D}j$D}j$D}j$D}j$D}j$D}j$D}j$D}j
                                                                                                                                                  • API String ID: 0-946470519
                                                                                                                                                  • Opcode ID: f1c2c7cbe1bae160afc26aef0f47980131c30bbd6f62ca36854833133d01daf6
                                                                                                                                                  • Instruction ID: 618e7ffea95352152bca68cf96e1819bdae9e2fa362fe496dc36aaa8d647d1ca
                                                                                                                                                  • Opcode Fuzzy Hash: f1c2c7cbe1bae160afc26aef0f47980131c30bbd6f62ca36854833133d01daf6
                                                                                                                                                  • Instruction Fuzzy Hash: 65219C317002026BD70576B4ED86EBDA55BFBCA700B804938E10C4FB99CF796D4983D6
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CC968 Relevance: 8.8, Strings: 7, Instructions: 89COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: D}j$D}j$D}j$D}j$D}j$D}j$D}j
                                                                                                                                                  • API String ID: 0-4024041465
                                                                                                                                                  • Opcode ID: 6f638fbbd1cc279676abcf0a473e32d45df4360fcb9d08e8d79b66d50d57dcc3
                                                                                                                                                  • Instruction ID: 0f9f03361a7558982811405f06027331dea7a5be93a04ee07f0356d13ffd58e4
                                                                                                                                                  • Opcode Fuzzy Hash: 6f638fbbd1cc279676abcf0a473e32d45df4360fcb9d08e8d79b66d50d57dcc3
                                                                                                                                                  • Instruction Fuzzy Hash: 203175303006866BCB063BA4ED569BD7B56FBC63007404538E5098FAA5CF755E4FC781
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CC978 Relevance: 8.8, Strings: 7, Instructions: 83COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: D}j$D}j$D}j$D}j$D}j$D}j$D}j
                                                                                                                                                  • API String ID: 0-4024041465
                                                                                                                                                  • Opcode ID: 0606b0b5bde511a5357fa79c10bb409d68de39e5955e6cda0e2d1a89b83394f4
                                                                                                                                                  • Instruction ID: 51b4e6fdcf4cc8e943ac7f39211fc29d5621d8714ade970c18f7104f18ef1e1e
                                                                                                                                                  • Opcode Fuzzy Hash: 0606b0b5bde511a5357fa79c10bb409d68de39e5955e6cda0e2d1a89b83394f4
                                                                                                                                                  • Instruction Fuzzy Hash: A12165303006476BCB053BA4E95697D775BFBCA3007804538E5098F6A9DF755E4F8786
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CD538 Relevance: 7.6, Strings: 6, Instructions: 84COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: D}j$D}j$D}j$D}j$D}j$D}j
                                                                                                                                                  • API String ID: 0-1173771127
                                                                                                                                                  • Opcode ID: d8560a6558dedb9d262f8124c1ccce6061205e7f9696980428f85fc8455e8cd8
                                                                                                                                                  • Instruction ID: 1feb77d485c93d6b2f6cf84839a09d0f86321e0d3ed7225d3b83ac29e6d10819
                                                                                                                                                  • Opcode Fuzzy Hash: d8560a6558dedb9d262f8124c1ccce6061205e7f9696980428f85fc8455e8cd8
                                                                                                                                                  • Instruction Fuzzy Hash: FA212B303002012BD60676A5E842EBEBA5BFBC7700B808539E1084FA99CF7A5D4D83E7
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CD548 Relevance: 7.6, Strings: 6, Instructions: 73COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: D}j$D}j$D}j$D}j$D}j$D}j
                                                                                                                                                  • API String ID: 0-1173771127
                                                                                                                                                  • Opcode ID: 48e58b21dc0d3994f67c6bb6b48ac724a015b6a2034e75150093eb2ad6d786b8
                                                                                                                                                  • Instruction ID: 2ece325c076e51c0860afcc6df2265798ce6340e62656b2f895c4b88650ac1dd
                                                                                                                                                  • Opcode Fuzzy Hash: 48e58b21dc0d3994f67c6bb6b48ac724a015b6a2034e75150093eb2ad6d786b8
                                                                                                                                                  • Instruction Fuzzy Hash: 4711AB317002012BD60676A5E992EBDA65BFBCA704B808938D1084FA99CF766D5983D7
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 060CED10 Relevance: 5.2, Strings: 4, Instructions: 243COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2163513316.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_60c0000_G4jZEW68K1.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: (_jq$(_jq$(_jq$(_jq
                                                                                                                                                  • API String ID: 0-437935255
                                                                                                                                                  • Opcode ID: d24ffd158791db8312d7df2a3dd1f1121e1b2ecda48505420f48941ffffd05f8
                                                                                                                                                  • Instruction ID: f8e7484a8c25ced31489a5624bad88217530ff688432f11f09abea8503ae95b9
                                                                                                                                                  • Opcode Fuzzy Hash: d24ffd158791db8312d7df2a3dd1f1121e1b2ecda48505420f48941ffffd05f8
                                                                                                                                                  • Instruction Fuzzy Hash: 3B91BC34A44344AFDB459F68C4146AE7FB2EF86310F1484AEE806DB381DA35DE06CB91
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%